Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win10, SafeMode + scammer


  • Please log in to reply
12 replies to this topic

#1 macdoodle

macdoodle

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 02 September 2016 - 09:42 PM

Hello,

A few years back, I had a new laptop and a week later got a call from some 'Microsoft' guy ....long story short> I had never heard about these scammers before. Yes, I was duped, duh! (hard lesson learned).

 

In 24 hours, I realized the error that I had made and performed a successful clean reinstall of Windows 8.1 on my new computer, never having done so before. Not only did I do it once but a week later did it again due to something that appeared unsettling to me at the time. I hoped to wipe out all the malware that the scammer had installed (lots). I even had support through another geek site that had me run all sorts of programs on it and in the end, he said that he could not find any malware on my computer. I also made sure that the Remote Access box was unchecked (found in the Systems page) in order to keep these creeps from accessing my computer without my knowing about it in the future. From time to time, I get nervous about the Remote Access and pull up the box to make sure that it is not checked. My laptop has been running smoothly since then and even upgraded to Windows10.

 

Today, over 2 years later, that “Microsoft” scammer, called me again and said that he was the “Refund Department” and eluded to the exact amount of money it had cost me to obtain their “Lifetime contract”....he wanted to give me my money back...I told him that I didn't believe anything he was saying. Because I wasn't cooperating, besides getting mad and calling me names, he threatened that if I didn't take my money back he would "terminate my computer" (what?!!!). He said that he would terminate all the computers I have but my husband's computer, which was on at the time, is still on with no issues. He said that the next time I turned my computer on, it would be terminated. I turned it off while he was babbling on, in hopes that it was a safe move. He also claimed that “we”, the scammers, are getting inside MY computer everyday (by remote access, I assume but I didn't believe him). I think he was just saying anything to get me to cooperate. Ultimately I hung up on him and he persisted in calling back several times but I did not answer.

 

My questions involving this situation are:

  1. So my computer has been off since this afternoon. I don't have everything backed up, (the recent stuff) and would like to start it in Safe Mode in order to make a backup (that is doable in Safe Mode, isn't it?). How do I start in Safe Mode without booting first to the desk top (and then making some changes and restarting, like I have seen around the net). The next time I start it, I want it to go straight to Safe Mode without internet. I want to make sure the Remote Access box is unchecked, run a Scan with Malwarebytes and backup my drive, all in Safe Mode. Is booting up in Safe Mode a good choice to do under the circumstances?

  2. When a computer starts and comes to the login window, is it safe in that zone? Is it connected to the internet? Has windows started at that point? Or not until I log in??

  3. Regarding Remote Access: Can he still have access to my computer, even though I have that Remote Access box unchecked and since I clean reinstalled WIN8.1 several times plus upgraded to WIN10? Might he still have codes that were used 2 years ago that could allow him into my system? I remember them asking me for some numbers which at this point I don't recall what they were, but right after that the scammers were there on my desktop moving things around...Does reinstalling Windows make for different configurations or numbers?

  4. Can he really terminate my computer at this point despite the precautions that I've taken??

 

FYI: I currently use, the paid version of Anti-Malwarebytes, Malwarebytes Anti-Exploit and Windows Defender + Firewall.

 

As I said, I think he was just saying stuff off the top of his head and probably no longer has access to my computer, although, I just don't know how these things work. I feel more comfortable having someone help me walk through the steps of starting up my computer again, so am keeping the computer off for now and hopefully there is nothing wrong! Thanks for any help!

 

Macdoodle from the School of Hard Knocks

 

 



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:56 PM

Posted 04 September 2016 - 10:05 AM



I remember them asking me for some numbers which at this point I don't recall what they were, but right after that the scammers were there on my desktop moving things around...Does reinstalling Windows make for different configurations or numbers?

 

 I'm guessing this is the conversation you had the first time?

 

If you do not have a check in the box for Allow Remote Assistance connection to this computer they are not going to be able to do anything.  This jerk was trying to bully you into doing what they wanted.  I wouldn't worry about any threats this "person" made.  I also would not worry about using your computer since they couldn't have accessed your computer.

 

You are aware that Microsoft will never call you, you have to call them to speak with them.  Any time you get a phone call from someone telling you that there is a problem with your computer just hang up.  I received one of these calls recently and knew immediately it was a scam.  I immediately asked him what operating system I was using, they tried to side step the question.  There would be no way they would have that information.

 

Edited to add:

 

If you want to be able to boot into Safe Mode you will need to open System Configuration.  To do this Pess the Windows keywindowskey_zps092d5c75.png and the R key at the same time to open the Run box.

 

When the Run box is open type in msconfig, then press Enter.

 

When System Configuration opens click/tap on the Boot tab.

