Yes they will have and depending on how unscrupulous they are will depend on what actions your Aunt needs to take.

But unless she's competent enough (and I don't think she may be) then it's probably best to get a knowledgeable friend or a computer technician to check it out for her.

Sorry I didn't realize that they she had given them remote access. I don't use windows so I can't really help with the specifics on detecting malware, viruses and rootkits but one thing that may be worth doing is to get a back up of any important files, photos documents etc. It mat also be worth having a look at the browser history as this may help in working out the fix. If your aunt has any saved passwords in the browser it may be a good idea to change them from a different machine.

What was today's?


Stereophonic sound!

Probably that, but the day is still young

She doesn't know if she gave them remote access. They did the Event Viewer thing but she doesn't remember them asking her to go to a website. They probably did though. She's coming to stay with me at the weekend so I've asked her to bring her PC and I'll take a look at her history.

She also told me Amazon phoned a while ago too - is that another scam people are experiencing?

They don't actually, from what I've heard they have a script for the Mac too and they switch to that script instead. They still con you into gaining remote access to your Mac so they can install and do what they want.

I heard that on Security Now where many people who had been called testified to the fact that they have a Mac script.

When it comes to user stupidity the Mac is no more secure than Windows.

Possibly even less secure as many Mac users believe their Mac is secure.

Proven by the very post quoted aswell.

I just said I don't use a PC at all.

I managed to confuse one caller when he asked me to log on to their website. I said he'd not be able to talk to me any more if that was the case - I pretended I was still on dial-up.
Last edited by Smiley433 : 25-10-2011 at 17:59

I'd be fascinated to hear the explanation for your disdain

My father in law had one of these calls when we were visiting. As he is always asking me to sort his laptop out, he said to the guy, 'Hang on I'll put you over to the tech department'. I took the phone and just said 'Good morning, Technical department, how can I help you?' Mr Mumbai just hung up.....My father in law thought it hilarious, but, at least it alerted him to the scam for future reference...

I told one today that he was speaking to the central IT support office and that we were currently supporting 246 Pcs - which one did he think was producing errors? He said, "You have 246 computers?" I said, "Yes, plus servers." He said to turn any one on. I asked how my 14 support techs could have failed to spot the errors. He said a machine was running slowly. I told him they were all i7s and were running like stuff off a shovel.
He said goodbye. I was quite disappointed.

I try to have a new script each time they call. Life has its little pleasures.

I had the same problem a fortnight ago. Only I stupidly gave them remote access to my PC three weeks ago - only slamming the phone down when they demanded £200 for "an updated security certificate".

Everything seems to be working fine (if a little sluggish) - and there hasn't been any funny business with my bank account - but I'm worried that some malware has been covertly installed. What is the best (and cheapest) way to check whether things were tampered with?

They scary thing is that they knew the code of my copy of Windows (which they quoted at me when I queried who they were).

I'd do a System Restore to before the date they got access, then do a scan with Malwarebytes.

Thanks. A couple of questions.

I have Microsoft Security installed - will that cause conflicts with Malwarebytes?

Will a System Restore delete Word files created in the last two weeks?

No.

&

No, no user data files are affected.

Did you check it was correct- they usually just trot out some random code.

Re: checking your PC, MSE is not really up to it, run Malwarebytes as suggested, ideally replace MSE with an F-Secure or Norton trial , or run their online scans here and here.

Nothing wrong with MSE when backed up with MBAM and/or SAS

Yes, but it may have been nobbled by any trojans installed, best replace it with a trial of one of these more advanced packages until skippy is certain it is clean.

"Did you check it was correct- they usually just trot out some random code."

Extremely worringly the code was correct

It was probably just the produce code, not the product key. No need to get paranoid.

Just had a look. The System Restore function seems to have been disabled since System Protection was turned off.

I am scanning my PC with Malbytes.

After scanning nearly half a million (!) items in 45 mins Malbytes gave my system the all-clear.

It's advisable to scan with other scanners, different products detect different things (just to check, did you check for updates on MWB before you ran the scan?).