Over 1 million tech questions and answers.

Elderly mother fell for "MS tech" scam

Q: Elderly mother fell for "MS tech" scam

My mom got a call from a supposed "Microsoft tech" who said her computer was sending out messages that there was a security problem.... you know... the "you need to buy my support" scam. They proceeded to do the usual having her look at log files & other system messages to scare her. But the worst was that they convinced her to give them remote access using "showmypc".  By the time I came home it had been running on her laptop for 4 hours. Thankfully, she told them to call back when I was home for payment for their service. Ya... that's not what they got when they called back! I'm concerned about what they might have been able to do with all that time & ability to access her laptop. I'm also concerned about access to our entire network. What would you suggest... not just for her laptop, but for any other devices on the network? ThanksMod Edit by quietman7: Referred to AII from this topic.

RELEVANCY SCORE 200
Preferred Solution: Elderly mother fell for "MS tech" scam

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Elderly mother fell for "MS tech" scam

Let's scan your mom's computer and see if anything malicious is there.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click "Next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt""system-log.txt"NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit. Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.Do NOT use spoilers.Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

Read other 29 answers
RELEVANCY SCORE 105.2

So, I got home tonight and my mom told me that 4 hours ago she was called about messages that her computer was sending that indicated trouble.... Well, you know how the rest goes. The only reason she mentioned it to me was that they were calling her back since she couldn't pay them the money until I got home. I just yelled something at them and hung up.
 
I checked her computer and "showmypc" was running. My kneejerk reaction was to exit it & shut off her wi-fi access.  Then in (possibly) a compete panic I turned off our router & modem just because I didn't want any network access.
 
Now that I've had a chance to calm down... I've connected us to the outside world again. But I'm wondering if there is a way to:
 
1) Find out what they were accessing in the 4 hours they were connected to my mom's laptop.
2) The likelihood that they could've accessed anything else on the network through that program.
3) Any measures that I should take in the aftermath.
 
I've been studying for my Security+ certification but it's just skimming so much of the surface that I feel like it's done more to alarm me than to make me feel competent at securing my network.
 
Any ideas from you awesome folk would sure help.
 
Thanks.

A:Elderly mother was falling for Indian (MS) phone scam

It is likely your mom can do everything she does on the computer by using a Linux OS. If the two of you share a computer
then her using Linux would isolate her computing from you. The only users I suggest to stick with Windows are those who use
Microsoft office or play games that only work on a Windows platform. To date, Linux malware is a rarity. No need to hassle with
security programs.
If that interests you, and you want to know more of how simple it is to dual boot a Linux distro or use in other ways.
 
There have been several reports here at BC recently of this type of scam.

Read other 5 answers
RELEVANCY SCORE 98.4

Today my mother fell for a phone scam - the scammers called out of the blue, pretended to be from an ISP, used the Event Viewer to convince her there was something wrong with the computer's (Windows 7 Desktop) internet connection, and got her to install Teamviewer and presumably give them access (she doesn't remember what happened exactly, but she says she followed all their instructions). After doing everything they wanted, then they said that it was all fine but they wanted to speak to the account holder who was my father - he wasn't there at the time. Anyway, they called back in the evening, and I pretended to be my father. I played along up to the part where they wanted me to give them the Teamviewer ID and password and then hung up. Since then I've deleted Teamviewer and have run Malwarebytes Anti-Malware and Superantispyware which didn't turn up anything that looked too serious.

My question is: what were they after? Presumably money, but I note the following:
1) At no stage with the conversation with my mother or me did they mention payment or credit card details
2) The computer seemed to be working fine, with no obvious changes like new password checks/bricking/ransomware/new software (other than Teamviewer)
3) I can't work out why they would have wanted to talk to the account holder when they presumably got remote access already via my mother who believed them

I'm not sure what I'm missing and any insight would be much appreciated.

A:Mother fell for remote access phone scam - what were they after?

  
Quote: Originally Posted by cwan


Snip, snip...
My question is: what were they after? Presumably money...
Snip, snip...


You are correct. Please pardon my abruptness but no further speculation is really required regarding scams. You did well to not lose any money.

Cheers.

Read other 7 answers
RELEVANCY SCORE 76.8

My 83 yr. old Mother has been showing interest in emailing friends & Family. She never had a computer, (except a WebTV Years ago) & Never will. She would get into too much trouble, so I bought her an Android Tablet. My question is: are there any companies in S.E. Florida where I could get her Inexpensive wireless service instead of going with AT&T DSL or Comcast cable broadband which are too expensive for just a Tablet. Any recommendations? I sure would Appreciate it...
 

A:Got elderly mother a tablet need help

Read other 6 answers
RELEVANCY SCORE 74

I don't know anything about computers and my 87 year old mother knows even less. She frequently will click on something that causes her email system to change passwords without being aware of it or do something else that causes her problems. We live an hour apart, but she wants me to come over to help. I thought I found the solution when her service provider COMCAST offered tech support through their XFININTY. She could call them, they would remote into her computer and fix her problem usually within 20 minutes. A few days ago, she got a letter saying that they were cancelling that service option and refunding her $ 15 monthly fee.

I have heard of so many scams out there. Are there any good legitimate and reasonably priced tech support services out there that she can call to remote into her system to figure out her issues? She has Windows 2010 and uses Outlook 2010 for email.
 

