Solved

What to do: microsoft scam where someone connects to PC remotely

Posted on 2016-08-01
7
100 Views
Last Modified: 2016-08-03
Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
0
Comment
Question by:REIUSA
7 Comments
 
LVL 93

Assisted Solution

by:John Hurst
John Hurst earned 83 total points
ID: 41737823
You cannot stop them from calling and you cannot block the number because it changes. So calls will come in. Two forms of defense - both work.

1. Microsoft does NOT call you. Hang up if they say they are Microsoft.
2. Pick up the phone, say Hello like normal, wait NO MORE than 1/2 second. No voice in that time: Hang up.

Both of these work.
1
 
LVL 16

Assisted Solution

by:dhsindy
dhsindy earned 83 total points
ID: 41737825
Verify that remote access is turned off.
1
 
LVL 54

Expert Comment

by:McKnife
ID: 41737828
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 88

Assisted Solution

by:rindi
rindi earned 83 total points
ID: 41737829
If they get access via tools like teamviewer, they can do much anything, like install key-loggers, viruses, worms etc, particularly if the user uses an Account with admin rights.

So basically a fresh installation of the OS is the best course of action, change all passwords of email accounts, PC accounts etc,, make sure you create an account that is not a member of the admins group, and teach the user only to use that account when doing anything on the PC. The account with admin rights must only be used when installing software (via UAC popup, not by actually logging on to the PC via that account.

Besides that, if the user stored info on his credit cards or bank accounts on the PC, he should call the bank or whatever it is to block those accounts.
0
 

Author Comment

by:REIUSA
ID: 41737901
Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41737910
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
0
 
LVL 62

Accepted Solution

by:
btan earned 251 total points
ID: 41738302
This FTC article tells more about tech support scams. Regardless of the tactics they use, they have one purpose: to make money.
https://www.consumer.ftc.gov/articles/0346-tech-support-scams

It has tips about what to do if you already gave someone access to your computer.
https://www.consumer.ftc.gov/articles/0011-malware

You can try Junkware Removal kit and AdwCleaner to see it any PUP. Use malwarebyte anti malware MBAM and Hitmanpro to verify any malware. Change password and disable any remote desktop services.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question