We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Fallen for the ScanGuard {Edited by Forum Team}

andyca
andyca Posts: 163 Forumite
Part of the Furniture 100 Posts Name Dropper Combo Breaker
edited 14 June 2019 at 3:31PM in Techie Stuff
My uncle has fallen for the ScanGuard {Edited by Forum Team}, (more info on ScanGuard here) tempted by an advert while playing Solitaire on his Windows 10 PC, he was simply not used to advertising being presented within applications he trusted and I can't say I blame him, I'm really disappointed with the route Microsoft have gone down with their advertising based software model but that's a discussion for another time.

He asked me to look at his machine as Edge was crashing on launch, ScanGuard removed, MalwareBytes and Microsoft MSRT run and finally Defender reinstated. (Edge works fine now)
He paid £30 approx. 3 months ago (via debit card) for it after some pressure selling and lots of fake reports of threats on his PC to convince him he really needed the product. Apparently this was a discount from the £180 he should have paid. :mad:

I have advised him to contact ScanGuard via Email or Chat and request his money back and a cancellation of auto-renewal, also make sure he gets a copy of the transcript and/or a confirmation e-mail. I've also told him to contact his bank, check for any unauthorized payments and inform them he has fallen for a {Edited by Forum Team} and not to authorize any further payments. I also told him to get a credit card (paid in full each month) and explained Section 75 protection.:money:

Just wanted to check if anyone can think of anything I've missed on a technical or consumer protection level?
I doubt he will be entitled to any money back, and as he used a debit card it will probably be impossible, but is there anything else he can do?
«13

Comments

  • were
    were Posts: 632 Forumite
    One of the first things when I got windows 10 was to uninstall the MS store. I feel that everything I want I can get elsewhere. I still use my old windows 7 Minesweeper.

    Personally I would bring up the firewall and block Scamguard, and their payment system page permanently.
  • esuhl
    esuhl Posts: 9,409 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    andyca wrote: »
    My uncle has fallen for the ScanGuard scam, (more info on ScanGuard here) tempted by an advert while playing Solitaire on his Windows 10 PC, he was simply not used to advertising being presented within applications he trusted and I can't say I blame him, I'm really disappointed with the route Microsoft have gone down with their advertising based software model but that's a discussion for another time.

    That's absolutely shocking! Microsoft should be ashamed of themselves.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    ADW cleaner to tidy up and carp leftover ..


    https://toolslib.net/downloads/viewdownload/1-adwcleaner/


    Tell your uncle to be super suspicious of all emails about stuff like this for a while,
    because he will now be labeled as a potential "mark" and these shyster companies usually sell/trade their "customer" info with each other ..
  • andyca
    andyca Posts: 163 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    edited 12 May 2017 at 5:12PM
    Thanks AndyPix - I had not seen that tool before... Probably best to download it form Malwarebytes directly for anyone else reading this: https://www.malwarebytes.com/adwcleaner/

    As I installed the full Malwarebytes Premium Suite (On a trial) hopefully it has performed all the functions that ADWCleaner would. It's nice there is a free alternative just in case people have already used up their Malwarebytes trial. Good call on being more sceptical for a while too! :)

    Full disclosure esuhl, I did also find the following on my uncles machine:
    [FONT=Calibri,Arial,Helvetica,sans-serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols]
    • Trojan Zbot - A trojan horse virus which can allow people to steal your internet banking credentials and lock your machine for ransom.
    • Yontoo - Adware which will replace legitimate adverts on legitimate web pages with adverts for scam software like ScanGuard, making you think trustworthy places like the BBC or Microsoft are recommending their products.
    • SpeedItUp - a scam tool which pretends to speed up your broadband but actually is just Adware just like Yontoo


    It could have been one of the above injecting the advert into Solitaire or a web page.
    In either case it removes all question of legitimacy for ScanGuard to allow these to remain on the machine.