A:24/7 remote tech support for elderly

Read other 11 answers
RELEVANCY SCORE 70.4

Unfortunately, my elderly parents fell for a scam today.

Evidently mom was reading some news story online and they got some pop up saying they had a lot of infections and the hard drive was going to be destroyed shortly and to call this specific 800 number.

So what do they do? They call the number. And then they type in some stuff per their instructions which gave these people access to their machine. My mother then had the idea to call me and ask me if this number was legitimate or not.

I told them to hang up the phone with these people and to pull the plug on the computer immediately. It took some convincing but they did it.

I?m totally not sure what to do now. These people never asked for any money, but they had full access to their machine. My mother couldn't tell me what they had her type in to give them access but she did say something about the rundll32.exe. That's the most information I could get out of either of them.

I think I have to assume the worst in that the bad guys have access to anything and everything that was on the computer, passwords, etc. Luckily they don?t do any online banking or anything of that sort. But isn't the entire machine now a security risk?

I think I also have to assume that they installed some sort of backdoor to re-give them access to the machine once they turn it back on again. I've told them not to turn on the machine for now.

I also wonder if the bad guys could somehow get access to their internet gatewa... Read more

A:fell for scam

Read other 10 answers
RELEVANCY SCORE 69.6

Hi, 
just got a phone call from my mum and she has fallen for a phone scam.
Basically an 'AVG looking' box kept appearing over her browser, so she clicked it, and then it wouldn't go away. There was a free phone number to ring, so she rung it and spoke to a person in a call centre. They took control of her computer, and scanned it, and it said she had a trojan. Then they asked her for a payment of £110 and then asked her to enter the admin password on the screen. Luckily by this point she got suspicious, and hung up. 
How safe is her computer to use now? I haven't got the computer in front of me, and wont be able to fix it for a while, but I'm just wondering if it needs a full clean install, or would just require some house keeping.
She didn't enter the admin password, so how much damage could they have done without it? I'm a mac user, so not totally sure on windows issues. 
she has AVG installed, so would it be a simple scan with that?
thanks!

A:Mum fell for phone scam, can anyone help

i just found this info online, which is probably the same thing:
A (slightly) more legitimate version comes from a company called Help PC Online, which "Which" investigated.  Their British phone number actually connects to a call centre in Delhi and their address in Crawley appeared on Google to be a car park! For £110 per annum they promise to give you support. They then take over your PC and install and run two (legit) free packages (Ccleaner and Malwarebytes) Whilst I thoroughly approve those the charge is excessive. But there can be much worse consequences from allowing someone to take over your machine.  In fact you are giving them the right to search the whole hard disk and they may find details you would prefer not to disclose. 

Read other 3 answers
RELEVANCY SCORE 69.6

So I never knew about the scam before this happened, I was oblivious to what was happening. My laptop is a Dell Latitude D530.

Now I have the issue where the hacker configured a password onto my computer, but said the viruses wasn't removable, I doubt that much. So I called a repair shop to come over and fix the issue, but is the bios battery inside the computer, cause I don't see one underneath the battery.

Windows 8.1
 

A:Fell for microsoft scam

Welcome aboard

Not sure what your actual situation is.
You said you called repair shop and...?
 

Read other 1 answers
RELEVANCY SCORE 68.8

I fell for the technical support scam and paid the fee and granted them access to my computer and they were downloading a couple of programs,but at the same time I told a friend about it and they told me to turn off completely. The scammers continue to call me. I am scared to turn on my computer and would like to know what to do about this.already called the credit card company to cancel the payment.

A:I fell for the technical support scam

Unsolicited phone calls (aka Tech Support Scamming) from "so-called Support Techs" advising your computer is infected with malware has become an increasing common and prolific scam tactic over the past several years.
In the majority of these cases the scammers use social engineering to trick a victim into spending money for unnecessary technical support or to buy an application which claims to remove malware. In other cases the caller pretends to provide free security checks or direct the download and use of a bogus registry cleaner which purports to find thousands of problems, then offer to fix the computer for a fee. If the victim agrees, the support usually costs hundreds of dollars and often leaves the victim's computer unchanged or intentionally infected with dangerous malware.
Another scam tactic involves tricking their victims into believing that their computer is infected by having them look at a Windows log that shows dozens of harmless or low-level error entries. The scammer instructs their victim to type "eventvwr" in the RUN box to open Windows Event Viewer and points out all the warnings and error messages listed under the various Event Viewer categories. The scammer then attempts to scare their victims into giving them remote access to the computer in order to fix it and remove malware. More nefarious scammers will install a backdoor Trojan or Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to ac... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

and now my machine is really playing up.
Acer M1641 Intel Core 2 Duo E4700 at 2.6GHz
3 GB RAM Running Vista Home Premium Version 6 Build 6001 Service Pack 1.

I am getting:
System Hang-ups
Random IE pages appearing for no apparent reason, especially as I use Firefox!

Ran DDS and GMER, but had to do it in Safe Mode as GMER caused a Hang-up which only a single finger re-boot (mains off at plug) would cure in ordinary mode. So here is DDS.

Hope you can help. Many Thanks. Jeremy.


DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by Jeremy at 23:12:19.75 on 20/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3071.2669 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\Jeremy\Desktop\dds.scr
C:\Windows\system32\... Read more

A:I fell for the Adobe Flash Upgrade scam...

