Phone/Computer scam. Advice needed.

[RobinJI]

So when I got home today my mum was pretty shaken up having had a phone call from an 'IT company' who were saying something would render her computer unusable in 2 hours unless she followed her advice, inevitably they eventually asked her to pay for some service that'd stop it, but in the mean time they talked her through a load of stuff to do on her computer.

They left a phone number (standard London number) which I called to find a fairly plausible sounding IT company who had no idea what I was talking about, and insisted they never cold called. They said they were Dubai based. While I was on the phone to them (on the home phone) my mums mobile rung so I appologised, to and thanked what I think MAY have been a real company and answered the mobile. They guy was clearly the same guy as earlier (my mum had said she needed to talk to her son before she'd give any details/pay any money). I asked where the company was based and he said London. Failed that test. The number he was phoning off showed on the mobile and home phone as '404001234567890' Just a little suspicious! They blurted a load of crap mentioning something about an 'end user agreement running out' and I hung up on them.

They knew my mums home and mobile phone number as well as the post-code (well, they sort of knew the home number, it's only 10 digits and they'd added an 11th). Which is kind of worrying, but then again that's fairly normal marketing list BS stuff. I guess some not-so-honest company shes used in the pasts sold her info.

She wasn't foolish enough to give any details or pay anything, but part of the talking through they did included getting her to open a file that instigated Windows Remote Assistance (through the command prompt to make it less obvious), and I'm a little worried they might have done something to her laptop through it. Luckily she doesn't even let her browser store passwords, and her online banking's all done with a chip and pin machine thing. Sadly she can't remember exactly what they did, besides supposedly showing her some reasons why her computer was supposedly about to have a massive melt-down if they didn't fix it.

I'm guessing/hoping they were just trying to show off how amazing they were with computers to get here to believe they were being truthful about these errors they needed to fix. Maybe they'd have done something to make it look like it had packed in if given the time? (The first thing I did when she started explaining what happened was shut-down the laptop.)

I turned off the router then fired it up and disabled all the network devices before starting the router back up. I've got it running a Virus and Malware scan at the moment (AVG & Malwarebytes), but I'm not really sure where to go from there. I had a look through the recently accessed files and the only item in there (besides her normal use) was a text file called the company name they used ('Support guys' real official sounding ) which I've shredded.

There's also a file on her desktop called 'AA_v3.log' which she thinks is new, I keep shredding it, but it keeps coming back. The file type shows up matching as 'Text Document (.log)' in its properties, but I haven't dared open it.

I'm going to speak to the IT guy at work tomorrow, but if anyone's got any advice it'd be greatly appreciated (the laptop runs Vista I'd like to have piece of mind that she's secure on it in the future. I've told her

(Oh, and guess what, no random unexplained complete failure like the bell end tried say would happen!)

Thanks!

[bing]

Go back to a previous restore point, from a time before this event. She may lose some stuff, but the security will be restored to past levels and these c**ts shouldn't be able to get back in.

[HippY]

Okay

Task 1.

Unplug it from the internet. It CANNOT be connected in any form

Step 2.

Reset the router to its original settings

Step3

what bing said

step 5

bring me a coffee I cannot function properly...

So when I got home today my mum was pretty shaken up having had a phone call from an 'IT company' who were saying something would render her computer unusable in 2 hours unless she followed her advice, inevitably they eventually asked her to pay for some service that'd stop it, but in the mean time they talked her through a load of stuff to do on her computer.

yeah, usual stuff sadly

They left a phone number (standard London number) which I called to find a fairly plausible sounding IT company who had no idea what I was talking about, and insisted they never cold called. They said they were Dubai based. While I was on the phone to them (on the home phone) my mums mobile rung so I appologised, to and thanked what I think MAY have been a real company and answered the mobile. They guy was clearly the same guy as earlier (my mum had said she needed to talk to her son before she'd give any details/pay any money). I asked where the company was based and he said London. Failed that test. The number he was phoning off showed on the mobile and home phone as '404001234567890' Just a little suspicious! They blurted a load of crap mentioning something about an 'end user agreement running out' and I hung up on them.

they used a Londod based companies detail

They knew my mums home and mobile phone number as well as the post-code (well, they sort of knew the home number, it's only 10 digits and they'd added an 11th). Which is kind of worrying, but then again that's fairly normal marketing list BS stuff. I guess some not-so-honest company shes used in the pasts sold her info.

try google the house number and her numbers, I guess you can find it in 10 minutes with no real work

She wasn't foolish enough to give any details or pay anything, but part of the talking through they did included getting her to open a file that instigated Windows Remote Assistance (through the command prompt to make it less obvious), and I'm a little worried they might have done something to her laptop through it. Luckily she doesn't even let her browser store passwords, and her online banking's all done with a chip and pin machine thing. Sadly she can't remember exactly what they did, besides supposedly showing her some reasons why her computer was supposedly about to have a massive melt-down if they didn't fix it.

