Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mom scammed by "Hi, we're Microsoft, you have a virus" - where to start, please?


  • Please log in to reply
6 replies to this topic

#1 dmatthewb

dmatthewb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 09 September 2017 - 01:21 PM

My mom called me in a panic the other day while she was still on the other line with "someone from Microsoft" who had called to tell her she had major problems with her new computer, etc, etc.  

 

I told her to STOP and hang up immediately, after reassuring her it was 100% a scam.  I told her to power off her laptop immediately.  Fortunately she didn't give them any credit card info, but she did say the guy on the phone had her "install something" and that he was "controlling her computer."  DAMN!

 

I'm out of state and had no way to work on it, so she sent me the laptop.  I just powered it on (it's never been on my WiFi, so is not connected to the Internet at present) and the first thing I got was a Network Connection error message from DWAgent.

 

Can someone help walk me through the steps to clear out any crap they might have installed on it, and if possible to see if there are any logs to see what they might have done in terms of file access, etc?  She (of course) has a file called "Passwords" and I already changed all her important ones the day this happened.  But I want to see if there's a way to find out if they grabbed stuff off her hard drive.

 

She's on Windows 10 on an HP Laptop.  

 

MANY thanks in advance!



BC AdBot (Login to Remove)

 


#2 mikey11

mikey11

  • Members
  • 1,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:12:07 PM

Posted 09 September 2017 - 02:09 PM

My mom called me in a panic the other day while she was still on the other line with "someone from Microsoft" who had called to tell her she had major problems with her new computer, etc, etc.  

 

I told her to STOP and hang up immediately, after reassuring her it was 100% a scam.  I told her to power off her laptop immediately.

 

 

you did the right thing, congrats, it is a scam,

 

i would start by doing a system restore to a date previous of when this happened,



#3 dmatthewb

dmatthewb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 09 September 2017 - 02:13 PM

It's literally a week old computer.  No restore points.  I had just visited her and get her setup on a new machine and she wasn't really used to Windows 10 at all.  That's why she fell for it.  Ugh.



#4 mikey11

mikey11

  • Members
  • 1,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:12:07 PM

Posted 09 September 2017 - 02:42 PM

if the computer is that new, and you dont have anything on it you need, just do a fresh windows 10 install,

 

choose reset the pc, and remove everything...............

 

 

https://www.onmsft.com/news/windows-10-reset-refresh-windows-10-installation-better-performance


Edited by mikey11, 09 September 2017 - 02:43 PM.


#5 dmatthewb

dmatthewb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 10 September 2017 - 07:38 PM

If it comes to that, I'll certainly do it, but is there a scan/sweep process I could follow to at least know what the situation is before starting from scratch?

 

I did a bunch of customization with her of shortcuts, start menu, etc. to make it simple for her to use.

 

Thanks.



#6 mikey11

mikey11

  • Members
  • 1,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:12:07 PM

Posted 11 September 2017 - 06:13 AM

i would start by running ADWcleaner, then Malwarebytes Anti-Malware

 

that should take care of most of it,

 

after that you could scan with whatever Antivirus you are using,

 

then run CCleaner if you want



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 12 September 2017 - 11:22 AM

Here's instructions on running some cleanup tools.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users