Hi Jeremy,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 16 answers
RELEVANCY SCORE 68.4

My wife fell victim to a cold call from an agitated "Security" service individual that led her to "error" messages in the event log and then coerced into installing ammyy remote admin management capability to "fix" the problem. This is a common attack (seach "ammyy") usually to sell bogus services or windows 7 upgrades (credit card snatching). However, for the brief time before she closed the remote admin program after becoming aware that this was a scam, the scammer had full access to her computer.

I've run Avast, Spybot S&D, TrendMicro HouseCall, McAfee Security Scan, Malwarebytes. These found a few tracking cookies and something related to Installshield 2k2 (that sends tracked info to some site). Anyway, it now looks clean (programs removed cookies and registry entries).

I have a HijackThis log attached that seems ok, but not sure about all the entries. Any extra eyes on this log appreciated!

Thanks!, George

A:Fell for ammyy remote admin scam

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 3 answers
RELEVANCY SCORE 67.6

Just today I got a call from someone named "Mike Anderson" (He gave a number claiming to be "Windows Tech Support" and he preyed on my lack of technical expertise. I feel like a freaking moron!
 
I am on the computer this happened to and do not have access to any other machines in order to download or transfer software. It runs Windows Vista Home Premium 32bit. I've had this computer very a very long time, and I feel so dumb that I fell for this! I thought stuff like this came in emails, not the phone! I don't even know how he got my number!
 
Anyway---
 
He connected to my PC using an Ammyy program and brought up a whole bunch of scary stuff. I told him "wait, I have McAfee, it blocks anything that doesn't belong. I also use Malwarebytes and it's done great for me."
 
The guy told me it's hackers, not a virus, and McAfee is useless, and proceeded to uninstall McAfee and my iObit defragmenter! He then installed CCleaner (I don't dare touch it). He had control of my PC and had me log into my email to send emails to a bunch of email addresses(he added them to my contact list).
 
I don't dare change any passwords until I'm sure there isn't anything still on this computer that can see what I change it to.
 
My Windows firewall is disabled and can't be reenabled. I tried to update Malwarebytes, but it failed and my computer rebooted itself. I went right to the malwarebytes site, downloaded and installed it without a problem. I ran in regular mode sinc... Read more

A:I fell for a Creative Solutions scam and I feel stupid. Please help.

There is no edit function, oops! I forgot to mention that I will not run any software that will alter anything until advised. I'm working on using tools that scan things so I will have logs available if I am asked to post them in the log forum.

Read other 39 answers
RELEVANCY SCORE 67.6

Hi,Well this is my first post in here but I've visited many times over the years.So yesterday I was busy trying to get all my tax paper ready for the accountant, phone rings and my wife hands me the phone.Indian accent lady on the other ends of phone tells me that shes calling from some IT company and my computer is infected and it's sending warning messages to them, I was having a hard time understanding her and at the same time sorting paper work out. so my mind wasn't completely with it. My laptop was purchased back in 2008 and it's probably time to get a new one, over the last month it's been running slow etc, I clean a whole bunch of things, purchase another software to try help fix things up etc.But over the past 4 days my primary email address that's [email protected] was getting a huge amount of virus emails, so I figure this lady was some IT person from Rogers, they also have call centers in India and other countries, unless you talk to customer relations.Anyway, after she had my run a few "Run" CMD type commands she told me yes your laptop is infected and all software is corrupt.She had me visit ammyy.comI questioned her for a little about why would I need to use a remote desktop app, she said her tech guy will help guide me to remove/fix problem, so being stupid I granted access, then after running one more CMD command, not sure what the command was but after it finished it said something like:"All software has been deactivate... Read more

A:I fell for the Ammyy SCAM via phone call - Have I been infected

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 4 answers
RELEVANCY SCORE 66.8

Windows XP pro.  SP3 Gigabyte Motherboard. 32 bit system.  500 GB drive got call from "Microsoft" saying errors had been sent and they could tell me how to fix. them.  Yes, I had errors sent resulting from multiple tries of migrating 500GB drive to 1TB drive.  several unsuccessful attempts. When I realized this MS call was a scam and they were IN my sytem - I disconnected from the net.  tried to find the logmein software and remove it.  couldn't find it. I'm still not sure which drive they accessed because I had so many issues with my cloned drive not showing up properly.  Had multiple drives running. cleaned and defragged with Glary utlities (big mistake) shut down system and tried to reboot with no luck' couldn't use XP disk to repair.  would get to 'starting windows' and would get blue screen. took out all drives except the original.  dug out the motherboard install disk.  used that.  got system to boot into windows. no internet connection but did have AVG Pro trial installed.  Did a scan and found 28 items but said can't remove them.  IRC Hook was the one that showed the most. I'm unable to copy files from that system to a floppy or CD.  I did a screen shot and could send that if it would help.  I can open desktop files but can't move them or 'send' them to USB drive seems that the virus disabled all the normal services.  keep getting error mes... Read more

A:Fell victim to "microsoft" scam and now system is infected and AVG can't cure

(been getting help from the TEch Support site.  Great people.)
 
Hello avatrx -
Please tell us only when you have Fully finished with the other support people, and yes they are good.
Note that we do not help you while you are getting help at other places.
We would also like you to leave a link to the topic there when you are finished.
The advice may clash, with 2 versions of opinions from each site -
 
Thank You -

Read other 10 answers
RELEVANCY SCORE 65.2

My husband fell for the phone call that our windows certificates were expired. He followed the prompts of the caller which gave the caller control of the computer. He got all the way to the costs before my husband realized something was amiss. Needless to say when I got home there were open files on my computer to prove the callers point. I used AVG to search for malware. it found 3 items and destroyed them. I used the window defender and it found nothing. I then found 3 files in my download folder and attempted to delete them one would not delete the Ammyy-(1) (I may not have that correct). So I scanned it 3 time with AVG and it was not infected. I asked a friend how to remove the file and they suggested I do it in safe mode. I went to safe mode and have been stuck in this Start-up repair. Start up repair cannot determine the cause of the problem. I am running windows 7 (professional ?). I don't have any disks, but I can attempt to get them from work if necessary. Any help you can lend I appreciate. I really don't want to lose my photos.

A:Fell for the phone scam Ammyy computer stuck in Windows error recovery

Hi jamiespull
 
My name is polskamachina and I will be assisting you with your malware problem. It sounds like you are unable to boot into normal mode, is that correct? Or do you get stuck in Start-up repair only when you boot into that mode?
 
polskamachina

Read other 59 answers
RELEVANCY SCORE 61.6

I am posting regarding the scam you have covered in this link http://www.bleepingcomputer.com/virus-removal/remove-windows-has-been-block-tech-support-scam
 
It's the 'Remove the Windows has been Blocked Tech Support Scam'
 
However, unfortunately I did call the number, and when they wanted money I said absolutely not. Now, when I power up that PC, I get a pop-up that asks for admin password (not the Windows or BIOS popup). I tried command prompt, system restore, and reinstalling windows deleting everything but what was installed and personal files, and still the same popup requesting a password. I tried Esc, and cancel and enter, all not working. 
 
Any suggestions? Any help at all greatly appreciated

A:Tech Support Scam

 If this happened to me, I'd restore from a recent full system backup.  If you don't have one, you'll probably need to do a clean install.

Read other 2 answers
RELEVANCY SCORE 61.6

Running windows 7. Have ran SuperShield, Malwarebytes, Microsoft Security Essentials scans.. Nothing found.
 
Here, in bold is what a Chrome window changes to:
Address bar: pc-sz17.stream/live.....
 
support. Windows.com says:
**Windows Warning Alert**
Malicious Pornographic Spyware/Riskware Detected
 
Error #
 
Please call us at +1-833-277-1209
do not ignore this critical alert... full page of more instructions
It's goes away by typing a new website in the address box
 
 
Windows 7. Have ran SuperShield, Malwarebytes, Microsoft Security Essentials scans.. Nothing found.

A:Tech support scam

Reset Chrome...Click on "Customize and control Google Chrome":Click "Settings" then "Show advanced settings" at the bottom of the screen.Click "Reset browser settings" button.Restart Chrome.If the above didn't help....Reinstall Chrome...If you want to save your bookmarks...How to Backup Bookmarks in Google ChromeIf you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ Close all Chrome windows and tabs.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)Click Programs and Features.Double-click Google Chrome.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.Install fresh copy.

Read other 3 answers
RELEVANCY SCORE 61.6

I've tried Malwarebytes and adwcleaner without luck. This is happening in Chrome.  I'm using Win8.1.  Attached is a copy of the screen I'm getting. 
 
Thanks for any help!

Read other answers
RELEVANCY SCORE 61.6

dad allowed takeover of computer remotely....advised to run combofix to help....got log...now what do we do???!!
 combofixlog.txt   9.94KB
  6 downloads*Moderator Edit: Moved topic from XP to the more appropriate forum. Combofix logs are allowed in MRL only. Also, Microsoft has no way of knowing your computer has issues or if it is infected. ~ Queen-Evie*

A:microsoft tech scam

Moved to Virus, Trojan, Spyware, and Malware Removal Logs as there is a ComboFix log posted.I deleted the prior response.

Read other 1 answers
RELEVANCY SCORE 61.6

Has anyone heard of or had dealings with Procomsupport247 or Khamtechnologies. When My wife called the microsoft support number on two different occasions these are the people she got. They did help with the problem but they charge for service and want you to sign up for multi year contracts. Any help would be appreciated.

A:tech support scam?

Those are services offered by 3rd parties and are not affiliated with Microsoft. If you search for Microsoft support you'll usually get quite a few ads before seeing a real number. If you want actual Microsoft support go here:
Microsoft Support

Read other 3 answers
RELEVANCY SCORE 61.2

RE: ABC TECH SUPPORT--I was on the internet late one evening and my computer went crazy when I had typed in a number to go to a listing on Craig's list. My computer immediately froze up and a screen came up for me to click on to get Microsoft Approved Help,
so I clicked on it and answered a whole bunch of their questions about passwords, etc. This was in January, and I don't remember the exact succession of events, but suffice it to say, they eventually called me or I called them (not sure which), and by phone
they told me they could analyze my computer for $225. right then and there, which was less than if I took it to someone else locally to have it done. Since it was nearly midnight, I said yes. I was in a panic because I didn't know what would happen if I would
shut off my computer. Long story short, they then read me all sorts of information about their virus scanner, which would cost an additional $275. and would be free for the first three years, but have a minimal annual charge for the next three. I kept asking
them, "How do I know this isn't a scam?" and they kept repeating they were licensed by Microsoft--even that they were recording my conversation. Eventually, they told me not to turn off my computer, and that in the morning my computer would be fixed.
In the morning, I contacted my credit card company and asked that they not pay the charges, that I had felt it was a scam. I was informed that i COULD NOT DO THAT--that I would have to let it go ... Read more

