Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Daughter fell for tech support scam, now has a trojan


  • Please log in to reply
3 replies to this topic

#1 kpru

kpru

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 21 February 2018 - 09:49 AM

I came home yesterday to find my daughter on the phone with a "tech support agent." She wanted me to talk to them, explained that she had gotten a popup that wouldn't go away and called the number it told her to. I told her to hang up the phone and grilled her for details. She had downloaded GoToAssist and let the "tech support person" have control of her computer. After shutting off the internet to her laptop from the router and giving her a nice long lecture, I proceeded to run some scans.

 

I scanned her laptop which runs Windows 10 with Windows Defender, Malwarebytes Adware Cleaner, Malwarebytes and Hitman Pro. They all said that no threats were found, but when I went back to Windows Defender and looked at the scan history, I found that Trojan:Win32/Ditertag.B was shown under the full history in both Quarantined Threats and Allowed Threats.

 

At some point, GoToAssist disappeared from her desktop, and I subsequently uninstalled something with a similar name (GoTo?????) that I forgot to write down. I'm not sure where to go from here. I restarted in Safe Mode and the Ditertag.B is no longer showing up under Quarantined Threats or Allowed Threats, but I'm sure it didn't just disappear on its own.



BC AdBot (Login to Remove)

 


#2 null__

null__

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:02:42 AM

Posted 21 February 2018 - 10:29 AM

Scan your computer with Malwarebytes, ADWCleaner and TDSSkiller. Malwarebytes also has an anti-rootkit tool as well that you can run. When looking at the control panel, I always sort by date of installation and check for anything around the date of contact. Anything that looks out of the ordinary I usually remove.



#3 jarlmaster47

jarlmaster47

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 21 February 2018 - 10:45 AM

Super antispyware is also a good program but null's got it. Run the scans multiple times after quarantining/removing infected files. It can take some time to completely rid the computer of the Trojan. Shouldn't be TOO big of a deal to get rid of. I've been there and it's annoying but it's doable. 



#4 null__

null__

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:02:42 AM

Posted 21 February 2018 - 12:25 PM

Another thing to check is the list of Startup items to make sure that there isn't anything starting that's not supposed to be. You can also check the Firewall to make sure there isn't anything in there either.






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users