Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Friend suckered in by tech support scam: help!


  • Please log in to reply
2 replies to this topic

#1 bustacaptx

bustacaptx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 11 April 2017 - 10:48 PM

My buddy Mike was taken in by the tech support webpage scam this afternoon, and allowed some guy with a thick Indian/Pakistani accent calling himself "Michael White" to have remote access to his Windows 10 PC.    

 

Mike is bringing his PC over to me to look at tomorrow evening, and when I do I want to ensure that I catch and remove anything that the scammer might have installed on his computer.  He and his wife run their office cleaning business off of that computer, so the data on it is extremely important to their family livelihood.

 

THE BACKSTORY: Mike started having problems getting his wireless HP printer to print from his PC yesterday, and tried for a while in his own limited way to diagnose it.  Having no luck, he did a Google search for "HP Printer Support" and one of the top results was pcgurunow (dot) com/Printer-Drivers.html (WARNING, this is a scammer site!!).  He dialed the 1-866 telephone number and was connected to a helpful seeming guy who told Mike his name was Michael White (even though he sounded very Indian or Pakistani).  "Mr. White" told Mike he would help and had him grant remote access via fastsupport.com.

 

Once connected, the scammer "ran some tests" (like those detailed here) and convinced Mike that his computer was full of viruses/malware, and that unauthorized users were connected to his pc from all around the world (see example image below):

 

015_netstat.png

 

He convinced Mike that his PC had no virus protection or firewall (I installed Avast and configured Windows Firewall when the computer was set up new several months ago) and started in trying to sell Mike on a complete protection suite for $500.  After a little back and forth, Mike got suspicious and ended the call and then called me.

 

After I got the story and telephone number he had called and did a search on it, I immediately saw a page of people complaining about exactly this scam.  I called Mike back and told that he's been scammed and to unplug his computer from the wall immediately, which he did within 10 seconds.

 

THE HELP I NEED:  Mike is bringing his PC over tomorrow evening and I want to boot it up with a thumb drive/CD and use the best tools I can find to scan the living crap out of it, looking for keyloggers, dialers, rootkits, etc, etc.  Then I'm going to either do a System Restore from a week ago (there were no problems with the PC then) for failing that use AOMEGI Backupper to restore the backup from the beginning of the month.

 

So what I want to know is what tools should I use, and in what order should I use them?

 

Thanks very much for your assistance!    :grinner:

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Havachat

Havachat

  • Members
  • 1,050 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:09:24 PM

Posted 12 April 2017 - 02:10 AM

Disconnect from the Internet , start the PC Normally and save any Data required that you can pertaining to the Buisness.{ Or Safemode }.

I doubt anything was installed maliciously as he hung up after the Cost was told but you never know.

 

Albeit i would then revert back to the Aoemi Image / Backup and paste the Data you saved back also.

Then do a scan with Malwarebytes and your Antivirus.

If nothing is found thats good , if something is then Quarantine or Remove and rescan again.

 

If you feel something is still wrong or not right then maybe a Post within   Am I Infected What Do I Do

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 14 April 2017 - 05:20 AM

List of PUP/Adware/Toolbars/Browser Hijacking Scan Tools::


List of Free Scan & Disinfection Tools to supplement your anti-virus or get a second opinion::

From that list, I would recommend any (or a combination) of these...Emsisoft AntiMalware, Emsisoft Emergency Kit, Malwarebytes 3.0, Zemana AntiMalware and the Kaspersky Virus Removal Tool.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users