Link to home
Start Free TrialLog in
Avatar of REIUSA
REIUSAFlag for United States of America

asked on

What to do: microsoft scam where someone connects to PC remotely

Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of McKnife
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of REIUSA

ASKER

Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial