Tech support scam

jackiebaron

Hi folks,

Today my girlfriend received a call from some bloke in India, telling her that she had a problem on her new laptop and yada, yada. I think that he talked her into to giving him access to her system. Anyway, she got a bit suspicious when he started talking about payment plans, etc. and texted me. I told her it was a scam and to hangup or disconnect. I am way from her for 2 weeks and can´t check her laptop and she´s worried that this guy might have access to her machine if she goes online. Is there a way to check?

thanks

Fluffy88

If she has a firewall installed she could block all incoming and outgoing connections except firefox(or which ever browser she uses).
That way no program can send any information out or in so the scammers wouldn't even know she is online.

She could open up Task Manager and check for any suspicious processes or services that are running and stop them.

She could boot into safe mode with networking for the next two weeks.

These are all obviously temporary fixes until you can get hold of the machine and make sure it's not got any malicious programs. There is a bigger thread on this topic that you might find more info about what the scammers do, if she is at risk and what solutions there might be.
http://www.boards.ie/vbulletin/showthread.php?t=2055837564

Hijpo

Fluffy88 wrote: »

If she has a firewall installed she could block all incoming and outgoing connections except firefox(or which ever browser she uses).
That way no program can send any information out or in so the scammers wouldn't even know she is online.

She could open up Task Manager and check for any suspicious processes or services that are running and stop them.

She could boot into safe mode with networking for the next two weeks.

These are all obviously temporary fixes until you can get hold of the machine and make sure it's not got any malicious programs. There is a bigger thread on this topic that you might find more info about what the scammers do, if she is at risk and what solutions there might be.
http://www.boards.ie/vbulletin/showthread.php?t=2055837564

Sounds like the scam where they get you to download logmein software, dont connect to the internet and uninstall that if she has installed it. Or any other programmes he got her to install.

chin_grin

Anyone who has a basic understanding of how pc's work should cop that this is BS from the get go. You'd NEVER get a call from someone saying that you're machine has been "hacked".

https://www.youtube.com/watch?v=Rvn6mCzRRpU

uch

Tell her to undo everything he asked her to do.

Hijpo

chin_grin wrote: »

This is what's happening. In six parts.

Anyone who has a basic understanding of how pc's work should cop that this is BS from the get go. You'd NEVER get a call from someone saying that you're machine has been "hacked".

https://www.youtube.com/watch?v=Rvn6mCzRRpU

I kept him on the phone for half an hour, just to see what he was getting people to do. He basicly gets you to filter the event viewer to show you all the warnings and says that if there are hundreds its a serious problem and that there technicians are very experienced in fixing the problem. In the end he actually blamed ME for wasting HIS time lol

jackiebaron

chin_grin wrote: »

This is what's happening. In six parts.

Anyone who has a basic understanding of how pc's work should cop that this is BS from the get go. You'd NEVER get a call from someone saying that you're machine has been "hacked".

https://www.youtube.com/watch?v=Rvn6mCzRRpU

Well that`s all well and good for you to say. I`m a unix expert myself but some people are not so savvy. Also it`s very conceivable that someone could call telling you that your machine is reporting errors especially if they sound convincing. If your machine automatically alerts you when updates are available then it´s not really much of a stretch for some people to believe that the machine might also report defects to "microsoft".

uch

Hijpo wrote: »

I kept him on the phone for half an hour, just to see what he was getting people to do. He basicly gets you to filter the event viewer to show you all the warnings and says that if there are hundreds its a serious problem and that there technicians are very experienced in fixing the problem. In the end he actually blamed ME for wasting HIS time lol

Ha Ha Love it!

jackiebaron

She ran a scan and it reported that all was ok. I´m still a bit worried though.

chin_grin

jackiebaron wrote: »

She ran a scan and it reported that all was ok. I´m still a bit worried though.

Please tell me you're joking.

Right first things first. Right click on the bottom task bar (or ctrl+alt+del) and go to task manager.

In the tab named Processes you should look for something with the name logmein and right click and stop process.

If there's a blue icon down by the time (bottom right) close that.

Go to Start - Control Panel - Add/remove programs and look for logmein there.

dilallio

There's a mega-thread on these calls.

http://www.boards.ie/vbulletin/showthread.php?t=2055837564

Hijpo

dilallio wrote: »

There's a mega-thread on these calls.

http://www.boards.ie/vbulletin/showthread.php?t=2055837564

Man that vid is funny "keep pressing enter and then press pause/break"

acquiescefc

scmbag got me too just now.

Pretty jetlagged and was kinda thinking this was genuine like an idiot.

got as far as the 'it costs €€€' and realised it was time to end this.

He got to takeover the pc,and ran a 'cmd' and then typed 'tree' which displayed im guessing all my system files. can they copy this and get anything like passwords etc or was it just a pretend process to show me that it said 'ms has expired' and to make me think i should buy a sub?

ive checked the processes and installed programs and nothings there so hoping they just have a list of my system files...anyone techy confirm?

Hijpo

Did he send you to a site to download any software?

tricky D

Doesn't need to. Once you have connected using logmein or ammyy or teamviewer, they upload a trojan and you're infected.

