Long story short, I was scammed and payed a bunch of crooks $150 dollars. I feel like an idiot but there is no going back really. I have done what I can to get my money back. The problem is that I allowed them access to the computer via remote desktop and I have been informed that they may still have access to my desktop via some remote desktop background service. I went into msconfig to see if anything was out of the ordinary but I can't really tell. Is there anyway to macro-block all remote desktops programs on a windows 7 OS? Please help. Very distressful. WARNING: NOT ALL INDIANS ARE GANDI
I got scammed by Indians posing as Microsoft agents. Please Help :(
- Thread starter Zaloias
- Start date
- Apr 6, 2009
- 54,616
- 3,554
- 179,340
What makes you think you were scammed? How did you contact this service?
To turn off remote access, go to Control Panel/System/Remote Access. Configure settings as desired.
Also, you can go into Control Panel/Programs and Features and remove any programs that may have been installed.
Last, run an anti-malware program, like Malwarebytes (get at www.malwarebytes.org) and remove all it finds.
Good luck!
To turn off remote access, go to Control Panel/System/Remote Access. Configure settings as desired.
Also, you can go into Control Panel/Programs and Features and remove any programs that may have been installed.
Last, run an anti-malware program, like Malwarebytes (get at www.malwarebytes.org) and remove all it finds.
Good luck!
unoriginal1
Distinguished
- Apr 11, 2012
- 1,529
- 0
- 19,960
If you really feel like you were scammed to a point where your being hijacked I'd trust no malware or antivirus. My only option would be a full reformat and some passes with something like dban to ensure EVERYTHING was off my hdd.
That's just me thou.
But like COLGeek said, how were you scammed? Did you contact them? Did they call you? A little more info might help others avoid it, or give us incite into exactly what happened.
That's just me thou.
But like COLGeek said, how were you scammed? Did you contact them? Did they call you? A little more info might help others avoid it, or give us incite into exactly what happened.
vmem
Splendid
- Feb 17, 2012
- 3,133
- 6
- 21,465
a clean reinstall of windows is the best option, I agree
also, if these guys are posing as "Microsoft Agents", I would contact microsoft directly. their customer service isn't top notch, but it's acceptable (and sometimes very good), and they've had a recent focus on improving their company image etc etc. perhaps there are things they can do to help you with your situation
also, if these guys are posing as "Microsoft Agents", I would contact microsoft directly. their customer service isn't top notch, but it's acceptable (and sometimes very good), and they've had a recent focus on improving their company image etc etc. perhaps there are things they can do to help you with your situation
moulderhere
Distinguished
- Oct 8, 2012
- 898
- 1
- 19,165
Zaloias:
I suggest you go backup your data and run dban, then re-install windows.
Really, don't bother spending the hours configuring your Win 7 firewall, and running full scans on your current setup, when you can re-install and start fresh.
Please understand this is probably the best fix for you. I know it isn't what you want to read like the others are as well suggesting this. Though it is the best way to remedy your problem.
Next time if you are really worried about your pc, you can post here on Tomshardware to inquire about before paying $150.
I suggest you go backup your data and run dban, then re-install windows.
Really, don't bother spending the hours configuring your Win 7 firewall, and running full scans on your current setup, when you can re-install and start fresh.
Please understand this is probably the best fix for you. I know it isn't what you want to read like the others are as well suggesting this. Though it is the best way to remedy your problem.
Next time if you are really worried about your pc, you can post here on Tomshardware to inquire about before paying $150.
unoriginal1
Distinguished
- Apr 11, 2012
- 1,529
- 0
- 19,960
I still want to know what happened lol.
I mean if they didn't have him/her making changes, downloading and installing things etc. Then I don't see anyways the machine would be compromised. I would only see a issue of giving out cc info for a payment on something bogus.
Hope the OP replies
. But I agree with all the answers thus far.
*edit* and with further reading/comprehension I'm an idiot... "allowed them remote access" NEVERMIND... I'd do a full reformat / dban lol.
