Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Received a shady and unsolicited call from "HP support" today


  • Please log in to reply
7 replies to this topic

#1 Allusions

Allusions

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 31 March 2017 - 08:40 PM

I'm running Windows 10 here. Over the last month my computer has been acting a little strange, with extremely slow boot up times (10+ minutes) and/or desktop initialization after logging into my account (sole user) that often led to total hang ups or frozen screens . Also occasionally noticed the command prompt opening on its own for a brief moment on my first login attempt after a hard reboot. I attempted to fix the issues with cable-provided McAfee scans and a few additional programs (CCleaner, Spybot, and maybe one other, can't recall) and didn't really see any improvements. After this I got sufficiently paranoid and decided to restore my computer to factory default.

 

After my computer was reset (~2 weeks ago) and set up with my programs I stopped noticing the issues so I started to feel cautiously optimistic. The command prompt on log in occurred one more seemingly random time but I didn't notice any of the other sluggishness or freezing/hang ups so I remained on watch and ran my anti-virus scan but nothing else.

However, today I received a very strange and unsolicited phone call from a person claiming to be with "HP support" claiming that my computer was sending "malicious reports" to their inbox. There were very few coherent details but he seemed to know my first name, my phone number, and that I owned an "HP computer." It was a strange conversation, especially since I have not been in contact with HP support, and never regarding this current computer. Anyway, this raises all my red flags but I also feel like the situation is beyond my beginner-moderate ability to troubleshoot. Advice, please?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 01 April 2017 - 09:03 AM

Welcome to BC...

 

No computer manufacturer, security program, or Microsoft will call you....that was a criminal scammer.

 

How the info was obtained as to first name and knowing you had a HP computer is something that I could only guess at.

 

If you hung up without giving any remote access to the computer or any financial details such as credit card number....then no harm has been done to the computer or your billfold.

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Allusions

Allusions
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 01 April 2017 - 08:07 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/17
Scan Time: 7:01 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1643
License: Expired

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: PAVILION\Christian

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370734
Time Elapsed: 6 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.InstallCore, C:\USERS\CHRISTIAN\DOWNLOADS\CAMSTUDIO.EXE, Quarantined, [8], [301065],1.0.1643

Physical Sector: 0
(No malicious items detected)


(end)

 

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.47 [25.03.17]
WebSite: www.safezone.cc
DateLog: 01.04.2017 20:47:08
Path starting: C:\Users\Christian\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Christian
VersionXML: 4.05is-25.03.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 27.01.2017 17:21:12
LicenseStatus: Office 15, OfficeProPlusR_Retail edition The machine is permanently activated.
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [671 Gb] Used: [272.2 Gb] Free: [398.8 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.953.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and up to date)
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
Avast Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.17.2.2288
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.9.43295 Warning! P2P-client.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 52.0.2 (x86 en-US) v.52.0.2 [+]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.52.0.2.6291
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.2.3419.0
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.2.3419.61
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.953
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.953
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------

Logs as requested. A little more information to add as well: I did not give any kind of remote access or personal information, that's really what I meant by the red flags, as soon as he delivered his bit and offered to help me check my computer ("go turn it on..." I assumed was leading to an attempt at remote access) I just hung up.

I used Malwarebytes before so the free trial for Premium had been used before I ran the above scan. Also like I said before my computer has been acting relatively normally since the restore, but after running Malwarebytes I had freezing and hang ups again on load/log in for the first time. Once I was finally able to reach my desktop I noticed that my Avast installation (didn't reinstall McAfee after the restore) had been changed from enabled to disabled (reflected in the logs above) and I got the message about Windows Defender needing to scan my computer. This also happened to me before the restore with McAfee.



#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 02 April 2017 - 05:51 AM

MBAM 3.0 has had some problems on some computers. You may want to uninstall it. Use MBAM's cleanup tool along with uninstalling

MBAM from your list of installed programs. MBAM Clean Removal Process - Malwarebytes 3.0 - Malwarebytes Forums

 

I would think Avast antivirus would stop Defender from running. You might try activating Avast manually after MBAM is uninstalled.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Allusions

Allusions
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 04 April 2017 - 09:06 PM

Over the last few days freezing and hang ups have intensified and I've been stuck trying to even successfully reach the desktop most of the time, with endless "preparing Windows" loading page, black screen after log in, or logging in to frozen desktop. I'm having to hard reboot 10+ times to finally make it there. Do you have any more suggestions to try to regain control? I can't even get into safe mode, my log in page doesn't have power options on it and the old F11 on bootup doesn't seem to work on my laptop.

#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 05 April 2017 - 04:41 AM

What was the original Windows OS on this computer?

 

You could be experiencing a failing hdd.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Allusions

Allusions
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 April 2017 - 12:18 PM

Windows 10. I purchased the computer in January of 2016 new, so that possibility seems weird to me but given the symptoms logical enough.

#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 05 April 2017 - 03:48 PM

If you need assistance for testing the hdd....ask for in the Windows 10 Support  Forum.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users