Read other answers
RELEVANCY SCORE 61.2

Yesterday I got a call from an unknown number. The caller introduced himself as jack and told me he was from a company contracted by dell to provide software support sand that he had received reports from my computer that the was malware on it and my files were at risk. The call followed the same routine described by others and he asked me to use the run box to show me the problems.
He had my phone number, email and service tag but I was suspicious from the start and when he asked me to run www.remcontrol....... I told him I wanted to confirm his credentials before continuing.
He gave me a phone number which I called and the guy who answered gave me the same story but did nothing to confirm their authenticity.
After this I hung up and did not answer the two subsequent calls. It seems to me that dell has had a security breach that has put customers information in the hands of scammers.
Does anyone have any other info regarding this scam?

A:Dell tech support scam

Hi steveloz, and welcome.
You describe a textbook case of a classic phone scam, in every aspect. You were right to not give them any info or to visit their website.
The aim is to get you to surrender your computer via remote control to the scammers, for their various nefarious purposes. It is so easy these days for scammers to mine various 3rd party databases for your personal info, to lend a sense of legitimacy to their calls, but these calls out of the blue are all scams that have been going on for years.
It bears repeating:
1) No computer (or operating system) vendor can detect problems (including malware) on your computer over the internet. Not Dell, not HP, not Microsoft, not Apple etc.2) No legitimate vendor will cold-call you (phone or email) with such a message.3) Never turn over control of your computer over the internet, unless you have initiated contact with the vendor, using contact info you trust, in order to solve a problem you have identified with their hardware or software, and their tech support recommends this approach. In practice, this will rarely, if ever, be needed.

Read other 18 answers
RELEVANCY SCORE 61.2

Microsoft Warns Of Tech Support Phone Scam
I know this has been circulating for a while but my mother received a phone call while i was there .
I took the phone away from her and talked with the man to find out what was going on .

He would not take no for an answer
even when i told him that there was no computer at this address he insisted on retelling me he was from microsoft tech support and that the ip had been flashing red at their end and that it was a virus problem .
Even after i had repeated that there was no computer to get infected he said when i read my emails all lights were flashing at their end

Now if this post stops one pc user from falling for this scam then i will be happy
 

A:Tech support phone scam

Read other 6 answers
RELEVANCY SCORE 61.2

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled imi_rescue.exe, Remote Assistance, and WebKit on my firewall which I assume were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. My wife posted a similar post earlier for her laptop. The following log is for my desktop PC. Thank you for your assistance.DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2... Read more

A:Tech Support Scam - logmein123

Hello girsler, and welcome to BC!My name is bloopie and I'll be helping you with your problems as best I can! A few things to keep in mind while we are working together:As you have posted several similar topics here, please be sure to keep each machine and topic instructions seperate. What instructions I give in this topic may not be the best for the others!If you have since resolved the original problem you were having, I would appreciate it if you let me know.If you are unsure about any of the steps just post what you can and I will guide you!Please tell me if you have your original Windows CD/DVD available.Please copy and paste all logs here unless otherwise instructed!Upon completing the steps below I will review your topic an do my best to resolve your issues.==========Now let's get another log from a more powerful tool:Run CombofixYou may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job...this is normal.You can download Combofix from one of these links.Link 1Link 2Close any open browsers or any other programs that are open.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ... Read more

Read other 11 answers
RELEVANCY SCORE 61.2

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.

A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?

Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appr... Read more

A:Tech Support Phone Scam

you are not going to find a way to make the recovery's on a non working computer. the best fix is a reinstall,its likely that here recovery partition is still good ,you just need to save what you can, and run the recovery, check ASUS site for info on what key to hit on bootup to activate the recovery .
It sure is a small world when we are so gullible to think that Microsoft or someone that cares , is going to call us/little old me, and tell me my computer is sick and offer to fix it ,good luck

like the calls telling me they can offer me better interest rates on my credit cards ,and I don't even have a credit card

Read other 46 answers
RELEVANCY SCORE 61.2

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled two items on my firewall which were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. Thank you for your assistance.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Owner at 9:26:41 on 2013-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2119 [GMT -6:00]
.
AV: AVG Anti-V... Read more

A:LogMeIn123 Tech Support Scam

Hello poodle_breeder, and welcome to BC!
My name is bloopie and I'll be helping you with your problems as best I can!
A few things to keep in mind while we are working together:
As you have posted several similar topics here, please be sure to keep each machine and topic instructions seperate. What instructions I give in this topic may not be the best for the others!
If you have since resolved the original problem you were having, I would appreciate it if you let me know.
If you are unsure about any of the steps just post what you can and I will guide you!
Please tell me if you have your original Windows CD/DVD available.
Please copy and paste all logs here unless otherwise instructed!
Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========
Now let's get another log from a more powerful tool:Run Combofix
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<
Combofix may need to reboot your computer more than once to do its job...this is normal.
You can download Combofix from one of these links.
Link 1Link 2
Close any open browsers or any other programs that are open.
Close/disable all anti virus and anti malware programs so they do not inter... Read more