 

Under Boot options click/tap Safe boot, click/tap on Apply, then OK.

 

You will boot into Safe Mode every time you start Windows until you go back to System Configuration and click/tap on Normal startup, Apply, then OK.


Edited by dc3, 04 September 2016 - 10:24 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:56 PM

Posted 05 September 2016 - 08:45 PM

Likely the criminal that called you would of asked for CC info or checking acct info. You were right...you would not got a refund but would have

added charges or your checking acct robbed.

 

You need not worry about the criminal remoting to your computer. You removed any chance of that when you did a clean install of Windows 2 years ago.

 

You don't need to boot into safe mode to perform the backup.

 

I'm assuming you are familiar with creating an entire image of the hdd and you have the program to use....either Windows program or other.

 

my only suggestion is to use CCleaner before creating the image. Along with using the default settings allow it to delete all but the last System Restore

Point. Simply choose to do that in the list on the left. It will by default not delete the last good Restore point.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


Edited by buddy215, 05 September 2016 - 08:51 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 macdoodle

macdoodle
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 September 2016 - 11:34 PM

Thank you, dc3 for responding. It encouraged me to know that all would be okay if the Remote Access box was unchecked along with the instructions on opening Safe Mode, which is one way of getting there.  I got a fortune in my cookie that said "You will be a lion in your own cause." So, I took the bull by the horns and here is what I did and the outcome.

I spent a lot of time researching my issues on my husband's computer over the weekend.  This morning, I unplugged the Wifi/router, powered up my computer and much to my surprise found the power button icon in the lower right corner of the log-in/Lock screen.  I didn't think it was there because I had learned that Win10 did not come with this by default unless I set it that way, which I hadn't (maybe one of the Windows updates fixed that and I just hadn't noticed).  I followed through with what I had learned by holding SHIFT key down and by clicking the power button you could work your way from this screen to Safe Mode.  I proceeded to do that and 3 options came up> I chose RESTART and the computer screens went through a series of changes and ultimately returned to the log-in screen! I had also learned that sometimes the procedure needed to be done a few more times to catch and so I did it again and it worked!! I landed at the blue screen where I could choose TROUBLESHOOT>ADVANCED>STARTUP SETTINGS>RESTART and then there were choices including several Safe Modes. I chose #4, plain old Safe Mode w/o network connection. It took a while but eventually my Desktop came up with everything blackened in the back ground and somewhere it said Safe Mode! YAY!

 

I went to the Remote Access box and found it unchecked ...YAY again! I then ran a Full Malwarebytes threat scan and zero infections were found....Triple YAY! I plugged in a new external drive and did a total back up, checked over the results on the drive and SHUTDOWN the computer. My husband had already re-plugged in the Router hours previously so that HE could get on the WiFi but I was able to stay off-line because I was in SAFE MODE.

So, I booted up again and this time easily made my way to the Desktop. Since I had run Malwarebytes with 3 day old data, I updated it and ran it again! Then I noticed in my notifications that my Windows Defender was turned off.  I went to the tab to turn it on and clicked the button several times and it acted like it was updating but in the end, it showed the update was 9/2!  The box said that it had a problem updating  because other processes were running.  Malwarebytes was still scanning.  So I minimized the WinDef window and went off to do something else.  When I returned, MB was done and WinDef's specs showed that it had updated to 9/5!! So I picked a Full scan and it took close to 4 hours.  It seemed to list more files than MB seemed to scan.  The results weren't there (or I couldn't figure out where they were) about what infections it may have found, so I take it that there was no problem.  I rebooted again and everything seems to be perfect....all is normal again! SIGH OF RELIEF!!!!

BTW: that fake "Microsoft tech" tried to call again today, about 3 times in a row...I didn't answer....he used the same phone number and it started with a 700.  I plugged the number into a site that checks for bogus numbers and it said that 700 was an invalid area code....a word of advise to anyone reading this:  if you see a 700 number, don't answer it....and furthermore, if he calls from another number and you HAPPEN to answer it, JUST HANG UP!!!  As tempting as it is to tell him off,  I WILL never AGAIN, engage in ANY discussion with this person...even tho he didn't do anything bad to my computer, he managed to make me waste time fretting over it for 3 days and causing me to lose productive time.....so all he'll ever hear from me again is...... CLICK!!!!
 



