Online PC Masters - scam

InaPickle

*Bump*

I just got a phonecall from these guys. I played with them for a few minutes before tellng them that if they ever tried to ring me up and scam information out of me, I would call the police.

They hung up.

earlsfield_2

I am an OAP and over the past few years have felt proud of myself
for being able to get to grips with my lap top. Or so I thought I am ashamed to admit I have alowed myself to be duped into a scam.
I received a call from a person at PC Masterswho said he was working with Microsoft and that my computer was in danger of crashing because of errors. I was then convinced to allow him to
access my laptop via Teamviewer. He showed me the errors
(or so I thought) and said to correct them I needed new software
which I could purchase. This I did and after the installation my computer which was working slowly seemed to be much quicker.
I am now very worried that my bank details etc have been
accessed. What can I do to protect myself, I am so worried
and feel such a fool. Please can anyone help me?

davb

earlsfield wrote: »

I am an OAP and over the past few years have felt proud of myself
for being able to get to grips with my lap top. Or so I thought I am ashamed to admit I have alowed myself to be duped into a scam.
I received a call from a person at PC Masterswho said he was working with Microsoft and that my computer was in danger of crashing because of errors. I was then convinced to allow him to
access my laptop via Teamviewer. He showed me the errors
(or so I thought) and said to correct them I needed new software
which I could purchase. This I did and after the installation my computer which was working slowly seemed to be much quicker.
I am now very worried that my bank details etc have been
accessed. What can I do to protect myself, I am so worried
and feel such a fool. Please can anyone help me?

Not entirely sure about the bank side, I would say that you need to contact your bank and tell them that your card details may have been compromised - most have a 24/7 number for this. I assume that they would cancel the card and issue you a new one.

As far your PC is concerned, then a good start would be to run malwarebyes and hijackthis scans to be sure nothing dubious has been installed.

davb

Download malwarebytes, install, update, run a full scan, and post the log here.
Also download hijackthis, install, scan and create a log, DO NOT FIX anything, just post the log here.

soulandy

well well well!! I have just put the phone down on these guys, I guy called "Paul", yeh right, with a very broad sounding Indian accent. Kept telling me he worked on behalf of microsoft and that my PC keeps sending error messages, which it has after a few crashes. Wanted some money:rotfl::rotfl:. I knew where he was coming from and when I said I couldn't turn the PC on he said he'll ring tomorrow. Where do they get all the info from,?? Also told me not to click on any Bin Laden links as they all/most have a virus attached.

EvilScotsman

aarrgghh wrote: »

You mention this guys typos. You have a few of your own I see. "managers" manages. "allot" a lot. "all you have done is ran a program" run.
Not being picky but it makes me wonder about your story,

You've made a couple of mistakes there yourself: it should be "guy's typos" as it's a single guy, not plural, and it should be a full stop at the end of the sentence. Not being picky...:D

Having said that, people writing alot, and I know it was allot above, does bug me a lot.
http://hyperboleandahalf.blogspot.com/2010/04/alot-is-better-than-you-at-everything.html

alib2602

I too have just got off the phone and been scammed by these awful people. Luckily I refused to pay any money, when they got extremely rude with me. I asked to speak to the manager and he too was rude-so I sent an e-mail via their very proffessional looking website to have an auotreply saying it doesn't exist! I am however concerned that I downloaded an application via ammyy for remote access to my computer (I'm avery dubious person but they ensured me they were from microsoft and did not want my computer to crash) davb I have taken your advice and downloaded malwarebytes (hijackthis wouldn't load) and it has returned with 7 infections: 6 being PUP.Casino and 1 Rogue.AntivirusCentre. Will these be of concern and should I remove them? Will they still be able to access my computer?

I too feel an extreme idiot,, as I consider myself quite clued up on these scams-however they are soo convincing. Surely this needs to be taken to another level-but where?

RussJK

alib2602 wrote: »

I downloaded an application via ammyy for remote access to my computer (I'm avery dubious person but they ensured me they were from microsoft and did not want my computer to crash) davb I have taken your advice and downloaded malwarebytes (hijackthis wouldn't load) and it has returned with 7 infections: 6 being PUP.Casino and 1 Rogue.AntivirusCentre.

When you say downloaded, do you also mean that you ran or installed it? Did you see the people access your computer, i.e. the mouse moving around, etc? What kind of things did they do?

I would run system restore to a date before you got received the phone call, then reinstall Malwarebytes, update it, and re-run the scan.

alib2602

RussJK wrote: »

When you say downloaded, do you also mean that you ran or installed it? Did you see the people access your computer, i.e. the mouse moving around, etc? What kind of things did they do?

Thanks RussJK for your reply. I can't quite remember other than I did click run-but I don't think I installed it (could this happen?) Anyway he basically viewed my screen (he didn't take control but could see what I was doing) and as I was directed by him to go to event viewer where he told me I had errors that needed fixing for £48.50. I then said no I wouldn't pay-and spoke to the manager to complain that I should have been advised at the beginning of a cost and also I wasn't happy they had been able to view and access my computer. I closed everything down and now am using a seperate computer to look up about the scam. I have re-opened to run malwarebytes. How do I do system restore before running this again?

RussJK

alib2602 wrote: »

Thanks RussJK for your reply. I can't quite remember other than I did click run-but I don't think I installed it (could this happen?) Anyway he basically viewed my screen (he didn't take control but could see what I was doing) and as I was directed by him to go to event viewer [...] I wasn't happy they had been able to view and access my computer.[...] How do I do system restore before running this again?

Normally the scam script goes like this:

• They say they are from Microsoft and have detected "viruses and errors causing your computer to crash" - they aren't, and they can't;
• They direct you to do: Start, Run, type eventvwr, enter - which loads Event Viewer loads. They then use the error list to impress and frighten the person into thinking something's wrong (nothing necessarily is);
• They then get the person to install remote support software, and possibly malware/keyloggers.

You say you had already downloaded "ammyy"? and when you did, did you choose "run" instead of "save" from the browser?

Best thing would be the disconnect the internet, then load the compromised system.
If it is XP, then follow these instructions to load System Restore:
http://support.microsoft.com/kb/306084

If it is Vista or Windows 7, just type "system restore" into the start menu, and it'll search for it, then press enter to run it.

Follow the prompts, and make sure the date of the Restore Point is a date before all this happened. Afterwards, reconnect the net and run Malwarebytes, Update it, and run a Quick scan. If you find anything, post the log and then try the full scan.

Secondly, please run HijackThis and choose 'do system scan and save log', but don't Fix anything. It'll show if there is anything obvious running that shouldn't be, and open up notepad with a log - just copy/paste the whole of the log here. It's quite quick, and won't affect your privacy. Save this file to the desktop, then hold down LEFT SHIFT and RIGHT CLICK on the file and select 'Run as Administrator':
http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Lastly, it wouldn't hurt to run CCleaner in order to clean out all temporary files, in case anything is hiding in there:
http://www.filehippo.com/download_ccleaner