Fake Microsoft Tech Support Calls

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Fake Microsoft Tech Support Calls

#1 LiveBrianD

Elite

Group: Members
Posts: 11,184
Joined: 31-December 09
Location:Right behind you... made you look! :D

Posted 03 April 2012 - 09:30 AM

Yesterday, I opened my email, and discovered that my grandmother had gotten a strange call that claimed to be from Microsoft support, saying her computer was infected. The person instructed her to go to the site logmein.me (from looking at her internet history) and probably installed malware. Oh [censored], I thought, she got scammed! I installed malwarebytes and ran a full scan (via remote assistance) and then told her to run a full scan with avast when that finished. Even before I had gotten off the phone, malwarebytes had detected 5 things. Are there any other things you suggest doing? (personally I just nuke the entire OS install, but when the person lives an hour away that's not always an option) Note that I'm off school this week, so I might be able to check this out in person (and perhaps reinstall windows, just to be safe) if needed.

Spoiler

"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert Einstein
Need a Windows ISO image?

#2 coastie65

Moderator

Group: Moderators
Posts: 19,708
Joined: 02-April 07
Location:Henrico, Va.

Posted 03 April 2012 - 09:38 AM

LiveBrianD, on 03 April 2012 - 09:30 AM, said:

Hey Brian, As long as you updated Malwarebytes before running, you should do fine. You might also consdier running www.drwebcureit.com . That does not install on the computer, but runs remotely and is always updated. Once that is done, you can then run CCleaner, both files and registry. That should pretty much clean things up. Microsoft support would have in fact had a Microsoft Support URL, and not that one for sure. Hope she didn't fill out any forms. You can do that stuff remotely from your computer if you know how to instruct her to set up the remote access.

Coolermaster HAF 912 Case....ASUS P8Z68-VPro MOBO.....Intel Core i7 2600k Sandy Bridge ( 4.4 Ghz ).... Gelid Tranquillo cooler.... Samsung 830 256 GB SSD.... Primary HDD- WD 1TB Caviar Black SATA III /6.0 .... SECONDARY HDD - WD 1TB Caviar Black SATA II / 3.0....8Gb GSkill Ripjaws Series X 1600 Mhz Memory....Corsair AX850w PSU....EVGA GTX 680 Super Clocked Signature 2 Gb GDDR5 Video Card....Samsung CD/DVD RW, DL, DVD-Ram, w/ Lightscribe Optical Drive....Samsung SyncMaster 2243BWX 22" Monitor..... Windows 7 Home Premium 64 Bit OS

http://novabench.com/image/266589.png

______________________________________________________________

Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.

#3 Rommel

Expert

Group: Members
Posts: 2,183
Joined: 22-March 09

Posted 03 April 2012 - 10:18 AM

In addition to the scans you performed, I like to set avast up to do a scan prior to loading windows so any malware with not have a chance to mask itself being windows is not yet loaded.

After the malwarebytes scan like you did, I would get a third opinion for superantispyware or whichever scanner you prefer.

If clean after all this then I would feel good about it, though I do agree with you, the best peace of mind is a nuke.

Thanks for the headsup concerning this scam.

#4 LiveBrianD

Elite

Group: Members
Posts: 11,184
Joined: 31-December 09
Location:Right behind you... made you look! :D

Posted 03 April 2012 - 10:49 AM

She said that when malwarebytes finished, it had 5 items detected, but some message appeared that she couldn't get rid of. (malware?) I sent her instructions on how to boot into safe mode w/ networking and remove it. (they had to leave at the moment and said they'd look at it later)

I think it may be best to nuke it - I too don't always feel safe from just using av software (particularly since they sometimes do online banking). Besides, the OS install is probably about 5 years old on that machine anyway. It's rather funny that this is the one time that I actually managed to find malware samples when I wanted to (I installed a few of them in a VM, and then ran malwarebytes, taking screenshots of the entire thing along the way so I could put them in an email to explain the process.).

Spoiler

"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert Einstein
Need a Windows ISO image?

#5 coastie65

Moderator

Group: Moderators
Posts: 19,708
Joined: 02-April 07
Location:Henrico, Va.

Posted 03 April 2012 - 01:31 PM

Rommel, on 03 April 2012 - 10:18 AM, said:

Hey Rommel, That is why I recommended Dr. Web Cure It. It scans from outside and doesn't load onto the computer and is always up to date. Setting up Avast! as you have is a good idea, as it will catch stuff in memory as well.

This post has been edited by coastie65: 03 April 2012 - 01:32 PM

#6 LiveBrianD

Elite

Group: Members
Posts: 11,184
Joined: 31-December 09
Location:Right behind you... made you look! :D

Posted 03 April 2012 - 01:52 PM

Fyi, her machine has had Avast Free installed for years.

Spoiler

"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert Einstein
Need a Windows ISO image?

#7 Rommel

Expert

Group: Members
Posts: 2,183
Joined: 22-March 09

Posted 03 April 2012 - 02:08 PM

Just out of curiousity, does the free version of avast offer a "boot scan"?

Last yr avast had a great 3 pc offer so I paid into it.
Plus, so they claim, the paid version is more secure.

This post has been edited by Rommel: 03 April 2012 - 02:11 PM