Read other 12 answers
RELEVANCY SCORE 61.2

Hello, yesterday while I was browsing websites I encountered one of the tech support scan pop ups that told me I had a virus and a lady was speaking telling me it was blocked. I knew better of course and ended google chrome in the task tree. However, I forgot I had some tabs I still needed and had restore the tabs but the pop up site kept coming up before i could close out real quick. This happened 2-4 times. I was reading some articles and they said even though I didn't click ok, phone them, give them any sort of access to my computer I could have gotten a drive by download or fileless infection like these articles state
 
https://blog.malwarebytes.org/exploits-2/2014/11/tech-support-website-infects-your-computer-before-you-even-dial-in/
 
The site I encountered was very similar to this posts
 
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/your-microsoft-computer-has-been-blocked-with-the/441bf00b-bf93-4d00-b8a1-64aac2f5914c
 
https://blog.malwarebytes.org/exploits-2/2014/09/fileless-infections-from-exploit-kit-an-overview/
 
https://blog.malwarebytes.org/fraud-scam/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/
 
 
I noticed it said something about rundll.exe, registry files, and personal info could be messed with. Even though I knew enough to close out and not call them and have not had any pop ups since the incident or any other odd things happen to my computer since then I'd like to be sure there i... Read more

A:Tech support scam popup

Hello coolcat22 and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  ... Read more

Read other 13 answers
RELEVANCY SCORE 61.2

I gave my older computer to my aunt and uncle (they are in their 80's). I'm not certain of all the details, but this is what I know. They were having some simple issues and needed help. I wasn't available so they got help from an unknown outside party. This person locked up their computer. The operating system has been changed and no known passwords work. I replaced the first computer with another, not realizing how bad the problem was, and they have remotely done the same to it as well. The fake tech person got into their bank account and stole several hundred dollars of their very limited income and they had to change their bank account info. Can I do anything to fix the two computers and what do I need to do to stop this guy from doing this again? How do I keep him out of family and friends smartphones and tablets?
 

Read other answers
RELEVANCY SCORE 61.2

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.
A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?
Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.
So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?
Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropri... Read more

A:Tech Support Phone Scam

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547265 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 8 answers
RELEVANCY SCORE 61.2

Yesterday I was called by a Windows Tech Support Scam. I am not very tech-savvy and I was gullible and allowed them to remotely access my computer. When they asked for money that is when I wised up, but that was too late. I already gave them access to my computer.

I changed my bank account passwords. I loaded my files onto an external hard drive. I plan to return my computer to its original state, but I first wanted to find out what is to stop the scammers from just accessing my computer again?

Any help

A:Windows Tech Support Scam

Hi:

Yes, it is a busy season for such scammers.
I got such a call on my mobile phone a week ago, spoofing a "legit" number in PA on caller ID.
I strung the caller along for a while.
He hung up when I volunteered to give him my credit card info so that he could "remote in" to fix my "viruses".

Anyway:
I hope you changed all your confidential info from a different, known-clean computer?

Also:
Here are a few resources:

I Just Fell For a PC Support Scam, Now What?
Tech support scams costing computer users
FTC cracks down on tech support scams
Beware of US-based Tech Support Scams

You might want to head over to one of several, busy, reputable computer disinfection fora for a guided, expert look at the system.
The trained malware helpers will know which tools to use, in which order, to check the system for hidden malware.

Thanks,

MM

Read other 2 answers
RELEVANCY SCORE 61.2

A few days ago, my Yahoo email was hacked. I changed my password and after searching for computer assistance, I inadvertently thought an ad was a legitimate Yahoo technical support link. I called pc tech site at 1-888-727-0571(www.pctechsite.com). The technicians informed me to run some command line tools and used logmein123 to gain access to my computer. They installed Malwarebytes, Ccleaner, Microsoft Security Essentials and Security Shield. After I thought this was a scam, I called this company to complain, they said they would not refund my money. A little while later I received another phone call from "Marlin from the tech department at Microsoft" in New York (1-212-777-3457) informing me my computer had many errors including malicious downloads, was compromised and would crash. I questioned the legitimacy of this call and they hung up on me. After this call a black box appeared in the lower left-hand side of my computer screen. I assume this was them trying to access my computer again. I disabled imi_rescue.exe, Remote Assistance, and WebKit on my firewall which I assume were allowing logmein access to my computer and generated the below DDS text file. Could you please assist me with ensuring my computer is cleaned and no longer infected or compromised. My parent's submitted similar postings for their computers. This is for my desktop PC, the third and last computer which was worked on by pctechsite. Thank you for your assistance.

DDS (Ver_20... Read more

A:logmein123 tech support scam

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 16 answers
RELEVANCY SCORE 61.2

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
MICROSOFT TECH SUPPORT SCAM CALL - Microsoft Community)

This is what the Popup said:


Quote:




""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."




So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance program and a player ... Read more

A:Microsoft Tech Support Scam

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Registry cleaners(Advanced SystemCare, One SystemCare, etc.) are usually more harmful than helpful. Don't use them.

Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

See if FRST64.exe will run in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 61.2

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of. 
 
What happened:
 
He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service. 
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/microsoft-tech-support-scam-call/52aac9a3-dca7-46e0-a856-4dba9529680c?db=5&page=2&auth=1)
 
This is what the Popup said:

""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance." 
 
 

 
So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.) 
 
After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed. 
 