Update your virus scanner, do a full scan.
Download MalwareBytes AntiMalware and do a full run.
Seriously consider cancelling or changing any credit cards etc you have previously used online.
Change banking passwords and any other passwords you use for other important sites.

tricky D

chin_grin wrote: »

In the tab named Processes you should look for something with the name logmein and right click and stop process.

If there's a blue icon down by the time (bottom right) close that.

Go to Start - Control Panel - Add/remove programs and look for logmein there.

Unfortunately, once there's been one logmein session, it's too late, you are infected and the trojan doesn't need logmein (or the other remote access tools) to continue its work - robbing your account info and passwords.

acquiescefc

yeah he sent me the site and i ran the program stupidly. website seemed genuine enough,was trying to google it but didnt see anything immediately dodgy.

scanned everyhting and just hoping they havent used any kind of keylogger.

he started asking me to pay for the 'warranty' and all the wonderful things id get for 55 euros or 275 for 5 years, so hoping that he was only after my credit card.

any ideas where this trojan could be saved?

my bank uses the random number thing so they couldnt log that,guess its pw's for stuff that could be a problem. working on changing the important stuff now. might try and reconnect to that site from work tomoro and see if the little $hit is available.

tricky D

Firstly, logmein or ammyy or teamviewer are perfectly legit and genuine pieces of software used for remote access so Google won't throw up anything useful there.

Secondly, it's not a simple matter of finding where the trojan is saved and why not dump a keylogger in the trojan. I would if was that sort of scum (I'm not). As I said in my first post 'Download MalwareBytes AntiMalware and do a full run.' I would even post a thread in Virus & Malware Removal after you READ THIS FIRST: "I think I have a virus" - Please Read & Try BEFORE Posting.

Thirdly, just because your bank uses random PIN, there's no reason you should be complacent. Change your password at the least.

Fourthly, forget about any notion of getting back in touch or reconnecting. These people are thieves plain and simple.

Lastly, learn up on some scams and raise your online security awareness. Be more wary of strangers giving you advice which involves anything like accessing or doing stuff to your computer. In one way, you should even be wary of my advice, except this is a public forum, so open to scrutiny. Also my posting history points to my bona fides unlike some randomer calling you on the phone.

acquiescefc

tricky D wrote: »

Firstly, logmein or ammyy or teamviewer are perfectly legit and genuine pieces of software used for remote access so Google won't throw up anything useful there.

Secondly, it's not a simple matter of finding where the trojan is saved and why not dump a keylogger in the trojan. I would if was that sort of scum (I'm not). As I said in my first post 'Download MalwareBytes AntiMalware and do a full run.' I would even post a thread in Virus & Malware Removal after you READ THIS FIRST: "I think I have a virus" - Please Read & Try BEFORE Posting.

Thirdly, just because your bank uses random PIN, there's no reason you should be complacent. Change your password at the least.

Fourthly, forget about any notion of getting back in touch or reconnecting. These people are thieves plain and simple.

Lastly, learn up on some scams and raise your online security awareness. Be more wary of strangers giving you advice which involves anything like accessing or doing stuff to your computer. In one way, you should even be wary of my advice, except this is a public forum, so open to scrutiny. Also my posting history points to my bona fides unlike some randomer calling you on the phone.

ah no im pretty savvy usually, i spent 29 hours on/in planes/airports y'day so not the brightest today. couple of things also conspired to make me think this was legit. was trying to google the site address he gave me.
The guy was talking to me like i had never seen the internet before.

well im doing the scan and ive already got AVG that is pretty sturdy to anything dodgy so im gonna change what i need to, my question/main concern is about said trojan. if its there,where would it be. i cant remember the exe i allowed it to run,im hoping it was just the GUI that enabled them to take over. i was watching what they were doing and didnt see anything dodgy. obv this makes me think/hope that the aim was to get my credit card details, which i will never ever do.

so i dont think i have a virus, im savvy enough to know whats what, and hoping i got a lucky escape here.

i am also wary of anyone with a +91, they make my life hell in my own 9-5.

jackiebaron

tricky D wrote: »

Firstly, logmein or ammyy or teamviewer are perfectly legit and genuine pieces of software used for remote access so Google won't throw up anything useful there.

Secondly, it's not a simple matter of finding where the trojan is saved and why not dump a keylogger in the trojan. I would if was that sort of scum (I'm not). As I said in my first post 'Download MalwareBytes AntiMalware and do a full run.' I would even post a thread in Virus & Malware Removal after you READ THIS FIRST: "I think I have a virus" - Please Read & Try BEFORE Posting.

Thirdly, just because your bank uses random PIN, there's no reason you should be complacent. Change your password at the least.

Fourthly, forget about any notion of getting back in touch or reconnecting. These people are thieves plain and simple.

Lastly, learn up on some scams and raise your online security awareness. Be more wary of strangers giving you advice which involves anything like accessing or doing stuff to your computer. In one way, you should even be wary of my advice, except this is a public forum, so open to scrutiny. Also my posting history points to my bona fides unlike some randomer calling you on the phone.

Tricky, are you saying that once you've been hit with this trojan, then that's it. Game over? There's no way of getting rid of it without reinstalling the system????

Hijpo

jackiebaron wrote: »

Tricky, are you saying that once you've been hit with this trojan, then that's it. Game over? There's no way of getting rid of it without reinstalling the system????

You should be ok if you scan in safe mode, or get a bootable Anti virus.