I mean if they didn't have him/her making changes, downloading and installing things etc. Then I don't see anyways the machine would be compromised. I would only see a issue of giving out cc info for a payment on something bogus.
Hope the OP replies
. But I agree with all the answers thus far.*edit* and with further reading/comprehension I'm an idiot... "allowed them remote access" NEVERMIND... I'd do a full reformat / dban lol.
Here is a link to a description of the scam:http:// Essentially, what they have you do is download a remote desktop software and then show you all this stuff to make you think their is a virus or something on the computer. You fall for it and pay them money for a "software warranty."
My main issues is that they may have also installed some remote desktop software that runs in the background and cant be seen or removed normally. Looking back on it, it was so obvious that it was a scam. I mean, I realized it was a scam the same day, but ya they still got me cuz I'm a gullible fool that is too trusting I guess. It was a good scam though. Very convoluted. Very well thought out.
My main issues is that they may have also installed some remote desktop software that runs in the background and cant be seen or removed normally. Looking back on it, it was so obvious that it was a scam. I mean, I realized it was a scam the same day, but ya they still got me cuz I'm a gullible fool that is too trusting I guess. It was a good scam though. Very convoluted. Very well thought out.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
Have a look in Control Panel>Programmes and Features to see if a utility named TeamViewer has been installed without your knowledge. If it has, uninstall it, track down remnants in Users>AppData (with hidden and protected files set to show) then search the Registry for remaining entries and delete each one.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
Second thought - you should be able to get your money back from the credit/debit card company on grounds that this is a known scam and they shouldn't be handling these transactions. That works here in the UK.
You said not all Indians are Ghandi - they're not all Sitting Bull either but quite of few of them are like his wife - Lying Cow.
You said not all Indians are Ghandi - they're not all Sitting Bull either but quite of few of them are like his wife - Lying Cow.
dextermat
Splendid
- Sep 21, 2007
- 4,957
- 0
- 24,960
Hi,
I have a small business that repairs computer and i have bunch of costumers that were scam.
Some didn't have any problems, infection. But some other had their computers completely screwed up.
(Could not recover from partition, weird stuff happening in windows, programs not opening and such)
What program did they use to get into your computer ? (logmein ?, teamviewer ?)
The backdoor program they use is most likely not fond by malwarebytes or other because it's been installed intentionally.
If you use your computer for banking and such, I recommend a full format!
I have a small business that repairs computer and i have bunch of costumers that were scam.
Some didn't have any problems, infection. But some other had their computers completely screwed up.
(Could not recover from partition, weird stuff happening in windows, programs not opening and such)
What program did they use to get into your computer ? (logmein ?, teamviewer ?)
The backdoor program they use is most likely not fond by malwarebytes or other because it's been installed intentionally.
If you use your computer for banking and such, I recommend a full format!
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
I also fix PCs for my living and have found that these TeamViewer attacks are fully safe to use when it's been uninstalled and ComboFix has scanned and cleaned up. Most folks can't reinstall - they were never given a Windows DVD and most never created the backup set.
Saga Lout :
Second thought - you should be able to get your money back from the credit/debit card company on grounds that this is a known scam and they shouldn't be handling these transactions. That works here in the UK.
You said not all Indians are Ghandi - they're not all Sitting Bull either but quite of few of them are like his wife - Lying Cow.
You said not all Indians are Ghandi - they're not all Sitting Bull either but quite of few of them are like his wife - Lying Cow.
I am pretty sure it was team viewer. I will try the combofix also.
vmem
Splendid
- Feb 17, 2012
- 3,133
- 6
- 21,465
That's why I said contact the REAL MICROSOFT SERVICE, and ask them for help. I mean, if he's going to install teamviewer, and allow a 3rd party to remote control his computer and probably install "helpful software" and look at "infection statistics", removing teamviwer is the least of his problems. hell, teamviewer is a perfectly legit piece of software used by many companies etc.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
I'd love to be wrong in this but I don't believe he would get any unpaid help from Microsoft and although they might appreciate the IP address of anyone scamming in their name, I very much doubt he has that information.