Those programs w... Read more

A:Microsoft Tech Support Scam

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 61.2

Hello everyone,
 
 
I was just wondering if anyone has been scammed and wants to share their experiences. If so, comment it below and try to spread the word.
 
 
 
Thanks,
 
 
jman005
 
 
 
 

A:Have you ever been scammed by a tech support scam?

The only scam that is current are calls from "Microsoft" telling the victim that they have been alerted to a virus infection on the computer and they will help the victim clean his machine for a fee. These are always from India. My sister-in-law got one recently but was forewarned by me and she told the guy to go soak his head.
I have seen these scam websites appear near the top when a search is made for "computer help" or "virus help", etc.
Of course there are various independent brick & mortar shops that will overcharge, etc.

Read other 21 answers
RELEVANCY SCORE 61.2

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
http://answers.microsoft.com/en-us/...ca7-46e0-a856-4dba9529680c?db=5&page=2&auth=1

This is what the Popup said:

Quote:
""windows firewall service has been stopped due to virus/adware on your computer. please visitwww.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."Click to expand...

So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance p... Read more

Read other answers
RELEVANCY SCORE 61.2

I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.
A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?
Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.
So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?
Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropri... Read more

A:Tech Support Phone Scam

You'll probably need to look for your self because getting around passwords is frowned around here, I think I can guide you to a safer place to look, rather than searching questionable places on the net and ending up worse off than you are, but the rest is up to you
http://www.ultimatebootcd.com/

Read other 5 answers
RELEVANCY SCORE 61.2

My daughter's ASUS laptop may be infected by the tech support scam and other viruses or malware. It has been very glitchy and slow over the past few months. Can anyone help me with this? She is running Windows 10.

Read other answers
RELEVANCY SCORE 61.2

Hello everyone, I am here today because my computer is infected with a tech support popup scam. I have 2 computers, a laptop and a desktop and both have the issue. I can add machine specificas later, but here is what I have done so far:
 
I have these softwares on my computer:
Panda antivirus
Malware Bytes
Spybot search and destroy
Adwclreaner
 
I also reset my browser. Google Chrome.
 
I scanned and followed directions with each program, but the popups keep coming.
I had started a post, but the popup stopped it. This one will be copied and pasted.
 
I appreciate in advance any help that may be given. Thank you.
 
David

A:Tech Support Popup scam

Welcome aboard  Since both machines are affected... Let's try to reset your router.Turn the computer off.On your router, you'll find a pinhole marked "Reset".Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.NOTE. Simple router disconnecting from a power source will NOT do.Restart computer.NOTE. You may need to re-check your router security settings, as described HERE

Read other 7 answers
RELEVANCY SCORE 61.2

My grandfather got taken in by a Microsoft Windows Support Scam and I'm fairly certain that his laptop's got a bug that I can't get rid of.

What happened:

He got a popup (while using Internet Explorer and after downloading an Adobe update) that said there was a security issue and that he needed to call a number for Windows Firewall Service.
(I looked up the number and apparently other people have been taken in by this scam. Here it is on a Microsoft forum:
MICROSOFT TECH SUPPORT SCAM CALL - Microsoft Community)

This is what the Popup said:


Quote:




""windows firewall service has been stopped due to virus/adware on your computer. please visit www.scannow.com/support or call toll free 1 888 447 4192 for support. root-kits/spyware may have caused the security breach on your network location. call toll free 1 888 447 4192 for technical assistance."




So he called the number (1-888-447-4192) not knowing it was a scam and they said they were from Windows and that they needed remote access to his laptop to solve the security issue, which he gave them. (He said he did not give them any personal information, however.)

After he told me what happened, I checked out his laptop. He had about a dozen popups that wouldn't close and some malware programs were added, which I have removed.

Those programs were:
Knctr itibiti
One SystemCare
WebDiscover Browser
some kind of remote access/assistance program and a player ... Read more

Read other answers
RELEVANCY SCORE 60.4

The title pretty much says it all. What I have been seeing for some time now is a lot of my clients that click on ads in the right hand advertising panel of the facebook page have ended up with malware on their systems and big warnings on the screen to call a toll free number to fix their system and when they do are told it is Microsoft tech support which it is not and they want access to your system. If you give it to them you are then really in a jackpot of a problem. So just a warning, I tell my clients that it is a good rule of thumb NOT to click on anything in the right pane of their page as you have no clue which ones will cause this issue. Of late mostly the ones about stars dying or having other problems seem to be the most likely ones but I have seen it in others as well. One would think that facebook would do something about these type of things but sadly they are about the almighty dollar and don't seem to care. So every one please watch what you click on facebook. Especially if it seems to good to be true because if so it usually is.

A:The Facebook Microsoft Tech Support Scam.

Unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. The scams may involve web pages with screenshots of fake anti-virus software displaying warnings of bogus malware infections, fake ransomware and fake BSOD which include a tech support phone number to call in order to fix the problem. More nefarious scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.If you have not done so already, you may want to read Beware of Phony Emails & Tech Support Scams.

Read other 1 answers
RELEVANCY SCORE 60.4

The title pretty much says it all. What I have been seeing for some time now is a lot of my clients that click on ads in the right hand advertising panel of the facebook page have ended up with malware on their systems and big warnings on the screen to call a toll free number to fix their system and when they do are told it is Microsoft tech support which it is not and they want access to your system. If you give it to them you are then really in a jackpot of a problem. So just a warning, I tell my clients that it is a good rule of thumb NOT to click on anything in the right pane of their page as you have no clue which ones will cause this issue. Of late mostly the ones about stars dying or having other problems seem to be the most likely ones but I have seen it in others as well. One would think that facebook would do something about these type of things but sadly they are about the almighty dollar and don't seem to care. So every one please watch what you click on facebook. Especially if it seems to good to be true because if so it usually is.

