Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please give us moneyware...?


  • Please log in to reply
12 replies to this topic

#1 brad1138

brad1138

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 30 April 2016 - 08:48 PM

My father clicked on an email link and got "VIRUS" popups and warnings. The warning told him to call 855-881-4480, a number that claimed to be MS support, when I called it later. He talked to them for 1/2 hour (SMH) They had him hit Windows key+r and enter "www.microsoftconnect.com"( I noticed that all the links on that page, just go back to that page). From there they claimed to have scanned his computer and said his computer had been compromised and that all AVs had been turned off, he could take it to a MS store and they would fix it for $500, but they could do it for 1/2 that amount....

 

When he called me, I had him turn his computer off, and unplug it (unfortunately, he just unplugged the monitor...) When I showed up and booted it, everything seemed fine, I permanently deleted the email then did a quick (Avast) virus scan, and it found no virus, I started a boot scan, but it will take hours and is probably still running. 

 

Is anyone familiar with "microsoftconnect.com" ? I think "connect.microsoft" is a legitamate site, they may be trying to copy it to look legit. He said he was able to see what the person on the phone was doing during the "scan" on his screen, a list of issues came up, he couldn't remember what. He said he could see their mouse pointer moving on his screen. It could have just been a video running that looked like it was "live". The phone number does not come up in Google, which seems weird for a MS support line. 

 

Anyway, anyone familiar with this?

 

Thanks,

Brad


Edited by hamluis, 01 May 2016 - 08:39 AM.
Moved from AII to Gen Sec - Hamluis.


BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:20 AM

Posted 30 April 2016 - 09:07 PM

Yes, unfortunately, he was scammed and scammed good.  Not his fault at all!  These scammers are expert at what they do.  Both Emsisoft and Malwarebytes have anti-malware/anti-spyware scanners and fixers.  Do you have his computer?  Stay tuned, BC malware team will walk you through the series of steps necessary to clean your computer and ensure it's clean.  Since I'm not on the team, I only desired to let your father and you know that this situation is not his fault.  Let the BC team guide you and your father to beat this thing and declare victory when's the cleanin' and rebuildin' [where necessary] is all done   :)


Edited by RolandJS, 30 April 2016 - 09:10 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 brad1138

brad1138
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 30 April 2016 - 09:12 PM

Yes, unfortunately, he was scammed and scammed good.  Not his fault at all!  These scammers are expert at what they do.  Both Emsisoft and Malwarebytes have anti-malware/anti-spyware scanners and fixers.  Do you have his computer?  Stay tuned, BC malware team will walk you through the series of steps necessary to clean your computer and ensure it's clean.  Since I'm not on the team, I only desired to let your father and you know that this all is not his fault.

 

If Avast doesn't find anything, I am going to uninstall it and install Panda and run it, I will also install MWB and run it. He didn't give them any money, he called me as soon as they brought that up, thankfully. Wish he had called me just after clicking the email...

 

I have been wanting to upgrade him to Windows 10, I'll probably just do a clean install for him.


Edited by brad1138, 30 April 2016 - 09:12 PM.


#4 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:20 AM

Posted 30 April 2016 - 11:05 PM

BC team can confirm, however I thought the original OS has be in good working order before an upgrade to W10 can be done.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 brad1138

brad1138
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 30 April 2016 - 11:08 PM

BC team can confirm, however I thought the original OS has be in good working order before an upgrade to W10 can be done.

 It seems to be working fine, but I can reinstall 7, then upgrade to 10 if necessary. I always do a clean install of 10 after upgrading anyway.



#6 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:20 AM

Posted 30 April 2016 - 11:16 PM

As long as malware doesn't interfere with the upgrade process (unlikely) and doesn't interfere with the creation of the install media after you upgrade (even more unlikely, but possible), you should be fine. I would scan the disk preferably from a non-windows OS on a known to be clean PC if you are worried about malware jumping onto the install disk.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#7 brad1138

brad1138
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 30 April 2016 - 11:22 PM

As long as malware doesn't interfere with the upgrade process (unlikely) and doesn't interfere with the creation of the install media after you upgrade (even more unlikely, but possible), you should be fine. I would scan the disk preferably from a non-windows OS on a known to be clean PC if you are worried about malware jumping onto the install disk.

Thanks, I already have the 10 ISO burned to USB (downloadable from MS). I just have to do the upgrade to take advantage of the "free upgrade". Then I can wipe it and install 10 fresh. 



#8 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:20 AM

Posted 30 April 2016 - 11:24 PM

:thumbup2:


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:20 AM

Posted 01 May 2016 - 05:05 AM

Their game plan is usually to get you to subscribe to an overpriced "antivirus solution/tech support" which really is just scam, rather than infect the system. Reinstalling when you upgrade to windows 10 is always a good idea though.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 robby501

robby501

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 01 May 2016 - 05:31 AM

Just sharing my experience here......

I haven't got the tech know-how to help in any way, but I fell victim to something just like this nearly 3 years ago when I was new to computing. My pc ended up being locked down by some guy on the phone from the very moment I switched it on unless I paid a fee. Luckily, I had yet to accumulate any significant amount of meaningful files on my pc since it was brand new at the time so I simply wiped the entire drive (with the assistance of telephone support) and started again. My point is that such scams can be very damaging to the unsuspecting novice user, which I was at the time. My main concern at the happening of such an event would be the installation of a keylogger that may assist a criminal in obtaining banking details and passwords at a later date if the user makes use of such a facility. This is why I made a point of installing the Zemana Anti-logger, a free download that is obtainable on this site. It's also worth pointing out that hardly a week goes by when some guy from MS calls to offer to 'fix' my pc.....always from an international number which appears to be untraceable.


Edited by robby501, 01 May 2016 - 05:48 AM.

Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:20 AM

Posted 01 May 2016 - 05:58 AM

If you have not done so already, you may want to read: Beware of Phony Tech Support Scams
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 01 May 2016 - 07:47 AM

It's also worth pointing out that hardly a week goes by when some guy from MS calls to offer to 'fix' my pc.....always from an international number which appears to be untraceable.

Not once have I ever had such a call.  I wonder why?  I wish they would call me.  I'd have so much fun with them...



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:20 AM

Posted 01 May 2016 - 11:01 AM

In most cases, the calls are random...most likely computer generated and reach only a small percentage of the population. In other cases, where organizations have experienced hacking/security breaches, the calls are more specifically targeted at customers whose data was stolen.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users