A friend of mine browsed to a website that a friend had recommended...not sure if it was a link or if it was typed in directly. Regardless, it was a scam site that displayed a great deal of inappropriate info (porn), which shocked my friend, needless to say, but it also created a pop-up with information that in effect, said that "Microsoft needed to remove the virus that is controlling the system". A classic scam that she fell for...she called the number and an "obviously foreign speaking individual" led her through some steps to remove the virus, and of course, charged her for the service.
The service was provided by "SKCare", phone number 844-307-1727. On the surface, this "service" looks legit, except for the misspellings, improper grammar/punctuation and the obvious phoniness of the site. There is an app in the Apple app store that matches the SKCare branding.
First question: has anyone ever heard of "SKCare"?
She asked me to look over the computer and take any appropriate action to get it to a protected status. Here's a list of things I noticed:
- Taskbar has a new toolbar: "SK Tech-844307-1727"
- "Supremo" on desktop (Properties reveals this about the file: name is "Supremo Remote Control", 5.03MB, authored by "Nanosystems S.r.l."
- "SK Technical Services" text document on desktop, contents to follow:
COMPANY NAME:SK TECHNICAL SERVICES (WILMINGTON DELAWRE) (sic)
- Notepad.exe had font changed to "Georgia" with a size of 24.
- Norton Security installed. (She was told it was included in the cost of the service, but it's only a trial subscription.
- CCleaner uninstalled. (Had been installed previously.)
- CCleaner reinstalled and the icons are not what would normally be expected.
Steps I've taken to ensure the "service" is no longer affecting the system:
- Uninstalled SKCare (C:\windows\installer\179842a6.msi)
- Deleted "Supremo" and "SK Technical Services" text doc from desktop ("Supremo" scanned with MBAM and Norton prior to removal, not found to be a threat.)
- Created restore point
- Re-installed CCleaner (ran cleaner, registry scanner)
- MBAM scan (no threats found)
- Norton scan (no threats found)
- JRT (log available)
- AdwCleaner (log available)
Second question: What else would you suggest I do to confirm that "SKCare"