    [/FONT]
  • were
    were Posts: 632 Forumite
    How about considering the free versions of reboot-restore-rx, or commodo time machine. They do similar stuff, but slightly different.
  • andyca
    andyca Posts: 163 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    Thanks for the replies were.
    The Malwarebytes is blocking the ScanGuard site for the next two weeks (until the trial runs out), so I've told him to mail/message about the refund and auto-renewal from his iPad.
    Those restoration tools are something I've considered for my parents, but I think in both cases there is a level of management required, so I've gone for education rather than regulation. :)

    I also wouldn't want to take the snapshot of the machine now as "known good", while the tools I've used are very good they are not a comprehensive guarantee that all of the latest threats are removed from the system. There could still be undetected nasties lurking, I'm considering getting him to wipe the machine and start again (if it were mine that's what I'd do). I've also told him to change his passwords (especially if one of them was used to set up an account with ScanGuard) and not to use online banking on that machine.

    I think I have answered another one of my own questions by finding the Citizens Advice -Reporting Scams page which suggests reporting the company to Trading Standards:
    https://www.citizensadvice.org.uk/consumer/scams/scams/spotting-and-reporting-scams/how-to-report-a-scam/

    That page also has this interesting section about getting a refund:
    "You can't always get your money back if you've been scammed, especially if you've handed over cash. If you've paid for goods or services by credit you have more protection and if you used a debit card you may be able to ask your bank for a chargeback."

    Thanks for all the great suggestions, hopefully this will help the next person who gets caught.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    andyca wrote: »
    Thanks AndyPix - I had not seen that tool before... Probably best to download it form Malwarebytes directly for anyone else reading this:


    The tool was created by toolslib, THAT is the original direct download.
    It has recently been bought by MBAM


    andyca wrote: »
    As I installed the full Malwarebytes Premium Suite (On a trial) hopefully it has performed all the functions that ADWCleaner would. [FONT=Calibri,Arial,Helvetica,sans-serif,EmojiFont,Apple Color Emoji,Segoe UI Emoji,NotoColorEmoji,Segoe UI Symbol,Android Emoji,EmojiSymbols]
    [/FONT]


    Nope - It does not perform the functions that ADW cleaner does. Use them in tandem
  • DavidP24
    DavidP24 Posts: 957 Forumite
    The FIRST thing you want to do is contact bank, make sure that they have not set up a recurring payment.

    As has been said many a time, Windows 10 is an Advertising and Affiliate platform, first thing I do is shut it all down and rip the guts out of it. 240 privacy setting are part of it. I find it disgusting that Microsoft to not let you uninstall all of the crap and that they put some back after updates.

    That is why I will NOT use any of their Browsers, Music/Video apps or anything Microsoft really, except maybe notepad.

    They have upped the anti with Google who created a Spy Toolbar, then a Spy Browser, Spying sites that have their widgets and Spy Phones, so not really surprised that the whole damn MS OS is spying on you.

    Mostly I stick with Win7 or dual boot Win7/10
    Thanks, don't you just hate people with sigs !
  • andyca
    andyca Posts: 163 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    AndyPix wrote: »
    The tool was created by toolslib, THAT is the original direct download.
    It has recently been bought by MBAM

    Ah ok - I thought toolslib was just a download site that anyone could contribute to... and as such not all downloads could be trusted, in either case now that Malwarebytes own it I'd probably always send someone there for the latest version rather than toolslib.
    AndyPix wrote: »
    Nope - It does not perform the functions that ADW cleaner does. Use them in tandem

    Will do!
    After seeing the sticky thread I'll also probably run a Lavasoft Ad-Aware free and Spybot S&D before I sign his machine off as safe for internet banking.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    That post is 11 years old !!


    Malwarebytes and ADW cleaner and a scan with your choice of AV and your good to go
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 347.8K Banking & Borrowing
  • 251.9K Reduce Debt & Boost Income
  • 452.2K Spending & Discounts
  • 240.1K Work, Benefits & Business
  • 616.3K Mortgages, Homes & Bills
  • 175.4K Life & Family
  • 253.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.