Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tech Support MS scam


  • Please log in to reply
11 replies to this topic

#1 tryn2learn

tryn2learn

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 15 December 2016 - 03:23 PM

I am helping a friend who got caught in the Microsoft pop up screen and called the number for help.  He let them get into his machine.  I know have his laptop and have not started it as:

 

#1 - Will it be able to infect my network?

#2 - While on the phone with him, I had him hang up on the guy, and power down the machine.

#3 - When he powered it back up it goes to a sign on screen requiring a password, but this is not the normal Windows sign on screen.

 

 

The supposed tech support has him go to internet explorer and go to microsoft exmote <dot> com and type in 189026756, which he did.  The tech guy was roger mark, yeah right. He was good, even gave him his tech support id# 1149. 

 

He called me as the guy told him he needed Network Security, Microsoft Activator and IP Address Protect.  All for the very low price of 1year @ $149.99, 5 year for $299.99 and Lifetime $449.99.

 

Needless to say, this guy downloaded something.  I have not tried to start up the laptop as I am fearful that it will infect my network.  And yes it will automatically tie into my network as I've done work on it before and left my network name and password on their computer.  (won't do that anymore).

 

What would you suggest that I do, just wipe out everything and reload windows and start from scratch or try to find out what they loaded on this machine and try (with your help) to clean it??

 

Thanks much for your help.

TryN


Edited by hamluis, 15 December 2016 - 03:49 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 tryn2learn

tryn2learn
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 16 December 2016 - 09:41 AM

I really need to get this computer unlocked and either clean it or do a clean install.  But I need some advise from the experts.  I have to do something as this family have 2 middle school kids that depend on this computer to do their homework.

 

Can someone just guide me in the right direction here?

 

Thank you in advance.

TryN



#3 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:39 PM

Posted 16 December 2016 - 10:16 AM

Does this person have recent backups of either the OS partition and/or the data partition?  If no, you might want to usb or dvd boot puppy linux and download data folders and files onto affordable, available, reliable external media.  If yes, would you be able to do a restore -- images dated recently and just before this tech scam hit?


Edited by RolandJS, 16 December 2016 - 10:17 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 tryn2learn

tryn2learn
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 16 December 2016 - 10:52 AM

No, no recovery partition.  This computer is one that another member helped me determine that the hdd was faulty and on recall from Toshiba.  I ended up purchasing a new hdd for it and loading from scratch the windows 7 OS.  They don't have a lot on it, and the photos they want are on the original USB stick I gave them and on their phones.  So I would not be losing anything on them.  They are a typical middle class family, needed computer for the kids to do homework.  The homework goes directly to the school on a google drive.  They do no banking from the computer, nor pay any bills.  Only emails and homework.

 

So based on what you are asking, your recommendation would be to wipe it clean and re-install???


Edited by tryn2learn, 16 December 2016 - 10:56 AM.


#5 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:39 PM

Posted 16 December 2016 - 11:24 AM

What you're suggesting sounds like the best route.  And, please encourage them to begin and maintain some sort of OS full image backup done on a weekly basis onto external media [which also includes the needed restore usb or dvd boot].


Edited by RolandJS, 16 December 2016 - 11:24 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 tryn2learn

tryn2learn
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 16 December 2016 - 11:38 AM

Oh, I have.  It amazes me that folks won't listen to the backup suggestions.  I guess if they knew how long it takes to get everything back up and running and had to do it themselves, they would think twice!

 

OK, guess I'll wipe the hard drive and start from scratch.



#7 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:39 PM

Posted 16 December 2016 - 01:12 PM

Oh, I have.  It amazes me that folks won't listen to the backup suggestions.  I guess if they knew how long it takes to get everything back up and running and had to do it themselves, they would think twice!  OK, guess I'll wipe the hard drive and start from scratch.

I hope you're charging a fair price [your experience, your time, your energy - all is valuable!].  Paying for reconstruction costs really adds incentive for hustling material and software for making future timely backups.


Edited by RolandJS, 17 December 2016 - 07:56 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 16 December 2016 - 03:33 PM

If you want a comprehensive look at the system for possible malware before wiping and starting from scratch, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log, please reply back in this thread with a link to the new topic.

BTW...have your friend read Beware of Phony Emails & Tech Support Scams
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 tryn2learn

tryn2learn
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 16 December 2016 - 04:14 PM

Thank you Bleepin' Janitor.

 

I will definitely do exactly what you have suggested.  And will copy off the article for them.  Sure would appreciate cleaning it off rather than starting a clean install.

 

Thanks much.

TryN



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 16 December 2016 - 04:20 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 tryn2learn

tryn2learn
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:07:39 PM

Posted 16 December 2016 - 04:24 PM

Will be in touch! 

Thanks so much.

:)



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 16 December 2016 - 04:31 PM

:thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users