Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    West Midlands, UK
    Posts
    236
    Thanks
    233
    Thanked 2 Times in 2 Posts

    Nearly caught in scam

    I have had a call which purported to come from my ISP about unusual activity with my broadband connection, after a while full details of my account plus personal details were given to show authenticity. The caller was able to see my computer and show lots of errors, with a full scan that ended with the statement that I was eligible for a refund. I would not give my bank details so was given a number to call to prove authenticity instead I rang the ISP and was told it was a scam. Apparently a program would have been put on my computer which I would need to remove. I ran AVG Linkscanner, Malwarebytes free plus a Spybot full scan. Spybot showed potentially problematic registry items plus dubious cookies, all of which were removed. My uninstaller does not show any new programs. What should I do to ensure that the scammer can no longer access my computer, apart from a wipe and re-install.

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Can you attach the MBAM log, it should furnish some clues?

  3. The Following User Says Thank You to satrow For This Useful Post:

    mike21 (2015-08-04)

  4. #3
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    West Midlands, UK
    Posts
    236
    Thanks
    233
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by satrow View Post
    Can you attach the MBAM log, it should furnish some clues?
    I am afraid that the computer will not boot up (I am using my wife's laptop). I get a screen "This computer is configured to require a password in order to start up, please enter the startup password below. I have got into the bios and there is an option to change the bios password - the existing password is not required, just enter a new one. I exited without doing anything because I did not want to make it worse - is this where the password resides and should I put something like 1234. Presumably the scammer put a password in so he could take over. Assuming I can eventually bootup, what is the MBAM log and how to I create one.

  5. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Don't do anything at this stage, you need specialist help; I suggest Sysnative.com, enroll and create a new topic in the Security Arena: http://www.sysnative.com/forums/security-arena/

    You won't be able to follow the normal malware diagnostics, they'll walk you through collecting the info needed to regain access and get it working.

  6. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    West Midlands, UK
    Posts
    236
    Thanks
    233
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by satrow View Post
    Don't do anything at this stage, you need specialist help; I suggest Sysnative.com, enroll and create a new topic in the Security Arena: http://www.sysnative.com/forums/security-arena/

    You won't be able to follow the normal malware diagnostics, they'll walk you through collecting the info needed to regain access and get it working.

    Thank you will follow your advice tomorrow.

  7. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    That's a SysKey password, not BIOS.

  8. The Following User Says Thank You to BruceR For This Useful Post:

    mike21 (2015-08-05)

  9. #7
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 306 Times in 266 Posts
    I helped a customer who had fallen for that scam with her Win7 laptop back in April.

    The fix was to boot from a system repair disk and use System Restore to restore to a point before the scammer accessed the system.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  10. The Following User Says Thank You to Coochin For This Useful Post:

    mike21 (2015-08-05)

  11. #8
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    West Midlands, UK
    Posts
    236
    Thanks
    233
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Coochin View Post
    I helped a customer who had fallen for that scam with her Win7 laptop back in April.

    The fix was to boot from a system repair disk and use System Restore to restore to a point before the scammer accessed the system.

    Thanks to both. I have posted on sysnative and am awaiting a reply, but the repair disk/restore option seems easy - where do I download a system repair disk - I have a Kaspersky repair disk and a loader disk for Macrium images using Linux, but neither seem to have that facility.

  12. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Once rebooted, the System Restore option is often disabled, leaving you without any Restore points to use.

  13. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,180
    Thanks
    47
    Thanked 983 Times in 913 Posts
    The Wikipedia article in post #6 above has some help.

    cheers, Paul

  14. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    ... and 2. Use the free Offline NT Password & Registry Editor by following these instructions. looks straightforward.

  15. #12
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 306 Times in 266 Posts
    Quote Originally Posted by mike21 View Post
    ...where do I download a system repair disk...
    Go to Control Panel\All Control Panel Items\Backup and Restore then click on "Create a system repair disc" in the left pane.

    If the affected computer is 64bit Windows you can create a repair disc using another 64bit computer, and vice-versa if 32bit.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  16. #13
    Banned Member
    Join Date
    Mar 2012
    Location
    Calgary
    Posts
    2,522
    Thanks
    0
    Thanked 170 Times in 142 Posts
    How do you know they went as far as to be able to 'see' your computer? Did you grant them access? The immediate, 1st & wisest thing to do is change your password(s). Starting w/ the one you use to access your computer. Make sure the new P/W is strong. To be strong use a minimum of 8 characters & @ least, 2 #s, 2 characters, 2 upper case letters & 2 lower case letters, all mixed up, of course.

    Having read the entire thread... there password you WERE using does not work? Should rebuild the machine. Solution is not in the BIOS. Don't see anywhere stating what OS it is.

    Can use Recovery Discs OR a matching Windows OS disc, IF you have a COA sticker w/ the License Key. If so, can use any matching (install) disc & YOUR Key. Good idea to DL drivers that might be needed to media, beforehand.

    In this case do not recommend anything but, going back to square one. Don't Refresh or Restore.
    Last edited by Drew1903; 2015-08-06 at 00:27.

  17. #14
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    West Midlands, UK
    Posts
    236
    Thanks
    233
    Thanked 2 Times in 2 Posts
    I am afraid that nothing worked, so I eventually used a 3 month old Macrium image and 1 week old My Documents etc. backup held on an external drive. Thanks for all the helpful suggestions.

  18. #15
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Unlucky, Mike.

    Much depends on which version of the malware that hits you, it looks like yours was very effectively written and executed

    Time to reappraise your security layers and imaging frequency?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •