Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could I have been infected


  • Please log in to reply
12 replies to this topic

#1 Jackbell2078

Jackbell2078

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 21 October 2016 - 11:49 PM

Recently I fell for a scam where I gave access to my computer by someone posing as a microsoft technician to fix a warning thing coming up on my computer. I cant remember him installing anything and he was only on a short time, when he asked for money when I refused he left but the computer went haywire doing all kinds of weird stuff and it wouldn't let me shut down straight away. Eventually I turned it off and turned it back on again. I downloaded malware bytes and avast antivirus and did complete scans and they both came back all clear. I was still a bit suss so I reset the computer to a an earlier date than the day I was hacked, this reset the computer back to just after I had windows 10 downloaded, everything else was basically gone. Does this bloke still have access to what I am doing, any of my passwords and can he get into any of my android devices. As you can tell I am a bit of an amateur and very green to all this.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 PM

Posted 22 October 2016 - 05:03 AM

Doing the reset would have removed the program used to remote access the computer.

 

Obviously, you now know that criminals are behind the ads and cold calls. This scam is being seen more and more.

 

Unless you are experiencing some problem that adware or malware could cause such as excessive popups, misdirected searches,

excessive use of computer's resources, etc., I would think you are in the clear. You might want to look through your list of installed

programs for recently installed junkware or a program that could be used to remotely access the computer.

 

You can easily do that using CCleaner and clean up the computer using it.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and the date installed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Jackbell2078

Jackbell2078
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 23 October 2016 - 01:43 AM

Thankyou mate, I ran the cleaner and looked at programs installed and nothing on that day I was hacked. Just one last, I have my computer linked to microsoft account and use google chrome which seems to link my android samsung phone and notebook, when he hacked me, assuming he did, could he get into these as google chrome stores my passwords which are obviously the same.

#4 buddy215

buddy215

  • Moderator
  • 13,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 PM

Posted 23 October 2016 - 04:22 AM

I could only guess as to what was viewed on your computer or accessed by the remote connection. In order to view Chrome passwords he

would need to open Chrome and find them. Then copy them one at a time...that's all Chrome allows. There is another way using a piece of malware

or something like ChromePass. All this takes time and you said you were watching and the remote connection was short.

 

I used the info from  How Secure are Your Saved Chrome Browser Passwords?

Worth reading when you have the time.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Jackbell2078

Jackbell2078
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 26 October 2016 - 01:28 AM

Hello again. I was trying to put my microsoft office back on computer after wiping it from a restore point. It came up product key was not active and I rang the microsoft office number (1800 875 269) and a tech was going to help me get it in on, I am not sure who is real anymore but he did seem legit, he showed me on task manager services some stuff had been disabled and said I had most likely been hacked which was true and told me to fix it I need to install a firewall and he could do it for 199.99 (cheapeast option), told him I was running out of time and I would get back to him, like I said he did seem legit but I got no idea, should I trust this one and get him to install it so I can get the office back that I need.

#6 Platypus

Platypus

  • Global Moderator
  • 15,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:38 AM

Posted 26 October 2016 - 01:51 AM

Where did you get that phone number? I can't find it having any relation to Microsoft. Microsoft will not try to sell you a firewall. Is the copy of Office you are installing a normal commercial copy?

Edited by Platypus, 26 October 2016 - 01:52 AM.

Top 5 things that never get done:

1.

#7 Jackbell2078

Jackbell2078
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 26 October 2016 - 02:31 AM

It was a purchased office student and home 2016, when I entered product key 3 numbers came up, 1 for US 1 for another and 1 for Australia. The site was the Microsoft site, www.office/setup something like that, the one used to set up after purchase of office.



#8 Platypus

Platypus

  • Global Moderator
  • 15,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:38 AM

Posted 26 October 2016 - 03:38 AM

I rang the number, it says person not available leave a message. A Microsoft hotline even out of hours should have a Microsoft outgoing message or menu options. The technique of showing some things that are normally inactive as evidence of needing to buy protection is common to the fake Microsoft support scams.

I'd be inclined to try ringing Microsoft Australia on 13 20 58 and explaining your experience, they should be able to determine if that 1800 number is bogus, or otherwise what happened.

When you said "hacked, which was true", does that mean you knew your system had already been compromised? Was that why you went back to the earlier restore point?
Top 5 things that never get done:

1.

#9 Jackbell2078

Jackbell2078
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 26 October 2016 - 03:51 AM

Thanks I will ring that number, yes I was hacked and yes that was why I went to restore point. You can read what happened on my other post topic 'could I have been infected' in which buddy215 was replying. Thanks again.



#10 Platypus

Platypus

  • Global Moderator
  • 15,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:38 AM

Posted 26 October 2016 - 04:41 AM

OK, checked out the other topic, to minimize confusion I have combined them. If the 1800 number turns out to be bogus, it could be that the scam operator was able to "tweak" the Microsoft contact information.

One thing you could try is run Regedit, don't change anything but search for the phone number, in case it appears as a registry key. If it does, or Microsoft say the number is false, that would IMO indicate the system should be assessed for malware.

Edited by Platypus, 26 October 2016 - 05:54 AM.
Merged two related topics

Top 5 things that never get done:

1.

#11 buddy215

buddy215

  • Moderator
  • 13,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 PM

Posted 26 October 2016 - 06:17 AM

To add to what Platypus has advised.....

The person offering to sell you a firewall is a criminal.....plain and simply a criminal. If you allowed him to access your computer

there may be a program installed allowing him to do that. Check your list of programs and uninstall it if there.

 

You will find those criminals pretending to be working for almost every popular program when doing searches for help installing or using them.

Always go to the source and then look for FAQ or other assistance from there.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Jackbell2078

Jackbell2078
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 27 October 2016 - 01:51 AM

Thanks again Buddy and Platypus, I rang the real Microsoft 132058 and they confirmed it was that same hacker bloke, pretty persistent and keen to get some money off me. Anyway the Microsoft person cleaned up and checked computer and put word back on, reset my browser. Had a look at installed programs and any downloads and seem to be all good there. It must have been him putting bad malware on computer. My misses does all banking and that sort of stuff from her computer so he probably lucked out getting access to my computer however I believe he did get her email cause ever since the first hack she has had funny emails from banks and stuff(that aren't even our bank) asking to reset account and others with attachments, she hasn't opened any and has deleted them all but I might get her to contact her email provider and get them blocked somehow. Anyway thanks once more you saved me grief and a few hundred bucks.

#13 buddy215

buddy215

  • Moderator
  • 13,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 PM

Posted 27 October 2016 - 10:31 AM

Most if not all email programs/ clients have a way to block and or report spam and phishing attempts. Might be worth your time to look through

the settings of the email provider on what it offers. For instance, in my Hotmail and Outlook accounts I can block spammers by email address. I can

also report emails as spam or phishing attempts which they use to create more effective spam blocking.

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users