Over 1 million tech questions and answers.

Can't get rid of Tech Support scam pop-up.

Q: Can't get rid of Tech Support scam pop-up.

I've tried Malwarebytes and adwcleaner without luck. This is happening in Chrome.  I'm using Win8.1.  Attached is a copy of the screen I'm getting. 
 
Thanks for any help!

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Can't get rid of Tech Support scam pop-up.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 86.8

When I installed Win8 on one computer I need a H.P. printer driver. So I went to H.P. support/download did not find the needed driver so I called their Tech. support. A friendly support guy looked at my system and told me my copy of Microsoft Win8 bought at Best Buy was not a legit copy, also my system had been infected and they needed to remove my Win8 clean my system and reinstall Win8. made me a deal of a reduced price of $250US I knew this was not right so I begged them good buy went to Best Buy where I have good friends in the Geek Squad. they got the needed driver and printer works fine.
Today my Netgear routher died, called Netgear to get my lifetime warranty. This also was a support in India guy said it would cost $39US to make sure it was the router I said thanks but no thanks. Took my old Netgear router back to Best Bye where I bought it three years ago and they gave me a new Netgear router. I needed setup help so called Netger as new user also in India guy was friendly looked at my system and helped me get it setup. Then he informed me my computer was under attack and my files were being read he could fix my system and protect my files for the small sum of just $85US. Well I was using a small backup H.P. computer on the Net. hardwired and it was almost never used. So I knew it was a India Tech. support scam again.
I think these guys in India do support for many Mfg.s and software makers, and it's an easy way to gleen a lot of fast cash from people who trust the br... Read more

A:Tech. Support Scam from India support bases.

Are you sure you were using legitimate HP/Netgear phone numbers? Where did you get the numbers from?

Are you sure it wasn't just a variation of the scams the FTC are starting to crack down on?
How Windows tech support scammers walked right into a trap set by the feds | Ars Technica

Read other 12 answers
RELEVANCY SCORE 84.8

I am posting regarding the scam you have covered in this link http://www.bleepingcomputer.com/virus-removal/remove-windows-has-been-block-tech-support-scam
 
It's the 'Remove the Windows has been Blocked Tech Support Scam'
 
However, unfortunately I did call the number, and when they wanted money I said absolutely not. Now, when I power up that PC, I get a pop-up that asks for admin password (not the Windows or BIOS popup). I tried command prompt, system restore, and reinstalling windows deleting everything but what was installed and personal files, and still the same popup requesting a password. I tried Esc, and cancel and enter, all not working. 
 
Any suggestions? Any help at all greatly appreciated

A:Tech Support Scam

 If this happened to me, I'd restore from a recent full system backup.  If you don't have one, you'll probably need to do a clean install.

Read other 2 answers
RELEVANCY SCORE 84.8

Has anyone heard of or had dealings with Procomsupport247 or Khamtechnologies. When My wife called the microsoft support number on two different occasions these are the people she got. They did help with the problem but they charge for service and want you to sign up for multi year contracts. Any help would be appreciated.

A:tech support scam?

Those are services offered by 3rd parties and are not affiliated with Microsoft. If you search for Microsoft support you'll usually get quite a few ads before seeing a real number. If you want actual Microsoft support go here:
Microsoft Support

Read other 3 answers
RELEVANCY SCORE 84.8

Running windows 7. Have ran SuperShield, Malwarebytes, Microsoft Security Essentials scans.. Nothing found.
 
Here, in bold is what a Chrome window changes to:
Address bar: pc-sz17.stream/live.....
 
support. Windows.com says:
**Windows Warning Alert**
Malicious Pornographic Spyware/Riskware Detected
 
Error #
 
Please call us at +1-833-277-1209
do not ignore this critical alert... full page of more instructions
It's goes away by typing a new website in the address box
 
 
Windows 7. Have ran SuperShield, Malwarebytes, Microsoft Security Essentials scans.. Nothing found.

A:Tech support scam

Reset Chrome...Click on "Customize and control Google Chrome":Click "Settings" then "Show advanced settings" at the bottom of the screen.Click "Reset browser settings" button.Restart Chrome.If the above didn't help....Reinstall Chrome...If you want to save your bookmarks...How to Backup Bookmarks in Google ChromeIf you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ Close all Chrome windows and tabs.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)Click Programs and Features.Double-click Google Chrome.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.Install fresh copy.

Read other 3 answers
RELEVANCY SCORE 84

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
http://answers.microsoft.com/en-us/...ca7-46e0-a856-4dba9529680c?db=5&page=2&auth=1

This is what the Popup said:

Quote:
""windows firewall service has been stopped due to virus/adware on your computer. please visitwww.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."Click to expand...

So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance p... Read more

Read other answers
RELEVANCY SCORE 84

Yesterday I got a call from an unknown number. The caller introduced himself as jack and told me he was from a company contracted by dell to provide software support sand that he had received reports from my computer that the was malware on it and my files were at risk. The call followed the same routine described by others and he asked me to use the run box to show me the problems.
He had my phone number, email and service tag but I was suspicious from the start and when he asked me to run www.remcontrol....... I told him I wanted to confirm his credentials before continuing.
He gave me a phone number which I called and the guy who answered gave me the same story but did nothing to confirm their authenticity.
After this I hung up and did not answer the two subsequent calls. It seems to me that dell has had a security breach that has put customers information in the hands of scammers.
Does anyone have any other info regarding this scam?

A:Dell tech support scam

Hi steveloz, and welcome.
You describe a textbook case of a classic phone scam, in every aspect. You were right to not give them any info or to visit their website.
The aim is to get you to surrender your computer via remote control to the scammers, for their various nefarious purposes. It is so easy these days for scammers to mine various 3rd party databases for your personal info, to lend a sense of legitimacy to their calls, but these calls out of the blue are all scams that have been going on for years.
It bears repeating:
1) No computer (or operating system) vendor can detect problems (including malware) on your computer over the internet. Not Dell, not HP, not Microsoft, not Apple etc.2) No legitimate vendor will cold-call you (phone or email) with such a message.3) Never turn over control of your computer over the internet, unless you have initiated contact with the vendor, using contact info you trust, in order to solve a problem you have identified with their hardware or software, and their tech support recommends this approach. In practice, this will rarely, if ever, be needed.

Read other 18 answers
RELEVANCY SCORE 84

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of. 
 
What happened:
 
He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service. 
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/microsoft-tech-support-scam-call/52aac9a3-dca7-46e0-a856-4dba9529680c?db=5&page=2&auth=1)
 
This is what the Popup said:

""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance." 
 
 

 
So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.) 
 
After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed. 
 
Those programs w... Read more

A:Microsoft Tech Support Scam

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 84

I gave my older computer to my aunt and uncle (they are in their 80's). I'm not certain of all the details, but this is what I know. They were having some simple issues and needed help. I wasn't available so they got help from an unknown outside party. This person locked up their computer. The operating system has been changed and no known passwords work. I replaced the first computer with another, not realizing how bad the problem was, and they have remotely done the same to it as well. The fake tech person got into their bank account and stole several hundred dollars of their very limited income and they had to change their bank account info. Can I do anything to fix the two computers and what do I need to do to stop this guy from doing this again? How do I keep him out of family and friends smartphones and tablets?
 

Read other answers
RELEVANCY SCORE 84

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled two items on my firewall which were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. Thank you for your assistance.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Owner at 9:26:41 on 2013-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2119 [GMT -6:00]
.
AV: AVG Anti-V... Read more

A:LogMeIn123 Tech Support Scam

Hello poodle_breeder, and welcome to BC!
My name is bloopie and I'll be helping you with your problems as best I can!
A few things to keep in mind while we are working together:
As you have posted several similar topics here, please be sure to keep each machine and topic instructions seperate. What instructions I give in this topic may not be the best for the others!
If you have since resolved the original problem you were having, I would appreciate it if you let me know.
If you are unsure about any of the steps just post what you can and I will guide you!
Please tell me if you have your original Windows CD/DVD available.
Please copy and paste all logs here unless otherwise instructed!
Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========
Now let's get another log from a more powerful tool:Run Combofix
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<
Combofix may need to reboot your computer more than once to do its job...this is normal.
You can download Combofix from one of these links.
Link 1Link 2
Close any open browsers or any other programs that are open.
Close/disable all anti virus and anti malware programs so they do not inter... Read more

Read other 12 answers
RELEVANCY SCORE 84

Hello everyone,
 
 
I was just wondering if anyone has been scammed and wants to share their experiences. If so, comment it below and try to spread the word.
 
 
 
Thanks,
 
 
jman005
 
 
 
 

A:Have you ever been scammed by a tech support scam?

The only scam that is current are calls from "Microsoft" telling the victim that they have been alerted to a virus infection on the computer and they will help the victim clean his machine for a fee. These are always from India. My sister-in-law got one recently but was forewarned by me and she told the guy to go soak his head.
I have seen these scam websites appear near the top when a search is made for "computer help" or "virus help", etc.
Of course there are various independent brick & mortar shops that will overcharge, etc.

Read other 21 answers
RELEVANCY SCORE 84

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.

A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?

Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appr... Read more

A:Tech Support Phone Scam

you are not going to find a way to make the recovery's on a non working computer. the best fix is a reinstall,its likely that here recovery partition is still good ,you just need to save what you can, and run the recovery, check ASUS site for info on what key to hit on bootup to activate the recovery .
It sure is a small world when we are so gullible to think that Microsoft or someone that cares , is going to call us/little old me, and tell me my computer is sick and offer to fix it ,good luck

like the calls telling me they can offer me better interest rates on my credit cards ,and I don't even have a credit card

Read other 46 answers
RELEVANCY SCORE 84

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
MICROSOFT TECH SUPPORT SCAM CALL - Microsoft Community)

This is what the Popup said:


Quote:




""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."




