Windows OS Scam

[Surfie]

Hi Guys,

Did a search for relevant threads, and the closest I could find was a rant which was >1 year old, so i'm creating a new thread for this (mods, feel free to move as required, and sorry for putting in the wrong place if it is wrong).

So, despite repeated warnings to my aging mater, she went and fell for the "Windows support scam" while I was away in Thailand.

Fortunately, we were able to jump on the financial side of things BEFORE the money actually left her account (the scammers didn't try and pick it up straight away, strangely). However, we are now left with a little bit of a mess on her computer to fix up.

Now, I know that these "engineers" go through and disable a bunch of services to make the OS not work and then "install" a fix which re-enables them. However, I do not know (and have thus far been unable to determine definitively) whether their executable ALSO installs other types of malware (keyloggers for instance).

I've gone through and run anti-malware and antiviral tools, and they say there is nothing there - but I remain unconvinced. So my questions are:

1. Should I go ahead and nuke the hard-drive, and re-install windows?
2. Should I believe the antivirus and anti-malware tools?
3. Is there some way of back tracking precisely which services were disabled?
4. Is there anything else which I need to do?

Obviously, I recognise, that if Question 1 has an answer of yes, then the other questions are pretty much covered ^_^

Thanks

 

[maniac]

I'm no software guru but if that happens to me I wouldn't feel safe using my own computer knowing that someone I dont know had access to my pc and could've installed virtually anything, I'd say backup her files, scan the pendrive(or whatever youre using) using first the infected pc then another pc to make sure, and nuke that hdd with three passes atleast.

 

[jamesriley94]

From all the threads about this I've seen in the past (half of them probably made by me), I've never seen anyone fall for it before... My mum nearly did, then I walked in a she handed the phone to me.

Personally, I'd probably reinstall windows. You probably don't need to, but if there's any doubt in your mind, I'm sure you'd rather be safe than worry about it every time you purchase something online, or type a password in somewhere.

 

[Snortan]

Format the hdd and reinstall windows, it will give you piece of mind and frankly it's faster and easier than trying to figure out what's been disabled and where/if there is anything else hidden.

 

[Surfie]

Yep, that's pretty much what I figured.

Thanks for the replies guys.

 

[Bozzy]

You could probably get away with running Rkill then combofix

usually gets rid of most crap without the need to reinstall.

 

[cooperman]

Nuke then install debian 7.....

 

[barnsley]

nuke it then re install windows. Its a pain to get working again.

 

[S_I_N]

nuke and reinstall ALWAYS the better option. I love it when they call me lol I keep them on the phone at least 15mins before telling them to bugger off (being polite here as this is a family oriented community) but I end up cursing them to hell and back before hanging up on them I just wish I could get the loud slam effect from a cell phone lol. They were real relentless one month I got like 15 calls from them.

 

[Surfie]

nuke and reinstall ALWAYS the better option. I love it when they call me lol I keep them on the phone at least 15mins before telling them to bugger off (being polite here as this is a family oriented community) but I end up cursing them to hell and back before hanging up on them I just wish I could get the loud slam effect from a cell phone lol. They were real relentless one month I got like 15 calls from them.

Heh, my personal favorite call of this, was when I took the instructions literally.

Them: "Hi, can you please go to your windows?"
Me: "Which one?"
T: "Any one, I will tell you what to run to identify it."
M: "Ok, i've gone to my bedroom window. Is that good enough?"
T: "Now run <whatever command>"
M: "Ok." <start running> "How long do I need to run for?"
T: "Umm.... it should only take a few seconds?"
M: "Ok good. I'm not in very good shape...."
and on it went. I'm sure you now get the drift.

Managed to string them out for about 10 minutes like this before they came back with "Ok, lets start again. Go to your computer..."

Once we got to that level, I booted up my Ubuntu box and played some more. In total the call went for 45 minutes. Yes, I was bored that day, and I was curious to know just how far they would go before giving up... the result surprised me actually. I expected them to hang up once they realised that I wasn't even on a computer.

 

[S_I_N]

lol yeah while mine wasnt as thought out as that I was like really my computer called you??? And just what did it say??? Really its infected?? I wonder how my computer is calling you when its OFF!!! Also what carrier is it using?? sprint verizon t-mobile??? lol

 

[Surfie]

Ha! Working in help desks is sometimes a help in things like this, as it does give you an insight as to where they come from, so it gives you ammo to mess with them.