PC advice check: Taken in by a scam

Fed up talking videogames? Why?
User avatar
That
Dr. Nyaaa~!
Dr. Nyaaa~!
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by That » Mon Jun 19, 2017 12:33 pm

You have made sure it can't connect to the net, right? It's compromised, and the scammers will be dialling into it and doing stuff every time it comes online.

You should do the most destructive possible reinstall. If you go too far & break it then you can drop it into a PC repair shop and they can install a fresh copy of Windows for you - a minor inconvenience - but if you don't go far enough your sister will have Ukrainian (probably ;) ) criminals reading her emails forever.

Image
jawafour
Member
Joined in 2012

PostRe: PC advice check: Taken in by a scam
by jawafour » Mon Jun 19, 2017 12:39 pm

Karl wrote:You have made sure it can't connect to the net, right? It's compromised, and the scammers will be dialling into it and doing stuff every time it comes online...

I did fear that :( . Could they do so even though the machine has been reset and Windows updated?

Karl wrote:...You should do the most destructive possible reinstall. If you go too far you can drop it into a PC repair shop and they can install a fresh copy of Windows for you...

Yeah, I anticipate that I'm gonna have to restart this whole process (two and a half hours so far :dread: ) and select the TPM delete option... which may screw things up completely, meaning that, yeah, I need to take the machine to a shop. Oh, well, I'll see how's this Windows update process finishes first.

Thanks for responding, Karl!

User avatar
Hexx
Member
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by Hexx » Mon Jun 19, 2017 12:59 pm

Image

jawafour
Member
Joined in 2012

PostRe: PC advice check: Taken in by a scam
by jawafour » Mon Jun 19, 2017 4:20 pm

Hexx wrote:(Hammer-time!)

Luckily not!

I can announce... mission successful!*

> Cleared all personal files**
> Re-installed Windows 10
> Setup a new user ID and password
> Installed Norton
> Run multiple scans and checks
> Deactivated the "Allow remote connection" option
> Activated the "System restore" capability

And all seems okay!***. Thanks for all your help and tips, guys :wub: .


* I think.
** I think.
*** I think.

User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by Green Gecko » Mon Jun 19, 2017 4:28 pm

It's possible those encrypted files were a vulnerability that the scammer installed that they decrypt and encrypt when they access the machine remotely using some other vulnerability they installed (I doubt it's simply Remote Desktop), in order to run them. They could also have been set to hidden and iirc encrypted files don't appear in window explorer at all, you have to access them with a decryption app.

There was obviously some Java or JavaScript or flash or some other security vulnerability on the phishing site they visited so make sure they don't visit it again. Firefox and chrome both have their own bad website / malware flagging that should help and they should be up to date. Also update Java and Flash.

Hopefully if the backdoor has been removed or at least part of the chain is dead.

"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE
jawafour
Member
Joined in 2012

PostRe: PC advice check: Taken in by a scam
by jawafour » Mon Jun 19, 2017 4:35 pm

Green Gecko wrote:...There was obviously some Java or JavaScript or flash or some other security vulnerability on the phishing site they visited so make sure they don't visit it again...

It was worse than that, Gecko... my sister granted remote access to the scammer :fp: .

Green Gecko wrote:...Hopefully if the backdoor has been removed or at least part of the chain is dead.

I'm hopeful that we've closed the door now. It seems to be okay.

User avatar
Trelliz
Doctor ♥
Joined in 2008
Contact:

PostRe: PC advice check: Taken in by a scam
by Trelliz » Mon Jun 19, 2017 6:37 pm

I'd have ripped out the Hard disk and binned it. I assume you've given your family an extended talk about scams etc?

jawa2 wrote:Tl;dr Trelliz isn't a miserable git; he's right.
User avatar
Death's Head
Member
Joined in 2009

PostRe: PC advice check: Taken in by a scam
by Death's Head » Mon Jun 19, 2017 7:16 pm

What advantages does Norton give over Windows Defender?

Yes?
User avatar
Errkal
Member
Joined in 2011
Location: Hastings
Contact:

PostRe: PC advice check: Taken in by a scam
by Errkal » Mon Jun 19, 2017 7:18 pm

Death's Head wrote:What advantages does Norton give over Windows Defender?

A recipet?

jawafour
Member
Joined in 2012

PostRe: PC advice check: Taken in by a scam
by jawafour » Mon Jun 19, 2017 8:47 pm

Death's Head wrote:What advantages does Norton give over Windows Defender?