So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance program and a player ... Read more

A:Microsoft Tech Support Scam

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Registry cleaners(Advanced SystemCare, One SystemCare, etc.) are usually more harmful than helpful. Don't use them.

Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

See if FRST64.exe will run in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 84

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
MICROSOFT TECH SUPPORT SCAM CALL - Microsoft Community)

This is what the Popup said:


Quote:




""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."




So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance program and a player ... Read more

Read other answers
RELEVANCY SCORE 84

My daughter's ASUS laptop may be infected by the tech support scam and other viruses or malware. It has been very glitchy and slow over the past few months. Can anyone help me with this? She is running Windows 10.

Read other answers
RELEVANCY SCORE 84

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled imi_rescue.exe, Remote Assistance, and WebKit on my firewall which I assume were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. My parent's submitted similar postings for their computers. This is for my desktop PC, the third and last computer which was worked on by pctechsite. Thank you for your assistance.

DDS (Ver_20... Read more

A:logmein123 tech support scam

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 16 answers
RELEVANCY SCORE 84

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.
A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?
Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.
So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?
Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropri... Read more

A:Tech Support Phone Scam

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547265 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 8 answers
RELEVANCY SCORE 84

RE: ABC TECH SUPPORT--I was on the internet late one evening and my computer went crazy when I had typed in a number to go to a listing on Craig's list. My computer immediately froze up and a screen came up for me to click on to get Microsoft Approved Help,
so I clicked on it and answered a whole bunch of their questions about passwords, etc. This was in January, and I don't remember the exact succession of events, but suffice it to say, they eventually called me or I called them (not sure which), and by phone
they told me they could analyze my computer for $225. right then and there, which was less than if I took it to someone else locally to have it done. Since it was nearly midnight, I said yes. I was in a panic because I didn't know what would happen if I would
shut off my computer. Long story short, they then read me all sorts of information about their virus scanner, which would cost an additional $275. and would be free for the first three years, but have a minimal annual charge for the next three. I kept asking
them, "How do I know this isn't a scam?" and they kept repeating they were licensed by Microsoft--even that they were recording my conversation. Eventually, they told me not to turn off my computer, and that in the morning my computer would be fixed.
In the morning, I contacted my credit card company and asked that they not pay the charges, that I had felt it was a scam. I was informed that i COULD NOT DO THAT--that I would have to let it go ... Read more

Read other answers
RELEVANCY SCORE 84

Hello everyone, I am here today because my computer is infected with a tech support popup scam. I have 2 computers, a laptop and a desktop and both have the issue. I can add machine specificas later, but here is what I have done so far:
 
I have these softwares on my computer:
Panda antivirus
Malware Bytes
Spybot search and destroy
Adwclreaner
 
I also reset my browser. Google Chrome.
 
I scanned and followed directions with each program, but the popups keep coming.
I had started a post, but the popup stopped it. This one will be copied and pasted.
 
I appreciate in advance any help that may be given. Thank you.
 
David

A:Tech Support Popup scam

Welcome aboard  Since both machines are affected... Let's try to reset your router.Turn the computer off.On your router, you'll find a pinhole marked "Reset".Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.NOTE. Simple router disconnecting from a power source will NOT do.Restart computer.NOTE. You may need to re-check your router security settings, as described HERE

Read other 7 answers
RELEVANCY SCORE 84

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.
A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?
Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.
So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?
Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropri... Read more

A:Tech Support Phone Scam

You'll probably need to look for your self because getting around passwords is frowned around here, I think I can guide you to a safer place to look, rather than searching questionable places on the net and ending up worse off than you are, but the rest is up to you
http://www.ultimatebootcd.com/

Read other 5 answers
RELEVANCY SCORE 84

Hello, yesterday while I was browsing websites I encountered one of the tech support scan pop ups that told me I had a virus and a lady was speaking telling me it was blocked. I knew better of course and ended google chrome in the task tree. However, I forgot I had some tabs I still needed and had restore the tabs but the pop up site kept coming up before i could close out real quick. This happened 2-4 times. I was reading some articles and they said even though I didn't click ok, phone them, give them any sort of access to my computer I could have gotten a drive by download or fileless infection like these articles state
 
https://blog.malwarebytes.org/exploits-2/2014/11/tech-support-website-infects-your-computer-before-you-even-dial-in/
 
The site I encountered was very similar to this posts
 
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/your-microsoft-computer-has-been-blocked-with-the/441bf00b-bf93-4d00-b8a1-64aac2f5914c
 
https://blog.malwarebytes.org/exploits-2/2014/09/fileless-infections-from-exploit-kit-an-overview/
 
https://blog.malwarebytes.org/fraud-scam/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/
 
 
I noticed it said something about rundll.exe, registry files, and personal info could be messed with. Even though I knew enough to close out and not call them and have not had any pop ups since the incident or any other odd things happen to my computer since then I'd like to be sure there i... Read more

A:Tech support scam popup

Hello coolcat22 and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  ... Read more

Read other 13 answers
RELEVANCY SCORE 84

Yesterday I was called by a Windows Tech Support Scam. I am not very tech-savvy and I was gullible and allowed them to remotely access my computer. When they asked for money that is when I wised up, but that was too late. I already gave them access to my computer.

I changed my bank account passwords. I loaded my files onto an external hard drive. I plan to return my computer to its original state, but I first wanted to find out what is to stop the scammers from just accessing my computer again?

Any help

A:Windows Tech Support Scam

Hi:

Yes, it is a busy season for such scammers.
I got such a call on my mobile phone a week ago, spoofing a "legit" number in PA on caller ID.
I strung the caller along for a while.
He hung up when I volunteered to give him my credit card info so that he could "remote in" to fix my "viruses".

Anyway:
I hope you changed all your confidential info from a different, known-clean computer?

Also:
Here are a few resources:

I Just Fell For a PC Support Scam, Now What?
Tech support scams costing computer users
FTC cracks down on tech support scams
Beware of US-based Tech Support Scams

You might want to head over to one of several, busy, reputable computer disinfection fora for a guided, expert look at the system.
The trained malware helpers will know which tools to use, in which order, to check the system for hidden malware.

Thanks,

MM

Read other 2 answers
RELEVANCY SCORE 84

Microsoft Warns Of Tech Support Phone Scam
I know this has been circulating for a while but my mother received a phone call while i was there .
I took the phone away from her and talked with the man to find out what was going on .

He would not take no for an answer
even when i told him that there was no computer at this address he insisted on retelling me he was from microsoft tech support and that the ip had been flashing red at their end and that it was a virus problem .
Even after i had repeated that there was no computer to get infected he said when i read my emails all lights were flashing at their end

Now if this post stops one pc user from falling for this scam then i will be happy
 

A:Tech support phone scam

Read other 6 answers
RELEVANCY SCORE 84

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled imi_rescue.exe, Remote Assistance, and WebKit on my firewall which I assume were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. My wife posted a similar post earlier for her laptop. The following log is for my desktop PC. Thank you for your assistance.DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2... Read more

A:Tech Support Scam - logmein123

Hello girsler, and welcome to BC!My name is bloopie and I'll be helping you with your problems as best I can! A few things to keep in mind while we are working together:As you have posted several similar topics here, please be sure to keep each machine and topic instructions seperate. What instructions I give in this topic may not be the best for the others!If you have since resolved the original problem you were having, I would appreciate it if you let me know.If you are unsure about any of the steps just post what you can and I will guide you!Please tell me if you have your original Windows CD/DVD available.Please copy and paste all logs here unless otherwise instructed!Upon completing the steps below I will review your topic an do my best to resolve your issues.==========Now let's get another log from a more powerful tool:Run CombofixYou may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job...this is normal.You can download Combofix from one of these links.Link 1Link 2Close any open browsers or any other programs that are open.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ... Read more

Read other 11 answers
RELEVANCY SCORE 83.2

Hi, so I've been having issues. I use a Chrome Browser complete with AdBlocker. I used to get redirected to tech scam pop ups when I downloaded some stuff for games via ad.fly. (I hate people who use this now.) I found a website with a workaround that has enabled me to safely download stuff again by giving me the direct link that bypasses the adfly continue button that leads to redirect, etc. Oddly enough, I just recently downloaded a file from mediafire and now I get redirected once more to a tech scam support ad with no choice to close the tab. (Normally, the other tab will open and the download will go through; now it just makes a stupid ad pop up.) I close it with ctrl+alt+delete with task manager, continued browsing the internet, etc. I ran malwarebytes and adwcleaner; both picked up nothing. I'm just worried if it's just my computer that keeps getting hit with these ads or if they're just everywhere now. I mean how they got past my adblocker even with javascript disabled, along with flash is just unsettling. :/Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

A:Every Download Redirects to Tech Scam Support Ad?

Is that Adblocker Plus? Or is it AdBlock...?
 
ou can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.
Open Chrome.
In the top right, click the icon you see: Menu  or More
Click Settings.
At the bottom, click Show advanced settings.
Under the section "Reset settings,” click Reset settings.
In the box that appears, click Reset. ​
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your n... Read more

Read other answers
RELEVANCY SCORE 83.2

how do i get id of the select region tech support scam on my windows 7 pc?
 

Read other answers
RELEVANCY SCORE 83.2

This opened a new window in FF with a popup claiming Zeus virus, and # to call for help. The url was
"http://pc-0ndra3.stream/..." with some possibly encrypted data tacked on the end. My scans found nothing.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Ann (administrator) on DESKTOP-6GVNA4U (30-12-2017 13:22:29)
Running from C:\Users\Ann\Desktop
Loaded Profiles: Ann (Available Profiles: Ann & Administrator)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\WinService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corpor... Read more

A:2nd network PC with tech support phishing scam

Greetings,Your computer is clean.

