We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Call Centre/gotomypc scam
Options
Caitlin_Bree
Posts: 162 Forumite
Wondering if anyone can help me:
My neighbours were call-centre scammed the other day. They allowed access to their machine but were not happy at giving their credit card details out so the call stopped before they did, thankfully.
However gotomypc was installed, remote access was enabled and setting have obviously been modified.
Their PC (XP) stopped being able to access the internet, giving DNS error messages instead of connecting. Also start-up gives a CMOS is wrong message and windows security essentials has been disabled.
I was unable to run any antivirus/malware/spyware software without starting in safemode and using a process killer beforehand, which revealed trojans and unwanted modifications. Malwarebytes got rid of the trojans, but only after restarting in safemode and running it again to catch a restore point modification which was reinstalling the trojan.
Now malwarebytes is saying the computer is clean but I'm not sure I trust it. It is connecting to the internet so that's something, but I'm still getting a CMOS error on start-up and I'm still unable to turn on security essentials.
To all intents and purposes it's working, but I have concerns as to how long it will stay working, and how safe it is to use.
I tried a system restore but all the restore points prior to the event seem to have been disabled.
I would really prefer to clean it rather than reformat, but appreciate that this may not be possible.. I know the information is a little vague, but any ideas about where to start would be gratefully received.
My neighbours were call-centre scammed the other day. They allowed access to their machine but were not happy at giving their credit card details out so the call stopped before they did, thankfully.
However gotomypc was installed, remote access was enabled and setting have obviously been modified.
Their PC (XP) stopped being able to access the internet, giving DNS error messages instead of connecting. Also start-up gives a CMOS is wrong message and windows security essentials has been disabled.
I was unable to run any antivirus/malware/spyware software without starting in safemode and using a process killer beforehand, which revealed trojans and unwanted modifications. Malwarebytes got rid of the trojans, but only after restarting in safemode and running it again to catch a restore point modification which was reinstalling the trojan.
Now malwarebytes is saying the computer is clean but I'm not sure I trust it. It is connecting to the internet so that's something, but I'm still getting a CMOS error on start-up and I'm still unable to turn on security essentials.
To all intents and purposes it's working, but I have concerns as to how long it will stay working, and how safe it is to use.
I tried a system restore but all the restore points prior to the event seem to have been disabled.
I would really prefer to clean it rather than reformat, but appreciate that this may not be possible.. I know the information is a little vague, but any ideas about where to start would be gratefully received.
:starmod:you're awesome.. act like it:starmod:
0
Comments
-
Ex forum ambassador
Long term forum member0 -
Thanks for the quick reply.
Is it suitable for people without technical computer knowledge? Or will I need someone to hold my hand?
I've seen advisors getting upset in other tech forums where people have used it without being talked through the stages, and I don't want to make the situation worse. I wouldn't describe myself as confident with this kind of thing.
The other thing I'm wondering is would it be worth clearing/resetting the CMOS? I'm not sure what it does, but did notice in the event viewer that the date had changed to 01/01/2002 while they were making changes, so.. something to do with keeping the date?
Is it likely that any system changes made would just revert/reset to it being wrong if the CMOS was cleared?
:starmod:you're awesome.. act like it:starmod:0 -
You should really get some diagnostic logs before using combofix.
That's the key.malwarebytes is saying the computer is clean but I'm not sure I trust it
We can take a look and "clean it", but the bottom line is whether you can trust it afterwards or not. If someone has had remote access in this way then I would suggest formatting an reinstalling (after backing up obviously) to be %100 certain for your own piece of mind.0 -
how old is the cmos battery > 5 years, if so a replacement is a pound or two, and should cure the cmos and date/time error.
In the meantime, the time can be synced by right clicking on the clock settings, choosing a working time server, and set to sync automatically
Could be totally unconnected with them connecting, especially if the error messages were about certificates - the prime reason they do this is to make money, not infect.
scan with a boot cd to make sure it's clean
http://forums.moneysavingexpert.com/showpost.php?p=60959257&postcount=11!!
> . !!!! ----> .0 -
I would say older than five years. So it's possible that it's coincidentally gone but my intuition is telling me something in one of the trojans has altered something.
Whatever was preventing security essentials from working seems to be doing the same with the emsisoft anti-malware. It's running in safemode but aspects of emsisoft seems to have been disabled. (windows guard not enabled?) It also wouldn't update whilst running in normal mode.
The scan has so far detected Trace.Registry.Searchit (A) and Rogue.Win32.SystemProtection (A)
:starmod:you're awesome.. act like it:starmod:0 -
Checking the hosts file and even the router for diversions.
I would factory reset the lot.Censorship Reigns Supreme in Troll City...0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards