My friend got scammed

[thellewitt]

and so precisely what is the plan to check for problems?
run what? inquiring minds want to know!

Usually they try to get the user to download a file which is actually a
virus or trojan. If he did not do that then he went unaffected. I have
had three of those calls. It's usually someone with a very thick accent.
So the answer to your question is: scan with an Anti-Virus program first
like Avast, etc., I would also suggest a quick rootkit scan as well
using TDSSKiller and then do a malware scan with MalwareBytes,
SuperAntiSpyware and perhaps Spybot Search & Destroy 2. Do quick scans
with all and if anything malicious turns up, run full scans.


Cheers,
thellewitt

 

[Shadow]

Usually they try to get the user to download a file which is actually a
virus or trojan. If he did not do that then he went unaffected. I have
had three of those calls. It's usually someone with a very thick accent.
So the answer to your question is: scan with an Anti-Virus program first
like Avast, etc., I would also suggest a quick rootkit scan as well
using TDSSKiller and then do a malware scan with MalwareBytes,
SuperAntiSpyware and perhaps Spybot Search & Destroy 2. Do quick scans
with all and if anything malicious turns up, run full scans.

Rootkits can hide behind the OS and be invisible to any AV on
the computer. Imagine it like Windows running as a VM on the rootkit
host. I take it you mean a USB/CD booted scan with something like
Kaspersky Rescue.
[]'s

 

[Ken Blake, MVP]

As far as I know this particular scam's primary goal is to separate
your money from your wallet, not to do actual damage to or infect the
computer.

Maybe, but maybe not. It may the primary goal of some such scammers,
but not necessarily all of them. And it can also be the secondary goal
of many. The risk of damage or infection is great.

But they did have the opportunity to do so, so it needs to be
checked out.

I disagree. Checking things out isn't good enough. Once someone has
been let into your computer, the risks are too great, and the only
really safe things to do are a clean reinstallation of Windows and the
changing of all passwords, especially any for financial institutions.

 

[. . .winston]

Ran across this on Snopes today:

http://www.snopes.com/fraud/telephone/microsoft.asp

and remembered this message.

- Bill

"Nil" wrote in message Well, half-scammed that is. He got a call from one of those operations
that claim that they represent Microsoft and that they have detected
viruses on your computer and that they will fix the problem for a fee.
My naive friend went so far as to let them remote-connect to his
computer before he got suspicious and hung up the phone and turned off
the computer. I've agreed to visit him tomorrow and check out the
computer for any signs of possible tampering or malware that may have
been planted.

As far as I know this particular scam's primary goal is to separate your
money from your wallet, not to do actual damage to or infect the
computer. But they did have the opportunity to do so, so it needs to be
checked out. I'm going to do general scans for viruses, malware a few
tools I've got. I'll be on the lookout for keyloggers and rootkits.

Can anyone comment on their experience with this type of scammer and
know what, if anything, they tend to leave in their aftermath?

Small sample size (about a dozen over the last two years agreeing to
remote and subsequent payment) that I've seen...I tend to agree on the
claimed to be representing Microsoft phones calls are monetary based not
infection related. Not a single one of those users(mostly ignorant of
MSFT practice to never call or have someone represent) had any type of
issue beyond parting with $$.

Even so, I do believe that the risk of introducing 'foreign material' on
a system will always be present by allowing anyone unknown to remote
into a machine.

 

[Roger Blake]

Maybe, but maybe not. It may the primary goal of some such scammers,
but not necessarily all of them. And it can also be the secondary goal
of many. The risk of damage or infection is great.

It's amazing to me that anyone falls for this type of thing. I had
one of those scammers call me a few days ago. I played dumb and led
them down the primrose path for a while just for entertainment value.

Since I run Linux none of the things they tried to have me to to
give them control would work. Even when I started reading things
that said "Ubuntu Linux" the "technician" on the other end had no
idea what was going on and finally put a "senior technician" on
the line. It took that guy a good 15 minutes to figure out that
I wasn't running Windows. I just kept saying "I don't know much
about this stuff, my son set it up for me."

It would have been fun to jerk them around some more but I really
didn't have the time. It would be fun to set up a Windows XP virtual
machine for those bozos to muck around in.

--

 

[RobertMacy]

It's amazing to me that anyone falls for this type of thing. I had
one of those scammers call me a few days ago. I played dumb and led
them down the primrose path for a while just for entertainment value.

Since I run Linux none of the things they tried to have me to to
give them control would work. Even when I started reading things
that said "Ubuntu Linux" the "technician" on the other end had no
idea what was going on and finally put a "senior technician" on
the line. It took that guy a good 15 minutes to figure out that
I wasn't running Windows. I just kept saying "I don't know much
about this stuff, my son set it up for me."