Read other 4 answers
RELEVANCY SCORE 83.2

The title pretty much says it all. What I have been seeing for some time now is a lot of my clients that click on ads in the right hand advertising panel of the facebook page have ended up with malware on their systems and big warnings on the screen to call a toll free number to fix their system and when they do are told it is Microsoft tech support which it is not and they want access to your system. If you give it to them you are then really in a jackpot of a problem. So just a warning, I tell my clients that it is a good rule of thumb NOT to click on anything in the right pane of their page as you have no clue which ones will cause this issue. Of late mostly the ones about stars dying or having other problems seem to be the most likely ones but I have seen it in others as well. One would think that facebook would do something about these type of things but sadly they are about the almighty dollar and don't seem to care. So every one please watch what you click on facebook. Especially if it seems to good to be true because if so it usually is.

A:The Facebook Microsoft Tech Support Scam.

Unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. The scams may involve web pages with screenshots of fake anti-virus software displaying warnings of bogus malware infections, fake ransomware and fake BSOD which include a tech support phone number to call in order to fix the problem. More nefarious scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.If you have not done so already, you may want to read Beware of Phony Emails & Tech Support Scams.

Read other 1 answers
RELEVANCY SCORE 83.2

The title pretty much says it all. What I have been seeing for some time now is a lot of my clients that click on ads in the right hand advertising panel of the facebook page have ended up with malware on their systems and big warnings on the screen to call a toll free number to fix their system and when they do are told it is Microsoft tech support which it is not and they want access to your system. If you give it to them you are then really in a jackpot of a problem. So just a warning, I tell my clients that it is a good rule of thumb NOT to click on anything in the right pane of their page as you have no clue which ones will cause this issue. Of late mostly the ones about stars dying or having other problems seem to be the most likely ones but I have seen it in others as well. One would think that facebook would do something about these type of things but sadly they are about the almighty dollar and don't seem to care. So every one please watch what you click on facebook. Especially if it seems to good to be true because if so it usually is.

A:The Facebook Microsoft Tech Support Scam.

Unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. The scams may involve web pages with screenshots of fake anti-virus software displaying warnings of bogus malware infections, fake ransomware and fake BSOD which include a tech support phone number to call in order to fix the problem. More nefarious scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.If you have not done so already, you may want to read Beware of Phony Emails & Tech Support Scams.

Read other 1 answers
RELEVANCY SCORE 82.4

I am going to get back some of my money. First I would like to know what website do you go to to see if you've been hacked. I told them to remove all my records but I not sure of that. I went to my startup menu and it is empty. What should I do. I did a restore for Aug24. Still no start up menu. Please help. It is a Dell Business Computer Optiplex 755......Os Vista Professional
 

A:This is really weird....I used click4support tech support and found out they were a scam

I would suggest you have the PC checked out on our virus forum
If you allowed them onto the PC, and do any banking
The first thing to do is inform the bank/building society or any other financial institution you use, , if you have given any card details for payment , they may/will present that for multiple/regular withdrawals - so make sure that's stopped.
change email passwords and any other website where identity theft maybe an issue

have they disconnected from the PC - I would remove from the network

I will move to the virus /malware forum - have a read here
https://forums.techguy.org/threads/...before-posting-for-help-in-this-forum.943214/

Its also possible , all they have done is charged you a fee and made no changes to the PC
BUT i would not take that risk, theres enough examples where these scammers have used the cards for multiple withdrawals now. And dropped virus onto the PC often the ransom virus that locks the PC and asks you to call them again to unlock the PC
 

Read other 1 answers
RELEVANCY SCORE 81.2

By browsing without my ad blocker on some less-reputable website, I got this popup that simulates a blue screen and asks me to call some number to get assistance fixing a security issue: (recent capture from a VM, the text changed a bit recently):
 

 
My first reaction was "LOL, nice try, I'll just close this". But then I remembered I could have some fun by creating a VM and letting them "fix it".
So I set up a VM and call the number. I start explaining how I was browsing the web when I got this message. They say "not a problem", and ask me to press Windows+R and go to www.teamviewer.com and start a remote session.
 
When they're already in my VM, they connect me to the Microsoft server using ping www.microsoft.com (LOL ) :
 

 
After that, they run some directory scan:
 

 
OMFG "network has been hacked", "virus detected", what will happen to my PC now?
Don't worry, Windows Alerts got yo' back:
 

 
For a very reasonable price, just US$ 199,99, I can have lots of stuff like "security software new" and a 1 year "warrenty" :D
 
If instead of visiting that link, you visit matchmakerwin.biz, you'll see they're Microsoft Certified Professionals, totally legit, and you even get another toll free number to call in case the other one doesn't work. How nice!