A:The Facebook Microsoft Tech Support Scam.

Unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. The scams may involve web pages with screenshots of fake anti-virus software displaying warnings of bogus malware infections, fake ransomware and fake BSOD which include a tech support phone number to call in order to fix the problem. More nefarious scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.If you have not done so already, you may want to read Beware of Phony Emails & Tech Support Scams.

Read other 1 answers
RELEVANCY SCORE 60.4

Hi, so I've been having issues. I use a Chrome Browser complete with AdBlocker. I used to get redirected to tech scam pop ups when I downloaded some stuff for games via ad.fly. (I hate people who use this now.) I found a website with a workaround that has enabled me to safely download stuff again by giving me the direct link that bypasses the adfly continue button that leads to redirect, etc. Oddly enough, I just recently downloaded a file from mediafire and now I get redirected once more to a tech scam support ad with no choice to close the tab. (Normally, the other tab will open and the download will go through; now it just makes a stupid ad pop up.) I close it with ctrl+alt+delete with task manager, continued browsing the internet, etc. I ran malwarebytes and adwcleaner; both picked up nothing. I'm just worried if it's just my computer that keeps getting hit with these ads or if they're just everywhere now. I mean how they got past my adblocker even with javascript disabled, along with flash is just unsettling. :/Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

A:Every Download Redirects to Tech Scam Support Ad?

Is that Adblocker Plus? Or is it AdBlock...?
 
ou can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.
Open Chrome.
In the top right, click the icon you see: Menu  or More
Click Settings.
At the bottom, click Show advanced settings.
Under the section "Reset settings,” click Reset settings.
In the box that appears, click Reset. ​
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your n... Read more

Read other answers
RELEVANCY SCORE 60.4

To protect yourself from Ransomware and Phone Tech Scams, use CryptoPrevent v7.0 Released! https://www.foolishit.com/cryptoprevent-v7-0-released/
Phone Tech Scams are using the SYSKEY.EXE to password the OS boot up.
How to use the SysKey utility to secure the Windows Security Accounts Manager database. http://support.microsoft.com/kb/310105
How to Set a Startup Password to Lock or Unlock Windows. http://www.sevenforums.com/tutorials/243880-syskey-set-startup-password-lock-unlock-windows.html
CryptoPrevent v4.4.1. https://www.foolishit.com/cryptoprevent-v4-4-1-released/ New option to block the execution of SYSKEY.EXE as recently being exploited by malware.
SYSKEY.EXE - Prevent from running? http://www.foolishtech.com/viewtopic.php?f=34&t=1485
Apart from SYSKEY.EXE are there any other standard or common OS level executables which should be prevented from running in this way to prevent malicious abuse? CIPHER.EXE is ripe with possibilities for abuse in a similar sort of way.
Disabling Syskey startup password. http://blogs.msmvps.com/sp/2008/01/27/disabling-syskey-startup-password/http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-even-if-you-dont-have-the-password.html

A:Ransomware and Phone Tech Scam Protection

CryptoPrevent v7.1 was released Aug 23rd 2014.

Read other 1 answers
RELEVANCY SCORE 60.4

how do i get id of the select region tech support scam on my windows 7 pc?
 

Read other answers
RELEVANCY SCORE 60.4

This opened a new window in FF with a popup claiming Zeus virus, and # to call for help. The url was
"http://pc-0ndra3.stream/..." with some possibly encrypted data tacked on the end. My scans found nothing.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Ann (administrator) on DESKTOP-6GVNA4U (30-12-2017 13:22:29)
Running from C:\Users\Ann\Desktop
Loaded Profiles: Ann (Available Profiles: Ann & Administrator)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\WinService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corpor... Read more

A:2nd network PC with tech support phishing scam

Greetings,Your computer is clean.

Read other 4 answers
RELEVANCY SCORE 59.6

I am going to get back some of my money. First I would like to know what website do you go to to see if you've been hacked. I told them to remove all my records but I not sure of that. I went to my startup menu and it is empty. What should I do. I did a restore for Aug24. Still no start up menu. Please help. It is a Dell Business Computer Optiplex 755......Os Vista Professional
 

A:This is really weird....I used click4support tech support and found out they were a scam

I would suggest you have the PC checked out on our virus forum
If you allowed them onto the PC, and do any banking
The first thing to do is inform the bank/building society or any other financial institution you use, , if you have given any card details for payment , they may/will present that for multiple/regular withdrawals - so make sure that's stopped.
change email passwords and any other website where identity theft maybe an issue

have they disconnected from the PC - I would remove from the network

I will move to the virus /malware forum - have a read here
https://forums.techguy.org/threads/...before-posting-for-help-in-this-forum.943214/

Its also possible , all they have done is charged you a fee and made no changes to the PC
BUT i would not take that risk, theres enough examples where these scammers have used the cards for multiple withdrawals now. And dropped virus onto the PC often the ransom virus that locks the PC and asks you to call them again to unlock the PC
 

Read other 1 answers