I'm off the pace with PC technology, but I did a search and found this from 2016:

Independent AV testing labs like AV-Comparatives, AV-Test Institute and Dennis Technology Labs are good source for comparing the performance of different AV programs. If you look at AV-Test Institute's Feb 2015 comparative tests for Windows 8/8.1 AVs for Home Users, for example, you will see that Windows Defender 4.6 had the lowest score (0/6) for malware detection with a detection rate of 74% for their reference set of malware (over 12,000 samples) compared to Norton Security 2015 which scored 6/6 with a detection rate of 99%.


More recently, Norton reviewed well in TechAdviser's "Best Antivirus 2017" tests.

I'm not that familiar with Windows Defender, but it hasn't always had great reviews. Or here. But, then again, there are alternative views.

User avatar
That
Dr. Nyaaa~!
Dr. Nyaaa~!
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by That » Mon Jun 19, 2017 9:23 pm

I think a paid-for antivirus software can be an OK investment if the laptop is being used by someone completely tech-illiterate and unwilling to put even slight, cursory effort into defending themselves. I wouldn't choose Norton or McAfee though because they're really bloated. Maybe Kaspersky or the pro version of Malwarebytes?

For anyone who knows how a computer works Windows Defender is fine. If you run Firefox with decent security extensions (uBlock, NoScript) and don't regularly fileshare then I think you probably won't ever even need to use Windows Defender. This doesn't sound like it's the case for your sister though. ;)

Part of the reason I use Linux is so I don't ever have to worry about any of this nonsense.

Image
User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by Green Gecko » Mon Jun 19, 2017 9:23 pm

I think generally it is a case of what type of hammer is appropriate. You need a pin hammer to set a picture hook, you need a sledgehammer to smash through a wall.

If it's a noob and fall for stuff like this, provide that person with adequate defense. If they're savvy and will stop to think twice about visiting 214124.norton.web.uk.scamlol and then entering all their stuff and talking to someone asking for £400 to unhack their IP connected CD rom drive then MSE is fine.

I don't blame you for recommending Norton. It's ironic however that the brand in this case made them blind to a scammers that exploit the idea, "If it says Norton on it then I'm safe, shut up and take my money".

Obviously glad your sister called you :) and it's fortunate the scammer asked for such a ridiculous amount of money. It's kind of insulting they thought your sister was that stupid though (or they wouldn't have proceeded), and good therefore that she called you.

It's scary because this can easily lead to things like encrypted system files, disk deletion of sentimental or valuable things or identify theft and credit/debit card fraud.

I would full format the disk and reinstall Windows from a disk however. I only say that because for me it doesn't seem to be a pain to do so, doing this stuff for family and friends etc is a right pain in the arse because they just never learn. You've probably spent hours faffing around with it but you can't fix your general computer user's vulnerability to psychological exploits. Sorting it out while knowing it'll probably happen again is the dread of working with computers.

(case in point, I have an ex boss who still asks me for passwords I provided in database when I left 4 strawberry floating years ago because they can't keep their gooseberry fool together and every single time they ask me to email it to them they create a security risk)

It's a shame it wasn't flagged up by Google or Mozilla yet.

Were they using Internet Explorer?

"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE
User avatar
Death's Head
Member
Joined in 2009

PostRe: PC advice check: Taken in by a scam
by Death's Head » Mon Jun 19, 2017 9:46 pm

Jawa - one thing you must warn your sister about is that if she gets a call from "the IT department", just be sensible and if she can't do that, just put the phone down. I get these calls a ridiculous amount of times. I used to play along for a while but it just became such a waste of time. Most of the time it sounds so scripted it is unbelievable they get any money from anyone. Last time I got a call I said "you don't really think I'm going to think you are from my IT department do you?". The response was "shut up" and the woman put the phone down. Next time someone calls me (assuming it is a woman) I'm going straight in with "what are you wearing.....". Free sex line FTW.

Yes?
User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: PC advice check: Taken in by a scam
by Green Gecko » Mon Jun 19, 2017 10:31 pm

There are some great videos on YouTube of software engineers etc getting scammers to remote into a virtual machine of Windows or evne Linux or something and still try to "fix the problems" as if it is Windows (they can't even tell they're in Linux) and when they're called up on it they get all offended and try to claim they are offering a legit service despite getting their leads from phishing sites and trying to charge ££££ for fixing a made up problem. It's really surreal. In this one the scammer tries to claim that he is himself being scammed and the guy just does this make teh monies from youtubes (after the reveal).

The scammer gets really upset and starts shouting, "I am smarter than you! I am better than you!" repeatedly.



Skip to 36:10 for the arguments.

Here's another one in a VM where the scammer doesn't even realise it isn't a real machine, this time a woman on the fake tech support hotline who tries to nuke the computer at the end by encrypting the entire system:


"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE

Return to “Stuff”

Who is online

Users browsing this forum: PuppetBoy, Squinty and 317 guests