Solved

What to do: microsoft scam where someone connects to PC remotely

Posted on 2016-08-01
7
82 Views
Last Modified: 2016-08-03
Have a friend that fell for the scam where it has a number saying you have a virus and call 1-800-scams-u-now. The low life was able to get connected to their PC and showed my friend some random errors and passwords on a screen that popped up. Lucky for them when they asked for their credit card to pay a $250 clean up fee they did not do it and hung up. I had them power off the PC and unplug the network card to be safe until I can look at it.

From what I have read before the main scam is they try to get your credit card info. Is there anything else that they commonly infect your PC with when doing this scam?

Other than running security essentials, malware bytes, spy-bot S&D is there anything else I should run or check for?

This was on a windows 7 PC recently converted to windows 10.
0
Comment
Question by:REIUSA
7 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 83 total points
ID: 41737823
You cannot stop them from calling and you cannot block the number because it changes. So calls will come in. Two forms of defense - both work.

1. Microsoft does NOT call you. Hang up if they say they are Microsoft.
2. Pick up the phone, say Hello like normal, wait NO MORE than 1/2 second. No voice in that time: Hang up.

Both of these work.
1
 
LVL 16

Assisted Solution

by:dhsindy
dhsindy earned 83 total points
ID: 41737825
Verify that remote access is turned off.
1
 
LVL 53

Expert Comment

by:McKnife
ID: 41737828
If they "messed" with that machine, you would need to do forensic analysis, just as with an infection with an unknown malware. You don't know what they might have implanted.

If you are not capable of such an analysis (and surely, a forum cannot do that for you), the safest way out is to replay an OS image backup. If that has not been created, he may want to refresh his PC to be sure it is clean again. Surely, he will not like this option, but what else is left? He may want to live with the insecurity, but I would not recommend it.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 87

Assisted Solution

by:rindi
rindi earned 83 total points
ID: 41737829
If they get access via tools like teamviewer, they can do much anything, like install key-loggers, viruses, worms etc, particularly if the user uses an Account with admin rights.

So basically a fresh installation of the OS is the best course of action, change all passwords of email accounts, PC accounts etc,, make sure you create an account that is not a member of the admins group, and teach the user only to use that account when doing anything on the PC. The account with admin rights must only be used when installing software (via UAC popup, not by actually logging on to the PC via that account.

Besides that, if the user stored info on his credit cards or bank accounts on the PC, he should call the bank or whatever it is to block those accounts.
0
 

Author Comment

by:REIUSA
ID: 41737901
Maybe a full reinstall is the best option to be safe.

This was a web site that popped up with a number on it telling them to call. I don't know for sure what was done, the friend said they had them go to start run and type something in that starts with a H, they think.

What bothers me is they said the low life showed them a page that had some passwords on it that they recognized, they don't think it had any bank or credit info but I asked them to change all their passwords for banking and credit and PC account.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41737910
Make sure they can access their data files.  What you are looing to see is that no files were encrypted and are being held for ransom.
0
 
LVL 61

Accepted Solution

by:
btan earned 251 total points
ID: 41738302
This FTC article tells more about tech support scams. Regardless of the tactics they use, they have one purpose: to make money.
https://www.consumer.ftc.gov/articles/0346-tech-support-scams

It has tips about what to do if you already gave someone access to your computer.
https://www.consumer.ftc.gov/articles/0011-malware

You can try Junkware Removal kit and AdwCleaner to see it any PUP. Use malwarebyte anti malware MBAM and Hitmanpro to verify any malware. Change password and disable any remote desktop services.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

With Windows evolving further, the built-in protective mechanisms get better and better. Still, Microsoft is not very good at introducing those to the technical community. This article is about a new bitlocker functionality that could revolutionize …
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now