 
I mean, they got a sticker, it's gotta be legit, right? :D
 
Jokes aside. I've sent the link to several security vendors, but on VirusTotal, only Bitdefender is d... Read more

A:Windows Firewall Alerts: Indian Tech Support Scam

We have seen this before.This is a scam which involves cyber-criminals creating a message or pop-up on a web page which looks like a BSOD, and not an actual system BSOD. It has also been reported as the result of an ad-supported browser extension (PUP) typically bundled with other free software you download and install.Tech Support Scams Help & Resource PageThese are some other examples of scam BSOD messages....

Read other 1 answers
RELEVANCY SCORE 81.2

Last week I downloaded phony software and had pop-ups galore, along with one that couldn't be closed and had no icon in the task bar that told me I needed to "Call Microsoft Support Immediately". I uninstalled all programs installed that day, but whenever I opened the internet it would redirect me to some weird search site and any other website I typed in would be redirected to this bull **** "live tech support" page, then the internet would close after a few seconds.

I ended up calling the number on that pop up that wouldn't go away because I was clueless and freaking out. I don't remember the number but they had me give them remote access and "evaluated" my computer, telling me this and that about how other IP addresses were in my network and I had a Koobface worm, blah blah blah. I believed them because I am very gullible. He told me I will need a "level 3 tech" and gave me "two options" of places that can fix this issue. One was more expensive (I know it was phony now) and I would have to take my computer states away to get it fixed, so I picked what seemed to be the more reasonable option.

They "transferred my case" to Right Help Desk at 1-855-936-7543 and said it would cost $169.99. At this point I still believed them. When I got to Right Help Desk they told me it would be another hundred something for the 1 year coverage and I told them that I didn't have anything more on my credit card s... Read more

A:Beeping Noise, Tech Support Scam, 100% Disk Usage

See "Everyone Must read This ... " above.
https://forums.techguy.org/threads/...before-posting-for-help-in-this-forum.943214/
Download the Sysinfo program per the instructions, run it, and post the results in a reply.
Then someone will be able to help you.
 

Read other 1 answers
RELEVANCY SCORE 74

I received a call today from "Samuel Matthews" that claimed to be from Dell Tech Support. As soon as he told me he was from dell and that I was being hacked, I knew it was a scam and I started to record the call! He claimed that they were receiving a "signal" from my Dell computer that showed that it was being hacked! He then asked me if I had a computer with the service tag (He provided me my correct service tag) that I am not going to disclose. I told him that I was an IT Professional and that I knew that NO ONE had gotten into my computer.
I know that some how and some way they must have hacked into Dell's System and retrieved my information! I had filled out the form attached to one of the messages in this forum that Dell ask us to fill out. It is the the right of Dell's customers to know the truth about these scammers getting my information and what they plan on doing to protect us and to assure us that it will not happen again! I am also contacting my *** about this situation! Right now I am extremely upset about this situation!

A:Received call from "Dell Tech Support" which I knew was a scam!

Hi Patrickg355,
Thank you for bringing this to our attention. Protection of your data is a top priority for Dell. Unfortunately, technology phone scams have become prevalent across our industry. We would love for you to take a moment to help us stop cybercriminals by reporting the details about your interaction. Please complete this form. This will allow us to investigate further. Also, please read this Wiki which has more helpful data. Note, Dell would not call you unsolicited. The only time we would contact you would be through the DellConnect software or the Dell Support Center software. But only after you agreed to this within the software.
Thank you,
Amy

Read other 2 answers
RELEVANCY SCORE 74

Computer is running Win10 and the latest version of Firefox. Sometimes, when clicking on links, it will try to redirect to another site. And sometimes a pop-up appears saying that the computer is infected and to call the 1-800# so u can give them you credit card info

What's really interesting about this scam is that if u try run it thru a search engine to find out how to get rid of it, virtually all the results appear to be sites that are operated by the scammers themselves!

Anyway, based on other posts, I ran Farbar. The Addition and FRST text files are attached.
 

Read other answers
RELEVANCY SCORE 61.6

dad allowed takeover of computer remotely....advised to run combofix to help....got log...now what do we do???!!
 combofixlog.txt   9.94KB
  6 downloads*Moderator Edit: Moved topic from XP to the more appropriate forum. Combofix logs are allowed in MRL only. Also, Microsoft has no way of knowing your computer has issues or if it is infected. ~ Queen-Evie*

A:microsoft tech scam

Moved to Virus, Trojan, Spyware, and Malware Removal Logs as there is a ComboFix log posted.I deleted the prior response.

Read other 1 answers
RELEVANCY SCORE 60.4

I keep receiving calls from fake MICROSOFT Tech support with various telephone numbers. Strange, they do not show up in my phone on line logs. They wanted me to go to FASTSUPPORT\763721586 ( do not use  these numbers). It is a company  called FASTSUPPORT.com. they also give you a complaint department where you can enter the number that you feel is causing you problems, the number of the LOGMEINRESCUE type remote access code. of course it is clear to them that you are suspicious and they will get rid of the  phone operator who didn't succeed. So do not bother to leave any complaint.

