Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SKCare scam


  • Please log in to reply
2 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:09:04 AM

Posted 05 April 2017 - 09:59 PM

A friend of mine browsed to a website that a friend had recommended...not sure if it was a link or if it was typed in directly.  Regardless, it was a scam site that displayed a great deal of inappropriate info (porn), which shocked my friend, needless to say, but it also created a pop-up with information that in effect, said that "Microsoft needed to remove the virus that is controlling the system".  A classic scam that she fell for...she called the number and an "obviously foreign speaking individual" led her through some steps to remove the virus, and of course, charged her for the service.

 

The service was provided by "SKCare", phone number 844-307-1727.  On the surface, this "service" looks legit, except for the misspellings, improper grammar/punctuation and the obvious phoniness of the site.  There is an app in the Apple app store that matches the SKCare branding.

 

First question:  has anyone ever heard of "SKCare"?

 

She asked me to look over the computer and take any appropriate action to get it to a protected status.  Here's a list of things I noticed:

 

  • Taskbar has a new toolbar:  "SK Tech-844307-1727"
  • "Supremo" on desktop (Properties reveals this about the file:  name is "Supremo Remote Control", 5.03MB, authored by "Nanosystems S.r.l."
  • "SK Technical Services" text document on desktop, contents to follow:

"NAME:HENRY JACKSON

EXT NO:414

TOLL FREE:1-844-307-1727(24*7)

COMPANY NAME:SK TECHNICAL SERVICES (WILMINGTON DELAWRE) (sic)

WORKING DAYS:(OPEN-7DAYS)

WORKING HOURS:(OPEN-24*7)

  • Notepad.exe had font changed to "Georgia" with a size of 24.
  • Norton Security installed.  (She was told it was included in the cost of the service, but it's only a trial subscription.
  • CCleaner uninstalled. (Had been installed previously.)
  • CCleaner reinstalled and the icons are not what would normally be expected.

Steps I've taken to ensure the "service" is no longer affecting the system:

  • Uninstalled SKCare (C:\windows\installer\179842a6.msi)
  • Deleted "Supremo" and  "SK Technical Services" text doc from desktop ("Supremo" scanned with MBAM and Norton prior to removal, not found to be a threat.)
  • Created restore point
  • Re-installed CCleaner (ran cleaner, registry scanner)
  • RKill
  • MBAM scan (no threats found)
  • Norton scan (no threats found)
  • JRT (log available)
  • AdwCleaner (log available)

Second question:  What else would you suggest I do to confirm that "SKCare"

 

Thanks

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:04 AM

Posted 06 April 2017 - 05:07 PM

You should change all passwords and other identifiers such as secret words and phone #s. Especially email accounts, online stores and financial institutions such as banks, paypal, etc.

 

If you haven't disputed the charges....do that. Those were criminals that were paid and whatever medium was used....they can use it again. If it was

a CC...I suggest canceling it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 wants185s

wants185s

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 July 2017 - 04:07 PM

I just became a victim of SK Tech Services virtual carbon copy of Montana Mad Dog's experience.  I can't believe I got lured in.  I think what caught me was the Windows Defender Banner and the fact that my cursor was frozen so I could not do anything.  I should have just shut it off.  Once they got into my computer they would not leave until I bought something.  I was more or less a hostage. Thanks for the suggestions Buddy 215.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users