May have been infected after phone call/remote access scam

Networking/Security Forums -> Viruses // Worms

Author: vinnycast27 PostPosted: Wed Apr 27, 2011 12:46 am    Post subject: May have been infected after phone call/remote access scam
Hi there

i'm not sure whether this is in the right forum so please re-direct if it's not.

Basically I received a call today from an Indian call centre that said they were part of my internet provider's support team that would speed up my pc.

Unfortunately for god knows what reason I went to: and downloaded the remote access tool.

I gave them the password and log in assuming they were genuine Sad

they connected remotely and went to START-RUN-prefetch

saying these files are potential virus's and we can clear them for you at a small cost of 100 and you get 9 years cover...

At this point i realised this wasn't who I thought it was politely said no thanks and they abruptly said ok and hung up on me.

the window with the prefetch results was still open they soon closed it and then i got rid of the teamviewer connection. I wasn't sure if i was connected so reopened it reset the password just in case then re-deleted it. it's currently not on my desktop or my pc.

I then ran an Avira scan and a malware antibytes scan both finding nothing i'm uncertain if they have planted something on my pc that will absorb my passwords or my logins etc

I'm a bit scared about my level of security right now, can anyone help me ensure that i'm safe?

I must also stress that whilst he was talking to me on the phone only the preftech window was open he didnt do anything to my desktop or appear to install anything but how am I to know for sure.

Again my aniexty about this is really high so any help is very, very much appreciated.

kind regards


Author: georgec PostPosted: Wed Apr 27, 2011 12:10 pm    Post subject:
Why don't you call your ISP and confirm that they are actually providing this service on their part. Then if not, the risks are higher! If you suspect that they have installed additional stuff then you may do a system restore, if you are running Windows 7 then just type System restore from the Start text box and follow the wizard. Also, check and enable malware/spyware functionality your A/V solution may have.

Author: vinnycast27 PostPosted: Wed Apr 27, 2011 12:20 pm    Post subject:
thanks for the replay.

I can 100% confirm that it is not legitimate by the ISP provider.

I use Windows XP how can I restore to before yesterday's events?

Also if i do so will i lose any data saved yesterday?

p.s not sure if this helps but here is my hijack this log.

Note: Hijackthis log removed from thread. The Hijackthis log is only allowed to be posted in the Hijackthis/Malware removal forum. - SifuMike

Author: georgec PostPosted: Wed Apr 27, 2011 12:49 pm    Post subject:
You shouldn't loose any personal data, however, I would save the most important files to an external storage device. Check this link for detailed info -how to restore Windows XP to a previous state
You can never be sure by reviewing the list of running processes as malicious programs can take the name of valid ones, etc.

Author: vinnycast27 PostPosted: Wed Apr 27, 2011 2:52 pm    Post subject:
Hi George

I have just done the system restore and to confirm it's how it was as at yesterday before the phone call I didn't install Hijack this until today and it's currently not on my desktop. So i'm assuming i'm as I was before it all happened.

Is it a case of wait and see or can I do anything else to safeguard myself or detect if any malicious items still remain on my pc?

many thanks again


Author: georgec PostPosted: Wed Apr 27, 2011 4:14 pm    Post subject:
Keep your anti-virus/malware/spyware solution updated and running! Find a third-party firewall solution, block unnecessary traffic on both directions in/out and check the logs on regular basis.

Author: vinnycast27 PostPosted: Wed Apr 27, 2011 4:51 pm    Post subject:
Thanks George

All is up to date, I may run another scan just in case but I guess all I can do is keep an eye on things and hope for the best.

Thanks for all your help


Author: SifuMikeLocation: Vancouver (not BC) WA (not DC) PostPosted: Mon May 02, 2011 9:51 pm    Post subject:
This scam has been going on for about a year.

Microsoft rings alarm bell on fake Windows support calls
22% of people called by phony support technicians fell for scam

Microsoft issues warning on phone scam

Virus phone scam being run from call centres in India
Britons targeted by cold callers pretending to be from Microsoft phoning to fix a fake computer

Warning After 'Microsoft' Call Centre Scam Exposed

Networking/Security Forums -> Viruses // Worms

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group