Solved

What to do: microsoft scam where someone connects to PC remotely

Posted on 2016-08-01
7
110 Views
Last Modified: 2016-08-03
Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
0
Comment
Question by:REIUSA
7 Comments
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 83 total points
ID: 41737823
You cannot stop them from calling and you cannot block the number because it changes. So calls will come in. Two forms of defense - both work.

1. Microsoft does NOT call you. Hang up if they say they are Microsoft.
2. Pick up the phone, say Hello like normal, wait NO MORE than 1/2 second. No voice in that time: Hang up.

Both of these work.
1
 
LVL 16

Assisted Solution

by:dhsindy
dhsindy earned 83 total points
ID: 41737825
Verify that remote access is turned off.
1
 
LVL 54

Expert Comment

by:McKnife
ID: 41737828
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 88

Assisted Solution

by:rindi
rindi earned 83 total points
ID: 41737829
If they get access via tools like teamviewer, they can do much anything, like install key-loggers, viruses, worms etc, particularly if the user uses an Account with admin rights.

So basically a fresh installation of the OS is the best course of action, change all passwords of email accounts, PC accounts etc,, make sure you create an account that is not a member of the admins group, and teach the user only to use that account when doing anything on the PC. The account with admin rights must only be used when installing software (via UAC popup, not by actually logging on to the PC via that account.

Besides that, if the user stored info on his credit cards or bank accounts on the PC, he should call the bank or whatever it is to block those accounts.
0
 

Author Comment

by:REIUSA
ID: 41737901
Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
0
 
LVL 30

Expert Comment

by:Scott C
ID: 41737910
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
0
 
LVL 63

Accepted Solution

by:
btan earned 251 total points
ID: 41738302
This FTC article tells more about tech support scams. Regardless of the tactics they use, they have one purpose: to make money.
https://www.consumer.ftc.gov/articles/0346-tech-support-scams

It has tips about what to do if you already gave someone access to your computer.
https://www.consumer.ftc.gov/articles/0011-malware

You can try Junkware Removal kit and AdwCleaner to see it any PUP. Use malwarebyte anti malware MBAM and Hitmanpro to verify any malware. Change password and disable any remote desktop services.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the market for a new backup solution for Windows Server 2016? Follow these guidelines to get the most bang for your buck.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question