#5 macdoodle

macdoodle
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 September 2016 - 11:41 PM

Thank you buddy215 for your post.  Actually, all the backups that I have done is by copying everything to another drive.  I have never performed "an entire image of the hdd"  I've heard about them but never done them and I'm not sure how to go about it or what program to use (yeah, and I've actually reinstalled Windows!). I guess I was always more interested in saving my data and figured if I had to start over with windows or buy another computer, my data was most important....I have heard that it is a snap shot of my computer...wasn't to sure that I was saving my data (lots of photos and videos). I'm also not sure how much space I need to do this.  Does it take less space than the 1T that I have? My data took up 750 gb on the external drive (yeah, I know I need to move some off). Would saving an entire image take the same amount, more or less? would I need yet another external drive? ...and when you save as an entire image, can I go in and work with one particular image, say a particular file gets corrupt?

I have heard of CCleaner and need to look into that also, thanks for the tips on it!
 



#6 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:56 PM

Posted 06 September 2016 - 07:23 AM

Having an image of the hdd saved makes it much easier and quicker to reinstall Windows as it includes...well...everything that was installed and all data files.

It is compressed...but with the data you have saved it would require something like 500 GB of free space to store it.

 

Windows 10...like 7 and 8...uses a stripped down version of Acronis to create hdd images. Another program often recommended at BC is Macrium Reflect.

 

How to create a system image in Windows 10 - CNET


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:56 PM

Posted 06 September 2016 - 08:16 AM

Just curious.....can you block the number and is it the same number each time? Rules for reporting harassing phome calls and blocking depends on which carrier you use.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:56 PM

Posted 06 September 2016 - 10:41 AM

I'm glad you were able to resolve your issues.  I'm also pleased that you realize that you can now relax and forget this unwanted intrusion in you life.

 

As for cloning your hdd, I have a preference for Macrium Reflect.  If you click/tap on This PC you will see your hdd with the operating system installed on it.  You will see the size of the drive and the amount of free space.  If you subtract the free space from the size of the drive you will have the amount of the drive which has data on it in GBs.

 

You can find a tutorial for using Macrium Reflect here.


Edited by dc3, 06 September 2016 - 10:44 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 macdoodle

macdoodle
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 07 September 2016 - 12:21 PM

Having an image of the hdd saved makes it much easier and quicker to reinstall Windows as it includes...well...everything that was installed and all data files.

It is compressed...but with the data you have saved it would require something like 500 GB of free space to store it.

 

Windows 10...like 7 and 8...uses a stripped down version of Acronis to create hdd images. Another program often recommended at BC is Macrium Reflect.

 

How to create a system image in Windows 10 - CNET

Thanks for the info and the link....I am definitely going to look into this....I'll buy another external drive just for a System Image and still copy things the way I have been so that I can easily target one file if needed.......



#10 macdoodle

macdoodle
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 07 September 2016 - 12:41 PM

Just curious.....can you block the number and is it the same number each time? Rules for reporting harassing phome calls and blocking depends on which carrier you use.

Over the last 2 years, this guy has called at least 3 times that I can think of.  I usually hang up. He has called using different numbers but the last 2 have been on the same number...unusual.  He may have tried to call again yesterday as there was another strange phone number starting with 653-034- didn't answer it of course. One of the past numbers had the area code repeated twice...?  I have a "Reject List" on my phone and put all these numbers on it. I have to first make them a contact and I call them a name starting with the letter z so they all go to the end of my Contacts (ex: zspam-bahamacruise) and from there I can put them on the list. Very rarely is there an attempt with those numbers.  If the spammers have the capacity to keep changing or hiding their numbers, it becomes an ongoing situation.  I may need to get a new phone in the next year and am thinking of changing numbers as well....it won't stop the random callers but it will at least get rid of Mr. Microsoft-tech!!! 



#11 macdoodle

macdoodle
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 07 September 2016 - 12:49 PM

I'm glad you were able to resolve your issues.  I'm also pleased that you realize that you can now relax and forget this unwanted intrusion in you life.

 

As for cloning your hdd, I have a preference for Macrium Reflect.  If you click/tap on This PC you will see your hdd with the operating system installed on it.  You will see the size of the drive and the amount of free space.  If you subtract the free space from the size of the drive you will have the amount of the drive which has data on it in GBs.

 

You can find a tutorial for using Macrium Reflect here.

So it sounds like the System image will be basically the same size as consumed on the computers drive and since my hdd is a 1 T, then I would need a 1t external drive...how often should this image be made? once a week, month? daily?.....and....should this be done on the same external drive erasing the previous image? Thanks for your tips and I will look into Macrium Reflect....



#12 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,366 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:56 PM

Posted 07 September 2016 - 02:38 PM

Your backup hdd only needs to be as big as the files you are backing up.

Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#13 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:56 PM

Posted 07 September 2016 - 02:39 PM

By default...Macrium Reflect will compress the image about 60%.

 

But...I prefer storing pics, etc. either in free email accounts or in external drives, DVDs, etc. That way I can create an image of the hdd that contains only the system files

and program files...little else.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users