A:FAKE MICROSOFT TECH SUPPORT IS COMPANY CALLED FAST SUPPORT

Appears you are dealing with a well known scam.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.Avoid scams that use the Microsoft name fraudulentlyIs that call from Microsoft a scam?Tell Your Relatives: No, Microsoft Won’t Call You About Your ComputerMicrosoft calling? Mind the tech support scammer!Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.These are a few examples.Call Windows Help Desk Immediately Tech Support Scam Fake Your com... Read more

Read other 12 answers
RELEVANCY SCORE 60.4

My mom got a call from a supposed "Microsoft tech" who said her computer was sending out messages that there was a security problem.... you know... the "you need to buy my support" scam. They proceeded to do the usual having her look at log files & other system messages to scare her. But the worst was that they convinced her to give them remote access using "showmypc".  By the time I came home it had been running on her laptop for 4 hours. Thankfully, she told them to call back when I was home for payment for their service. Ya... that's not what they got when they called back! I'm concerned about what they might have been able to do with all that time & ability to access her laptop. I'm also concerned about access to our entire network. What would you suggest... not just for her laptop, but for any other devices on the network? ThanksMod Edit by quietman7: Referred to AII from this topic.

A:Elderly mother fell for "MS tech" scam

Let's scan your mom's computer and see if anything malicious is there.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your d... Read more

Read other 29 answers
RELEVANCY SCORE 60.4

To protect yourself from Ransomware and Phone Tech Scams, use CryptoPrevent v7.0 Released! https://www.foolishit.com/cryptoprevent-v7-0-released/
Phone Tech Scams are using the SYSKEY.EXE to password the OS boot up.
How to use the SysKey utility to secure the Windows Security Accounts Manager database. http://support.microsoft.com/kb/310105
How to Set a Startup Password to Lock or Unlock Windows. http://www.sevenforums.com/tutorials/243880-syskey-set-startup-password-lock-unlock-windows.html
CryptoPrevent v4.4.1. https://www.foolishit.com/cryptoprevent-v4-4-1-released/ New option to block the execution of SYSKEY.EXE as recently being exploited by malware.
SYSKEY.EXE - Prevent from running? http://www.foolishtech.com/viewtopic.php?f=34&t=1485
Apart from SYSKEY.EXE are there any other standard or common OS level executables which should be prevented from running in this way to prevent malicious abuse? CIPHER.EXE is ripe with possibilities for abuse in a similar sort of way.
Disabling Syskey startup password. http://blogs.msmvps.com/sp/2008/01/27/disabling-syskey-startup-password/http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-even-if-you-dont-have-the-password.html

A:Ransomware and Phone Tech Scam Protection

CryptoPrevent v7.1 was released Aug 23rd 2014.

Read other 1 answers
RELEVANCY SCORE 59.2

Changed his email and banking access passwords. Been running scans but nothing severe detected. Does anyone have an opinion on the following security check results?
 
 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 17 
 Java version 32-bit out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome (54.0.2840.71)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%````````````````````End of Log``````````````````````
 

A:Granpa called tech scam number, they accessed his laptop

Uninstall Java and Adobe Reader. Most don't need Java and if you need a pdf reader...use this one:  Free PDF Reader - Sumatra PDF
 
I don't see an antivirus or antispyware program installed.
 
If a credit card was used to pay these criminals..you should dispute the charges. Keep in mind that depending on how the CC was used the
criminals may have the number. If that is the case you should cancel the card.
 
Tell me what programs you scanned with.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Post the three lists mentioned below using CCleaner.
Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.
At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next
post. Please do that.
 
Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you
will see a button when clicked will al... Read more

Read other 12 answers
RELEVANCY SCORE 59.2

Changed his email and banking access passwords. Been running scans but nothing severe detected. Does anyone have an opinion on the following security check results?
 
 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 17 
 Java version 32-bit out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome (54.0.2840.71)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%````````````````````End of Log``````````````````````
 

A:Granpa called tech scam number, they accessed his laptop

Uninstall Java and Adobe Reader. Most don't need Java and if you need a pdf reader...use this one:  Free PDF Reader - Sumatra PDF
 
I don't see an antivirus or antispyware program installed.
 
If a credit card was used to pay these criminals..you should dispute the charges. Keep in mind that depending on how the CC was used the
criminals may have the number. If that is the case you should cancel the card.
 
Tell me what programs you scanned with.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Post the three lists mentioned below using CCleaner.
Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.
At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next
post. Please do that.
 
Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you
will see a button when clicked will al... Read more

Read other 0 answers
RELEVANCY SCORE 58.4

I have a Thinkpad T450s and it is just over a year old. It still has 3 more years of warranty. Recently the lenovo solution center gave an critical error for the HDD (Read test failure) and I submitted an online request reporting it. Without even sending me an email or contacting me, they sent me a new part and gave me zero information about it. Apparently every other person can replace a HDD now! I have created 3 more cases calling their tech support to send the laptop for a depo repair. Everytime the request is rejected 'at the vendor' according to the customer care. Neither the customer care people or tech support can tell me why. Every time they create a new case, tell me I will receive a depo bag nect day, and I dont receive anything, have to call depo customer care and on hold for minimum 40 minutes, only to hear that the case has been rejected they dont know why.One tech support told me now I have to send the new part back before creating a new case, otherwise it will be rejected again. but he does not know how I can send the new part back. The return label sent to me was for the faulty HDD.Can anyone help? What is the point of paying for warranty if I receive this type of service? 

A:HORRIBLE tech support and warranty support

You do not state which type of warranty you currently have, there are a few which will affect how TS will or can respond. I hope you get this resolved to your satisfaction...





T61, 6465, Vista

Read other 1 answers
RELEVANCY SCORE 56.4

hello to everyone!!

im working as a tech support agent for one of the biggest ISP in the US.. its a good paying job and also very challenging.. i use to troubleshoot internet connection issues for residential accounts (1 pc only) and for all other issues that i get, i browse for similar issues on the forums of this site.. well, most of them came pretty handy (esp for the security forums).. now, i got transferred to the networking department and im in a total loss!! i can do simple troubleshooting and install assists for new networking users but i really need help in issues like:
1. remote access/ port forwarding
2. invalid IP addresses on the wireless devices
3. file and printer sharing
i was browsing through all the topics but i cant find any.. if there is someone out there who can help me with this issue and give me some pointers on how i am going to do this in an easier way.. i would really appreciate any assistance..

thanks in advance!!
foxxy
 

A:tech support in need of extra support

Read other 6 answers
RELEVANCY SCORE 55.6

I received a call the other morning from a friend who told me he was called by Windows Technical Care and he was told his computer was badly infected with viruses. He allowed the guy that called to take control of his system and he took worked on the computer for about four hours, my friend was not at the computer for the entire time the guy on the phone had control.

The system is running Windows Vista w/ service pack 2.

I had him running Avast antivirus which the guy uninstalled & installed AVG. He also installed & ran CCleaner, and one other free cleanup software (i forgot to write the name down before I left for work).

I unplugged the system from his router & ran Malwarebytes w/ the latest updates last night, which came up with 14 malware files which I had it fix. I also uninstalled AVG and reinstalled Avast and ran a boot time scan which took care of 3 viruses.

At this point I am leaning toward saving his important data and doing a fresh install of everything since I have no idea what the guy on the phone did in the time he had control of the system such as keyloggers & the like.

I also ran a HiJackThis scan this morning, here is the log:

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:22:28 AM, on 3/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windo... Read more

A:Support Scam Help

Here is the DDS log I ran today.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 14:41:18 on 2012-03-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.997 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGr... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

Hi everyone. This issue is for our small business, and I did read the preparation guide, but we have exhausted all other options and cannot figure it out. I do still need to run the FRST Tool, I just need advice on what to do. We run DNN which is .NET based. The web.config file has been checked and nothing has been found. This is becoming a larger issue the longer it runs.
 

Read other answers
RELEVANCY SCORE 54.8

I have a user, who while not senile has problems with her memory.  The biggest problem is she keeps falling for the fake MS support scam, because she can't remember having fallen for it six months earlier.  I can take care of it easily enough by running the system recovery off an install disk and rolling the computer back to a date before they PW locked the computer.  What I'm hoping is that someone can help me out with is a way to prevent them from getting in in the first place.  All my scans came up clean and Supremo was removed the last time, and a week later they had locked her computer again.  So I guess I missed something, or she fell for it again and forgot.  Is there some service or something I can turn off in order to lock them out for good?
 
Thanks,
 
B.

A:MS Fake Support Scam

Tech Support Scamming using browser pop-up alerts with phony telephone numbers from "so-called Support Techs" advising your computer is infected with malware has become an increasing common and prolific scam tactic over the past several years. You may want to read “Your PC Is Infected” Round-up… by Chris Boyd at the Malwarebytes Security Blog.Closing the web browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task.This is typically the reason security scanners do not find any malware on the computer after encountering these types of scams.If the scam involves unsolicited phone calls from someone claiming to be an employee affiliated with Microsoft or Windows Support advising your computer is infected with malware, not answering any questions and hanging up the telephone is the best way to deal with phone scammers...then report them to the appropriate authorities. Keep in mind, that there have been reports of scammers claiming to be affiliated with major computer manufacturers such as Hewlett Packard, Lenovo and Dell or familiar security vendors like Symantec, Panda and McAfee. Deal with them the same way....hang up the telephone.You can teach the user the above but if they have a memory problem, that may not help either.

Read other 1 answers