We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
logmein123 scam... help?
Comments
-
Here's a HijackThis report. I had to cut out a section which contained links.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:08 PM, on 15/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
--
End of file - 6915 bytes0 -
Can easily install a keylogger, that emails everything to the hacker.
http://www.prorat.net/main.php?language=english
Something like that.
but a good interent security package should pick up a keylogger on your system.
but 9/10 hackers gain access onto computers through unsecure open broadband connections and IP tracking.
so
1) make sure your broadband connection is secure
2) use a program like Malwarebytes' Anti-Malware and do a complete scan on a regular basis
3) if you do get hacked contact your ISP and explain, most will change your IP anyway as this is stops and IP trackers to gain access through your IP.
4) install a good internet security package and not just FREE anti virus0 -
You can read about it here
also if you read this
https://forums.moneysavingexpert.com/discussion/3502705
Microsoft does take action against these0 -
The scam is:
Someone randomly calls you saying they are from either 'TechSupport', Microsoft Tech support, your ISP tech, Internet Tech support and so on.... they tell you that your computer is sending out viruses or spam or has been compromised and they offer to repair the problem. They then get you to download LogMein remote access software (completely legit and safe software) and that allows them to remotely access your PC, make some command screens and other 'scary' looking windows pop up then they'll delete your internet history, cache, probably clean a few other things and then charge you £130 for the 'service'
Logmein123 is a one time remote connectivity program that allows a tech to control another PC....logmein offer other programs that allow remote control at any time without user intervention.
There isn't any real evidence that they install spyware or keylogging software, unless someone has info to the contrary. These are scammers that do some work for your albeit on false pretenses, get the mug to pay and that's (usually) the end of it.
Many people's reaction on here is to format the PC, burn credit cards, bleach the cat, mouse and keyboard to be sure (which won't hurt) but after anyone has done a spyware/virus scan there seems no evidence (again, as far as anyone on forums has shown) that you get any futher PC problems. I mean asking the ISP to change your IP address and log activity? we're talking about TalkTalk or Sky broadband that can barely cope with ADSL related issues let alone doing some detective work because you were a mug! (reboot router usually changes the IP anyway)
The main issue is you paid for a service that wasn't required, you gave a stranger that works for a questionable company your credit card details as well as £130 and finally you've just discovered how gulliable and trusting you are.
I'm not saying don't treat it as a major problem because it potentially is, but going by the existing people that have been scammed it seems that no further hacking, skullduggery or other nasties have occurred.. this could change of course.
The moral? trust no one until proven otherwise that calls you out the blue or knocks on your door, stops you in the street etc.
Oh and when they next call tell them you use Ubunto.
Never trust information given by strangers on internet forums0 -
spannerzone wrote: »(reboot router usually changes the IP anyway)
some people have static IPs from ISP so this will not work in all cases.
but with many consumer forums, consumer TV reports and newspaper reports mentioning these scams, people still do not listen so when someone phones and says your computer has told us you have a problem they hand over their card details and complain when they have been scammed.0 -
some people have static IPs from ISP so this will not work in all cases.
Yep, hence usually
but with many consumer forums, consumer TV reports and newspaper reports mentioning these scams, people still do not listen so when someone phones and says your computer has told us you have a problem they hand over their card details and complain when they have been scammed.
Yes very true, I guess many now know of these scams but many many don't or the penny doesn't drop until it's too late. Clearly some of us (me especially) are far too cynical in life but many still trust complete strangers, kind of nice in theory but bites you in the !!!! so often
:rotfl:
Never trust information given by strangers on internet forums0 -
I had never heard of this scam, or anything remotely similar. My impression was of a full business, with numerous employees, based around this scam. They were extremely well organized, and very convincing until you take it out of context, at which point it's obvious. I've definitely become a very trusting person over the past couple years, and it has gotten me into a bit of trouble before, but I'll definitely never give out a credit card number ever again to someone who contacts me. Also the fact that I was less than sober and very stressed at the time probably added to my willingness to just go along with whatever I was told and get the "problem" fixed as quickly and easily as possible.
Anyway, I will certainly get a full security package as soon as I can. If you guys think my computer should be safe from these people for now, I can breathe a little easier. Please let me know of anything else you think I should do.0 -
Do you not currently have a full security package? Is Norton up to date?
Off to bed.0 -
Nope, Norton is not up to date. That's how they got me actually... I've been getting away with free software for the past couple years, so it was entirely believable to me that I might have hidden viruses on my computer. (Anytime I got suspicious I would take out my hard drive and connect it to a computer with full protection then run a scan / clean).
Oh, I almost forgot! The online scanner found 4 threats. I had to pack up computer pretty quick after, so I just asked it to take care of the threats.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards