Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 128
  • Last Modified:

What to do: microsoft scam where someone connects to PC remotely

Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
0
REIUSA
Asked:
REIUSA
4 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
You cannot stop them from calling and you cannot block the number because it changes. So calls will come in. Two forms of defense - both work.

1. Microsoft does NOT call you. Hang up if they say they are Microsoft.
2. Pick up the phone, say Hello like normal, wait NO MORE than 1/2 second. No voice in that time: Hang up.

Both of these work.
1
 
dhsindyRetiredCommented:
Verify that remote access is turned off.
1
 
McKnifeCommented:
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
rindiCommented:
If they get access via tools like teamviewer, they can do much anything, like install key-loggers, viruses, worms etc, particularly if the user uses an Account with admin rights.

So basically a fresh installation of the OS is the best course of action, change all passwords of email accounts, PC accounts etc,, make sure you create an account that is not a member of the admins group, and teach the user only to use that account when doing anything on the PC. The account with admin rights must only be used when installing software (via UAC popup, not by actually logging on to the PC via that account.

Besides that, if the user stored info on his credit cards or bank accounts on the PC, he should call the bank or whatever it is to block those accounts.
0
 
REIUSAAuthor Commented:
Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
0
 
Scott CSenior Systems EnginerCommented:
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
0
 
btanExec ConsultantCommented:
This FTC article tells more about tech support scams. Regardless of the tactics they use, they have one purpose: to make money.
https://www.consumer.ftc.gov/articles/0346-tech-support-scams

It has tips about what to do if you already gave someone access to your computer.
https://www.consumer.ftc.gov/articles/0011-malware

You can try Junkware Removal kit and AdwCleaner to see it any PUP. Use malwarebyte anti malware MBAM and Hitmanpro to verify any malware. Change password and disable any remote desktop services.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now