• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

May have been infected after phone call/remote access scam

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
vinnycast27
Just Arrived
Just Arrived


Joined: 19 Nov 2010
Posts: 1


Offline

PostPosted: Wed Apr 27, 2011 12:46 am    Post subject: May have been infected after phone call/remote access scam Reply with quote

Hi there

i'm not sure whether this is in the right forum so please re-direct if it's not.

Basically I received a call today from an Indian call centre that said they were part of my internet provider's support team that would speed up my pc.

Unfortunately for god knows what reason I went to:

teamviewer.com and downloaded the remote access tool.

I gave them the password and log in assuming they were genuine Sad

they connected remotely and went to START-RUN-prefetch

saying these files are potential virus's and we can clear them for you at a small cost of 100 and you get 9 years cover...

At this point i realised this wasn't who I thought it was politely said no thanks and they abruptly said ok and hung up on me.

the window with the prefetch results was still open they soon closed it and then i got rid of the teamviewer connection. I wasn't sure if i was connected so reopened it reset the password just in case then re-deleted it. it's currently not on my desktop or my pc.

I then ran an Avira scan and a malware antibytes scan both finding nothing i'm uncertain if they have planted something on my pc that will absorb my passwords or my logins etc

I'm a bit scared about my level of security right now, can anyone help me ensure that i'm safe?

I must also stress that whilst he was talking to me on the phone only the preftech window was open he didnt do anything to my desktop or appear to install anything but how am I to know for sure.

Again my aniexty about this is really high so any help is very, very much appreciated.

kind regards

vinny
Back to top
View user's profile Send private message
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Wed Apr 27, 2011 12:10 pm    Post subject: Reply with quote

Why don't you call your ISP and confirm that they are actually providing this service on their part. Then if not, the risks are higher! If you suspect that they have installed additional stuff then you may do a system restore, if you are running Windows 7 then just type System restore from the Start text box and follow the wizard. Also, check and enable malware/spyware functionality your A/V solution may have.
Back to top
View user's profile Send private message Visit poster's website
vinnycast27
Just Arrived
Just Arrived


Joined: 19 Nov 2010
Posts: 1


Offline

PostPosted: Wed Apr 27, 2011 12:20 pm    Post subject: Reply with quote

thanks for the replay.

I can 100% confirm that it is not legitimate by the ISP provider.

I use Windows XP how can I restore to before yesterday's events?

Also if i do so will i lose any data saved yesterday?

p.s not sure if this helps but here is my hijack this log.

Note: Hijackthis log removed from thread. The Hijackthis log is only allowed to be posted in the Hijackthis/Malware removal forum. - SifuMike
Back to top
View user's profile Send private message
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Wed Apr 27, 2011 12:49 pm    Post subject: Reply with quote

You shouldn't loose any personal data, however, I would save the most important files to an external storage device. Check this link for detailed info -how to restore Windows XP to a previous state http://support.microsoft.com/kb/306084
You can never be sure by reviewing the list of running processes as malicious programs can take the name of valid ones, etc.
Back to top
View user's profile Send private message Visit poster's website
vinnycast27
Just Arrived
Just Arrived


Joined: 19 Nov 2010
Posts: 1


Offline

PostPosted: Wed Apr 27, 2011 2:52 pm    Post subject: Reply with quote

Hi George

I have just done the system restore and to confirm it's how it was as at yesterday before the phone call I didn't install Hijack this until today and it's currently not on my desktop. So i'm assuming i'm as I was before it all happened.

Is it a case of wait and see or can I do anything else to safeguard myself or detect if any malicious items still remain on my pc?

many thanks again

vinny
Back to top
View user's profile Send private message
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Wed Apr 27, 2011 4:14 pm    Post subject: Reply with quote

Keep your anti-virus/malware/spyware solution updated and running! Find a third-party firewall solution, block unnecessary traffic on both directions in/out and check the logs on regular basis.
Back to top
View user's profile Send private message Visit poster's website
vinnycast27
Just Arrived
Just Arrived


Joined: 19 Nov 2010
Posts: 1


Offline

PostPosted: Wed Apr 27, 2011 4:51 pm    Post subject: Reply with quote

Thanks George

All is up to date, I may run another scan just in case but I guess all I can do is keep an eye on things and hope for the best.

Thanks for all your help

Vinny
Back to top
View user's profile Send private message
SifuMike
Deceased
Deceased


Joined: 17 May 2004
Posts: 16777146
Location: Vancouver (not BC) WA (not DC)

Offline

PostPosted: Mon May 02, 2011 9:51 pm    Post subject: Reply with quote

This scam has been going on for about a year.

Microsoft rings alarm bell on fake Windows support calls
22% of people called by phony support technicians fell for scam
http://www.computerworld.com/s/article/print/9217684/Microsoft_rings_alarm_bell_on_fake_Windows_support_calls?taxonomyName=Security&taxonomyId=17

Microsoft issues warning on phone scam
http://www.microsoft.com/australia/presspass/post/Microsoft-issues-warning-on-phone-scam

Virus phone scam being run from call centres in India
Britons targeted by cold callers pretending to be from Microsoft phoning to fix a fake computer
http://www.guardian.co.uk/world/2010/jul/18/phone-scam-india-call-centres

Warning After 'Microsoft' Call Centre Scam Exposed
http://www.contactcenterworld.com/view/contact-center-news/warning-after-microsoft-call-centre-scam-exposed.aspx
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register