Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Ripoff attempt

  1. #1
    Lounger
    Join Date
    Jan 2013
    Posts
    28
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Ripoff attempt

    You get a call from India saying that your PC is badly infected. This has happened to me twice. They have you do this procedure:

    1. Press windows symbol on keyboard and r. Run window appears.

    2. Type eventvwr, click ok. (That's event viewer, logs of what's happened in the past.)

    3. Choose Windows logs > Applications. (That's a log of one type of event. There are about 5 others.)

    4. A long list of entries appears. (In my case, over 50,000, going back over a year.) She told me these were all errors caused by my internet activity. Not true: almost all were just logs of events, including some past errors. They are for information only and do not mean that anything is wrong at present. (In my case, which is probably not typical, hundreds of errors from Bonjour appeared. Bonjour has something to do with iTunes, which I don’t use. Searching on “bonjour services” gave instructions about how to remove it, but the instructions could not get started.)

    5. Each entry in eventvwr is a log file for a different kind of event. They do not do any harm by just being there. I cleared all by rt-clk except Windows, which cannot be cleared. For this they wanted $300, $200 or $100!

    6. I can't think of the name of the site where you can check such things. They may not have heard of this.

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,194
    Thanks
    201
    Thanked 785 Times in 719 Posts
    MrBip,

    This one's been around for a while. They often claim to be from Microsoft. Blatant scam! The website you were thinking of is www.snopes.com.
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  4. The Following User Says Thank You to RetiredGeek For This Useful Post:

    MrBip (2013-03-21)

  5. #3
    New Lounger
    Join Date
    Mar 2013
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a customer that fell for this......allowed the folks to remotely access their computer, but didn't pay for anything. But now, there is older looking Windows password logon box whenever you boot up and cannot get past it. We get this in safe mode, even SM cmd prompt. I've taken the hard drive out and scanned it on another computer, so I know it's not a virus. I've attempted to run a system restore as well after booting from a Win7 DVD, but I don't know if SR was turned off, or if the scammers turned it off, as I cannot find a restore point. Anyone else see anything like this? Or what else to try before we reload the system?

  6. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts
    Are you able to run something like Autoruns or WhatInStartUp?

    Both are free and neither require an install. You may also run Autoruns from http://live.sysinternals.com.

    Joe

  7. #5
    New Lounger
    Join Date
    Mar 2013
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Joe, are those programs able to run via cmd? Booting up with a Win7 DVD is the only way I can get this machine to a workable place....

    Jon

  8. #6
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,751
    Thanks
    67
    Thanked 545 Times in 493 Posts
    Jon, did you try resetting the Windows password? :
    http://pogostick.net/~pnh/ntpasswd/bootdisk.html

    Jerry

  9. #7
    New Lounger
    Join Date
    Mar 2013
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Jerry, it's not a Windows user account that it's asking for a password for....just states this system is configured to require a password. It has what looks like a Win98 or 2000 style icon. I have two buttons [ok] and [restart]. I know it's not a Windows thing as if I restart, the system tells me it wasn't shutdown properly and requests I attempt to repair.....repair doesn't do anything. Now that Win7 has gone to a bootmgr rather than boot.ini, is there any way to look at what's in bootmgr without being logged in? Or, is there a way to manipulate via cmd. If not, I guess it's factory reset, here we come....darn social engineering hacks....

  10. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts
    Those programs require Windows to run.

    See if What is Windows Defender Offline? helps.

    Joe

  11. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,751
    Thanks
    67
    Thanked 545 Times in 493 Posts
    Could it be a BIOS or disk password? If its a BIOS password, you might be able to get around it by shorting the cmos battery jumpers if available or removing the CMOS battery for 5 minutes.

    Jerry

  12. #10
    New Lounger
    Join Date
    Mar 2013
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Jerry, its not a BIOS password as it does display the Windows splash screen. Joe, it's not a virus....I've taken the drive out and scanned on a clean machine. I've attached a picture of the password screen I see...... ??IMG_20130326_155545 (800x600).jpg

  13. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,774
    Thanks
    83
    Thanked 340 Times in 307 Posts

  14. #12
    New Lounger
    Join Date
    Mar 2013
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Bruce, you're right on track! Thanks for the info.....Googled it and although it looks nasty to remove, at least I know where to start.....

    Jon

  15. #13
    Lounger
    Join Date
    Dec 2009
    Location
    North Eastern Arizona, USA
    Posts
    29
    Thanks
    4
    Thanked 1 Time in 1 Post

    Ripoff Saved You

    The rule for being safe from this kind of thing is "Though shalt always DELETE anything you were not expecting to receive." Some of these have you do a few things and your system will never boot up again. But at least you were smart enough to not send them any money.

    Chris C.

  16. #14
    New Lounger Tech Support's Avatar
    Join Date
    Dec 2009
    Location
    Nagpur, India
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Post Requesting a second chance...

    Hello fellow loungers!

    I am an Indian myself. I express deep regrets that my country-men are perpetrating such low schemes. But I implore you please don't tar all of us with the same brush. As an honest, morally upright, upstanding world citizen I have many reasons to rue my nationality especially when such low life scum tarnish our name globally. Imagine what a hellish life it must be for me, my family and community and all other honest Indians like me, over here, just because such scum have found out how to game the system - life for honest people in India has become hell!

    We are trying our utmost to save our country from being driven into the dust by such vermin. And to do so, I am trying to convince my fellow nationals that we must begin by acknowledging our faults and shortcomings before we can begin addressing them. There are scamsters from other countries like Nigeria and the Chuvashia province of Russia, too (I've encountered them personally) but that is no excuse for us Indians to behave badly.

    If there is any thing I can do to help, in any way or manner, I'll be most glad to. This is my way of being patriotic and clearing the honour of my country's name.

    Thank you for hearing me out.
    Last edited by Tech Support; 2013-03-31 at 02:44. Reason: Grammatical mistake

  17. #15
    Lounger
    Join Date
    Dec 2012
    Location
    New Hampshire
    Posts
    44
    Thanks
    4
    Thanked 5 Times in 4 Posts
    Well said.

  18. The Following User Says Thank You to rje49 For This Useful Post:

    Tech Support (2013-04-04)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •