Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I totally screwed or can I somehow salvage this computer?


  • Please log in to reply
8 replies to this topic

#1 Tormented_toy

Tormented_toy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona
  • Local time:11:44 PM

Posted 29 June 2016 - 10:02 AM

I purchased for my 79 year old mother a new computer. She was using a net book with Windows 7 on it and the screen was just 2 small. So this arrived at her home 2 days ago.

 

2016 Newest Asus X540LA 15.6" Premium High Performance Laptop PC, Intel i3-5020U Processor, 4GB RAM, 1TB HDD, DVD+/-RW, WIFI, Webcam, HDMI, Windows 10

 

I told her to install teamviewer on the new computer and I will take it from there. Part of the problem here was this new computer came with Windows 10. She does not know anything about it and I have never used 10. Unfortunately I was at work yesterday and she figured she would take it upon herself to set it all up. Fast forward to this morning and here is the story I got.

 

OK I downloaded what I thought was teamviewer, then this big white box popped up and said you have a virus, contact us at this #. So she did. (she told me she thought it was Microsoft) She explained what happened to the nice lady and then gave them permission to access her computer. She said that the computer screen looked like some programing files ran across the screen for about 20 min and when she went back to the phone no one was there. But the box was still there. She contacted her internet provider, Comcast who told her that who ever she talked to were still on her computer. She call the number back telling them to get off her computer and they told her it was going to cast her $50 for them to disconnect.

 

When I hear all this I told her to just shut the computer off and leave it off. (_&^$#^@@) So now I am home, I can't access her computer from my house, (I live in another state) or can I? And if so how and what the hell do I do next?

 

Thanks for any help at all

 

Suzie



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 29 June 2016 - 10:12 AM

If you can guide her to boot the system to safe mode with networking and get back online, they shouldn't be able to get back in without her permission again. If they do somehow have software that allows unattended access in safe mode, then she will need to disconnect from the internet (turn off the Wifi or unplug the Ethernet cable) and uninstall the software before going online again. Most of the time they will use legitimate remote software tha will show up in th Programs list, and can be uninstalled without much hassle. You can then guide her over the phone to the real TeamViewer website and take it from there.

 

P.S. FYI, your topic will probably get moved to a different tech support sub-forum, this area is for help with malware that encrypts files, not tech support scams. :)


Edited by Demonslay335, 29 June 2016 - 10:13 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Tormented_toy

Tormented_toy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona
  • Local time:11:44 PM

Posted 29 June 2016 - 11:05 AM

Thank you so much for your reply. I am just so upset over how people do this kind of stuff just for the hell of it. 

 

How do they gain access to her computer remotely and can I do the same?



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 29 June 2016 - 11:57 AM

They would have guided her to somewhere to run a remote software, just like you would. :)

 

TeamViewer would probably just be the simplest to do as you were planning. I would direct her (in safe mode with networking) to teamviewer.com, and walk her through the download and install. Then, once you get connected, you can take a look at the installed programs for any other remote software or anything installed recently.

 

If "someone" controls her computer while she is trying to get you in, have her disconnect from the internet immediately, and you'll just have to guide her through trying to uninstall the software before getting online again. This is very unlikely to happen, but we don't know what software they were using (we use LogMeIn Rescue at work, and it lets you have unattended access to a machine in safe mode).

 

She probably stumbled across a typo-squatter, which led to the tech support scam, so make sure she spells it correctly. MalwareBytes posted a very excellent blog post about typosquatting lately: https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 saw101

saw101

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great Pacific Northwest
  • Local time:11:44 PM

Posted 29 June 2016 - 04:40 PM

Seeing as how this is a pretty new computer & it's not likely she has much of anything on it in the way of personal files, I'd consider having her do a Factory Recovery. Afterwards you can guide her to the correct TeamViewer download page & provide further assistance. See this Asus page for guidance: http://www.asus.com/support/FAQ/1013065/


Artificial intelligence is no match for natural stupidity.


#6 Tormented_toy

Tormented_toy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona
  • Local time:11:44 PM

Posted 30 June 2016 - 11:40 AM

Thank you all so much. This morning is the morning of truth =) to see if I can guide my 79 year old mother to a factory reset. By the way thanks for the link .



#7 Tormented_toy

Tormented_toy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona
  • Local time:11:44 PM

Posted 02 July 2016 - 08:13 AM

Just a quick follow up. I was able to access her computer and do a factory reset!!! So yeah all was not lost. If just makes me so mad that they can represent themselves as Microsoft and con my mother into giving them access. May they all be filled with static and explode!

 

Thanks for your help

 

Suzie



#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 02 July 2016 - 08:57 AM

Glad to hear things worked out, and I hope your mother learned a valuable lesson. :)

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 AM

Posted 03 July 2016 - 11:51 AM

Be sure to tell your Mom that Microsoft does not contact users via web page messages, phone or email and instruct them to call tech support to fix your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users