I'm guessing/hoping they were just trying to show off how amazing they were with computers to get here to believe they were being truthful about these errors they needed to fix. Maybe they'd have done something to make it look like it had packed in if given the time? (The first thing I did when she started explaining what happened was shut-down the laptop.) right thing.

I turned off the router then fired it up and disabled all the network devices before starting the router back up. I've got it running a Virus and Malware scan at the moment (AVG & Malwarebytes), but I'm not really sure where to go from there. I had a look through the recently accessed files and the only item in there (besides her normal use) was a text file called the company name they used ('Support guys' real official sounding ) which I've shredded.

There's also a file on her desktop called 'AA_v3.log' which she thinks is new, I keep shredding it, but it keeps coming back. The file type shows up matching as 'Text Document (.log)' in its properties, but I haven't dared open it.

I'm going to speak to the IT guy at work tomorrow, but if anyone's got any advice it'd be greatly appreciated (the laptop runs Vista I'd like to have piece of mind that she's secure on it in the future. I've told her

(Oh, and guess what, no random unexplained complete failure like the bell end tried say would happen!)

Thanks!

Edited March 5, 2014 by UKHippY

[RobinJI]

Thanks guys.

Bing, what do you mean by restoring it to a previous point? I'm sure she'd have no issue with doing that, the laptop's only really used for word processing, e-mails, and basic web browsing, but if a restore point's something you have to set manually I highly doubt she will have.

UKHippY, I'm not sure we have the windows disc for it. I was away when she bought it and my brother sorted it all out for her. He lives a couple of hundred miles away and can be a pain to get hold of because he works nights a lot of the time. I'll see if he knows though. The network devices will definitely be staying disabled until I'm 100% happy this is sorted, I'm guessing that should be enough to ensure there's no connection made they can use?

[HippY]

Thanks guys.

1.Bing, what do you mean by restoring it to a previous point? I'm sure she'd have no issue with doing that, the laptop's only really used for word processing, e-mails, and basic web browsing, but if a restore point's something you have to set manually I highly doubt she will have.

2.UKHippY, I'm not sure we have the windows disc for it. I was away when she bought it and my brother sorted it all out for her. He lives a couple of hundred miles away and can be a pain to get hold of because he works nights a lot of the time. I'll see if he knows though. The network devices will definitely be staying disabled until I'm 100% happy this is sorted, I'm guessing that should be enough to ensure there's no connection made they can use?

1. Do you have a really nerd friend? Tell the person that your mum accidentally might opened up the remote access port, it must be checked

Ask your mum where she was and what was explained to her. Get a computer and do the same of course except the dodgy bits. it sounds like they "made" a port where they can control/gain information from the computer

If not possible, reinstall windows, but find a computer techician friend, it is easier to do these type of things when you are there rather than with instructions

2. reset the router ( it will have the general settings, do you know how to set up a router, like passwords? do you have the manual for it?) then you can use that router with other devices with no problem:)

Do you have a sticker with the serial for the windows?

Do not worry, probably they caused no harm so far, and it is relatively easy to revert it back

First try to use a previous restore point (search it at control panel, or at start menu) and if that does not work, then the best way is to reinstall I reckon

[*gentlydoesit]

Computers are way not my bag so forgive me if this is dated, but the last time I had to restore there was an option in bios and on the antivirus software, think I used the bios one?? There's an auto save every now and again, i just loaded the last date and it was ok. (Few years ago now )

[Muel]

I've heard of this scam before, my Dad and Grandparents have been called up by them.

They may have had access to the computer via remote desktop. That alone would be enough to make me want to reinstall Windows after a full format.

Does it have a windows sticker with the licence key on it?