It would have been fun to jerk them around some more but I really
didn't have the time. It would be fun to set up a Windows XP virtual
machine for those bozos to muck around in.

It's always amazed me that the whole internet connection thing was not
handled by completely isolated software. Like you mention a virtual
Windoze OS, it seems it would be easy to make a virtual "internet
connection browzer" that in absolutely no way makes permanent changes to
your basic system. And everything is handed back and forth between
'internet connection' and 'operating system' through an absolutely
impervious wall. That way we wouldn't need all those bogging your system
down to a crawl virus/malware portection software looking over the
shoulders of running software. It would be like having an isolated PC for
the internet built into your desk PC. Soemthing happens? simply wipe the
disk section, reinstall the internet section, and you're off and running
again. But I suppose it's possible to make a virus that can even jump
those barriers, sigh.

 

[Ken Blake, MVP]

It's amazing to me that anyone falls for this type of thing.

Not to me, it isn't. You are apparently more knowledgeable than most,
but many people know very little and are afraid of anything to do with
computers. Tell them they have a problem, offer to help them, even for
a price, and they jump at the opportunity.

There are probably many people who fall for it than most of us
realize. Most of them probably never even realize they've been
scammed, so we never see messages from them in forums, etc.

 

[Ed Cryer]

Not to me, it isn't. You are apparently more knowledgeable than most,
but many people know very little and are afraid of anything to do with
computers. Tell them they have a problem, offer to help them, even for
a price, and they jump at the opportunity.

There are probably many people who fall for it than most of us
realize. Most of them probably never even realize they've been
scammed, so we never see messages from them in forums, etc.

My experience too.
And I'll add another thing. It's amazing how many people get by with
limping computers. They just put up with infected and crippled systems,
whether on PCs, laptops, tablets, phones etc.
You say to them "Did you know that this PC is extremely slow?", and
they'll say something like "Yeah, it's been like that for months and
it's getting worse. I'm thinking of buying a new one".

Ed

 

[lew]

Not to me, it isn't. You are apparently more knowledgeable than most,
but many people know very little and are afraid of anything to do with
computers. Tell them they have a problem, offer to help them, even for
a price, and they jump at the opportunity.

There are probably many people who fall for it than most of us
realize. Most of them probably never even realize they've been
scammed, so we never see messages from them in forums, etc.

The many multiple TV advertisements from various "companies" help
scammers do their thing in claiming to check the computers via
remote & "keep it clean" & "improve" performance; e.g. pc clean..

The advertisements claim that they will optimize the computer's
speed in usage & keep the computer "tuned up".

The responses of the victims are not exceptional considering the
advertisements; it's like the "ambulance chaser" lawyers who are
fishing for clients with advertisements of payoffs of law suits for
people with medical problems with medical terminology.

 

[David E. Ross]

The only tracking cookies you need are for your on-line banking (and you
should change your passwords frequently, too).

The others are just for tracking your browsing etc so that the vendors
can "serve you better". As if you were a tennis ball, I guess. You don't
need them for transactions, the vendor's website will set another cookie
next time you log on.

Using SeaMonkey as my browser, I can have multiple profiles all within
the same Windows account. (SeaMonkey has the same internal "guts" as
Firefox but with a more flexible user interface. While Firefox is
eliminating the Profile Manager, SeeMonkey will keep it.) I created a
separate profile just for banking.

In SeaMonkey, cookies are in a SQLite database, a separate database for
each profile. While my general profile has my cookies file marked "read
only" (thus trashing any new cookies), my banking profile has it marked
"read and write". Other differences between the two profiles include --

General profile:
SecretAgent extension to confuse tracking attempts
Popups disabled
Images allowed only from the same domain as the Web page being viewed
Flash disabled
Many, many bookmarks (what IE calls "favorites")

Banking profile:
No SecretAgent extension because it confuses banking Web servers
Popups enabled
All images allowed
Flash enabled
Bookmarks only for my banking Web sites

--
David E. Ross

The Crimea is Putin's Sudetenland.
The Ukraine will be Putin's Czechoslovakia.
See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>.

 

[VanguardLH]

test

failed

 

[Bob F]

I've had several such calls, and had thought of doing that, and
possibly booting into Linux and telling them I couldn't follow their
instructions, but I've usually been too busy and just put the phone
down.

I've had 2 more in the last few days, but haven't been inclined to play with
them again.

 

[VanguardLH]

Steve Hayes wrote back on 30 Jun 2014:

<snipped ancient thread>

Pretty ancient thread. A bit late on your response. Will you be
updating this old thread each time you get another scam call? Not
really germaine to this newsgroup.