Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What to do: microsoft scam where someone connects to PC remotely

Posted on 2016-08-01
7
Medium Priority
?
124 Views
Last Modified: 2016-08-03
Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
0
Comment
Question by:REIUSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 97

Assisted Solution

by:John Hurst
John Hurst earned 332 total points
ID: 41737823
You cannot stop them from calling and you cannot block the number because it changes. So calls will come in. Two forms of defense - both work.

1. Microsoft does NOT call you. Hang up if they say they are Microsoft.
2. Pick up the phone, say Hello like normal, wait NO MORE than 1/2 second. No voice in that time: Hang up.

Both of these work.
1
 
LVL 16

Assisted Solution

by:dhsindy
dhsindy earned 332 total points
ID: 41737825
Verify that remote access is turned off.
1
 
LVL 56

Expert Comment

by:McKnife
ID: 41737828
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 88

Assisted Solution

by:rindi
rindi earned 332 total points
ID: 41737829
If they get access via tools like teamviewer, they can do much anything, like install key-loggers, viruses, worms etc, particularly if the user uses an Account with admin rights.

So basically a fresh installation of the OS is the best course of action, change all passwords of email accounts, PC accounts etc,, make sure you create an account that is not a member of the admins group, and teach the user only to use that account when doing anything on the PC. The account with admin rights must only be used when installing software (via UAC popup, not by actually logging on to the PC via that account.

Besides that, if the user stored info on his credit cards or bank accounts on the PC, he should call the bank or whatever it is to block those accounts.
0
 

Author Comment

by:REIUSA
ID: 41737901
Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
0
 
LVL 31

Expert Comment

by:Scott C
ID: 41737910
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
0
 
LVL 64

Accepted Solution

by:
btan earned 1004 total points
ID: 41738302
This FTC article tells more about tech support scams. Regardless of the tactics they use, they have one purpose: to make money.
https://www.consumer.ftc.gov/articles/0346-tech-support-scams

It has tips about what to do if you already gave someone access to your computer.
https://www.consumer.ftc.gov/articles/0011-malware

You can try Junkware Removal kit and AdwCleaner to see it any PUP. Use malwarebyte anti malware MBAM and Hitmanpro to verify any malware. Change password and disable any remote desktop services.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question