[bing]

I mean you can go into the settings where you defragment it, and there is a button you press to restore the operating system to a previous point in time, such as 6 months ago. It deletes and uninstalls anything which wasn't on the computer at that time, coupled with a clear out of all the unwanted files and unused stuff, she should be in the clear

[Ben Cox]

Unfortunately, you have to manually set it up to set a restore point. otherwise it has nothing to bounce back to (as i found out )

Ben

[Muel]

I mean you can go into the settings where you defragment it, and there is a button you press to restore the operating system to a previous point in time, such as 6 months ago. It deletes and uninstalls anything which wasn't on the computer at that time, coupled with a clear out of all the unwanted files and unused stuff, she should be in the clear

No it doesn't. It uninstalls any programs you have installed since then, and does a half arsed attempt at anything else. It's one of the worst features of Windows that I've ever had to use.

I wouldn't trust it at all. In this situation I'd only consider a full format and reinstalling Windows from fresh.

[JD™]

In this situation I'd only consider a full format and reinstalling Windows from fresh.

Not only is this the best solution, it's also the easiest!

[Muel]

Not only is this the best solution, it's also the easiest!

Easiest, yes. Best solution would be a full format and fresh install of some form of Linux though.

I recommend Mint. Do it!

[JD™]

Easiest, yes. Best solution would be a full format and fresh install of some form of Linux though.

I recommend Mint. Do it!

Best because it's for his Mum, who has enough knowledge about computers to have fallen for this scam (which is meant with no disrespect, Robin!). Let's finish this scary episode for her by giving her Linux You know I'm with you on 'anything but Windows' but it just doesn't work in this case...

[fruitbat]

In this situation I'd only consider a full format and reinstalling Windows from fresh.

Do this without a question of a doubt.

I've had someone try and do this to me but i'm IT aware/savvy so didn't fall for it. They use the fear to scare people into doing what they want them to, many people will do almost anything when they are told something bad will happen especially if it is an area they are not confident enough to dispute/investigate themselves, and once they have access to the pc/laptop to 'fix it', they can do pretty much anything they want. No idea what they actually do but wouldn't suprise me if they install something similar to the recent CryptoLocker virus that has been going round as this way they have a financial motivation for a later date.

[Muel]

Best because it's for his Mum, who has enough knowledge about computers to have fallen for this scam (which is meant with no disrespect, Robin!). Let's finish this scary episode for her by giving her Linux You know I'm with you on 'anything but Windows' but it just doesn't work in this case...

This is a seperate debate, and not one we will ever settle. Just rest assured that I'll be moving my Dad onto Linux when his computer is next being fettled.

He is the ultimate test of something. If it can be misunderstood or broken, he will misunderstand and break it.

[JD™]

But why? It's like moving him out of the house he's spent 40 yrs in, just because the new one has eco lights. Let the man just use his computer the way he is used to!

Anyway, you're right. It'll never be settled because you want to fettle and thus won't see the logical (correct) answer

[HippY]

For an end user( like your dad) it will not be a better experience to go Linux as he will see it as a worse windows

[RobinJI]

Yeah, I definitely won't be installing Linux on her computer! I can't be arsed to learn anything new on mine at the moment, let alone teach her it! (when I come to build a desktop for CAD and photo/video editing I'll look into it, while I'm still fooling around with a cheap laptop, I don't care if it's not at it's technical best.)

There's no way I'd have entertained them personally, I'd probably have told them to insert their phone/computer somewhere uncomfortable before hanging up. Unfortunately I wasn't home when they phoned, and being pretty inept with computers my mum was worried she was going to loose the use of her laptop, so did what they said until money was mentioned, when she said she'd have to speak to me first.

Thanks for the advice guys, it sounds like I'll be reinstalling windows then.

Am I right to think she'll be safe to transfer photos/word/excel documents off it before reinstalling it all? I don't think there's anything else on there she'd need to keep.

[HippY]

if the PC will be offline then yes, as they do not have sharing rights to a random PC.

[anzo]

Well, my advice here is to set an admin account with a password. Turn all the user accounts into normal user accounts.

This means that any system changes which could potentially cause damage will require admin rights and so cannot be accidentally changed.

[Muel]

ANYONE WHO DOESN'T USE LINUX IS GAY AND EATS DICKS.

[HippY]

ANYONE WHO DOESN'T USE LINUX IS GAY AND EATS DICKS.

I AM NOT GAY!

[Danny]

Backup any files to a USB stick and install a fresh copy of window 7. A good excuse to get off vista )

This may also help you find out what they made her type: http://www.computerhope.com/tips/tip189.htm

[JT!]

I agree with the fresh install of windows. Not Linux.