Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gave remote access to a "Microsoft tech support" am I safe?


  • Please log in to reply
7 replies to this topic

#1 Echoewilson

Echoewilson

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 17 November 2016 - 04:51 PM

I got a pop up that was loud and wouldn't let me close it saying, "your computer has been infected call Microsoft" and I did because I turned it off and it was still yelling st me when I turned it back on. I gave the tech remote access and he said I had a tiny something trojan virus. Well I didn't fall for paying, got off the phone, held power button down and turned computer off. Am able to use it fine now with no more warning but am I safe after giving the remote access? I was on the phone for about 30 mins while he was going around to different areas in my computer telling me what all of the "problems" were.


Edited by Chris Cosgrove, 17 November 2016 - 06:29 PM.
Moved from 'General Security' to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 daveydoom

daveydoom

  • Security Colleague
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:03:58 AM

Posted 17 November 2016 - 05:19 PM

It wasn't Microsoft, it was a scam.   I suggest you have a look here and create a new post asking for assistance to ensure your computer has not been compromised :) .


Edited by daveydoom, 17 November 2016 - 05:22 PM.

"A computer beat me in chess, but it was no match when it came to kickboxing"
-Emo Philips

unite_final.png


#3 rp88

rp88

  • Members
  • 3,081 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 17 November 2016 - 05:39 PM

Once your current problems, that is IF you were infected during the many seconds (more than long enough for most types of drive-by exploits if one was used), are fixed I can suggest some preventative measures to ensure such pop-ups and such cannot hit you again. I strongly advise starting to use an ad blocker in your browser, many of these nasty things are distributed thesedays by adverts that let them be loaded on the corners of any site that displays adverts from certain ad networks. I also suggest that you try using a script blocker, noscript for firefox is a very good one which I swear by. This will make it even harder for pop-ups and drive-by malware to load than an ad blocker alone will. Running an anti-exploit tool is useful too, malwarebytes anti-exploit is a free one (it has a free version for browsers and a few common software packages and a paid version which covers more programs), this sort of thing won't stop pop-ups but should mean that if they occur they won't be able to spread an infection into your system so easily.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Jaycan

Jaycan

  • Members
  • 461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 17 November 2016 - 06:04 PM

Hello and Welcome.

>> what all of the "problems" were. << This is the "scam version.  Unless You called a person to help you, there is no way they (M/soft) will ever contact you.

These scams are developing at a great rate, and it is often simple to disinfect your system.

 

Do you have an active Antivirus operating and do you keep Malwarebytes Anti-Malware on your computer ??

As daveydoom is a recognized Security Colleague we may try this via Am I infected? What do I do? as I requested it to be moved.

 

You can follow rp88  once this is finished. You are lucky to have a good team willing to help you...

 

Please take your time, try to do the steps in the posted order, and read the (generally) simple directions. Ask if you are not sure of any item.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue, this only checks Internet and related services.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:


  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

 

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

 

If you already have MBAM 2.0 installed:

 

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

 

(Copy to clipboard for pasting into forum replies or tickets)

 

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.


  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

NOTES : FOR NOTEPAD POSTS: Do NOT wrap your logs in "quote" or "code" brackets. Untick at the start under "Format".
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

 

Thank You -


Edited by Jaycan, 18 November 2016 - 01:39 AM.


Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:58 AM

Posted 17 November 2016 - 07:50 PM

daveydoom is a trusted Security Colleague and was correct in calling this a scam...see Beware of Phony Emails & Tech Support Scams

Since this topic was original posted in the General Security forum, daveydoom also was correct with providing a link to post in the Am I Infected forum to get help with ensuring the computer was not compromised. However, a Moderator read this topic and moved it to the Am I Infected forum.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Jaycan

Jaycan

  • Members
  • 461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 23 November 2016 - 03:10 AM

Hello Echoewilson

You have not yet replied to any of the diagnostics, do you need help with any of these at all ?

 

We are all willing to help you, if you please reply to us.

 

Thanks ..



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#7 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 23 November 2016 - 10:46 AM

Definitely fake. However you did give him remote access so I'd say a check of your PC should be done. Do you know what Remote support software he used to connect to your computer? This can determine a lot as far as what he could have done without our knowledge.



#8 RS-23

RS-23

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 13 May 2017 - 10:59 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/17
Scan Time: 8:36 PM
Log File: summary.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1935
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mumsy-PC\Mumsy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291678
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users