Maybe one of their kind folk would drop in on this one and throw some light - it is quite a problem here in the UK where many older PC users fall for the "I can see inside your computer system" scam telephone call - some of them when it isn't even switched on.
Maybe one of their kind folk would drop in on this one and throw some light - it is quite a problem here in the UK where many older PC users fall for the "I can see inside your computer system" scam telephone call - some of them when it isn't even switched on.
You can actually check if they still are connected to your PC, with a little use of command prompt.¨
First of all you have to close all programs that uses an internet connection (There will still be some programs running, such as firewall etc. but it doesn't matter)
Go to start, and in the search box type: Cmd and hit enter.
Type in: Netstat -ano
You will see a list of IP adresses, and next to that you will see if its "LISTENING" or "ESTABLISHED"
"ESTABLISHED", means that, some program is connected to your computer by the internet.
Next to ESTABLISHED, you see a column called "PID", and then you see the program has a number.
Now open your taskmanager: (Hold CTRL + SHIFT + ESC). now head to "Processes" and press "View" > "Select columns" and choose PID (Process Identifier). Now you will be able to see the PID Number.
In the command prompt you check the PID number, and in your Taskmanager you close the process with the PID number that was shown in Command Prompt.
* AND ALSO! before you close process you got a mistake to, right click and press "Open file location", then you can remove the unwanted program, because maybe its a program that opens with windows, so close process won't always be enough.
Best Regards,
Zmokamok
First of all you have to close all programs that uses an internet connection (There will still be some programs running, such as firewall etc. but it doesn't matter)
Go to start, and in the search box type: Cmd and hit enter.
Type in: Netstat -ano
You will see a list of IP adresses, and next to that you will see if its "LISTENING" or "ESTABLISHED"
"ESTABLISHED", means that, some program is connected to your computer by the internet.
Next to ESTABLISHED, you see a column called "PID", and then you see the program has a number.
Now open your taskmanager: (Hold CTRL + SHIFT + ESC). now head to "Processes" and press "View" > "Select columns" and choose PID (Process Identifier). Now you will be able to see the PID Number.
In the command prompt you check the PID number, and in your Taskmanager you close the process with the PID number that was shown in Command Prompt.
* AND ALSO! before you close process you got a mistake to, right click and press "Open file location", then you can remove the unwanted program, because maybe its a program that opens with windows, so close process won't always be enough.
Best Regards,
Zmokamok
Just a thought on this-
I know that a lot of companies, especially small businesses use Teamviewer, but for those that don't, is there a way to script a remote system drive format to erase the perpetrator's HD with a program, (like HD.Killer), when a Teamviewer connection is established?
Just thinking in print- I want to make it so these guys are penalized for their Social Engineered Extortion.
I know that a lot of companies, especially small businesses use Teamviewer, but for those that don't, is there a way to script a remote system drive format to erase the perpetrator's HD with a program, (like HD.Killer), when a Teamviewer connection is established?
Just thinking in print- I want to make it so these guys are penalized for their Social Engineered Extortion.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
This thread is a year old and is about to be closed. We can't support your suggestion, bobmac010 or we would be acting Judge and Jury. Besides which, if it was possible I would have done it long ago because I encounter these con-tricksters every day of my working week.
because I encounter these con-tricksters every day of my working week. TRENDING THREADS
-
-
News Firefox user loses 7,470 opened tabs saved over two years after they can’t restore browsing session- Started by Admin
- Replies: 58
-
Question Looking to upgrade my pc for more video and photo editing with light gaming.
- Started by fuzmaster
- Replies: 3
-
News Apple debuts M4 processor in new iPad Pros with 38 TOPS on neural engine
- Started by Admin
- Replies: 80
Latest posts
-
Question FPS Stutter and odd performance. RTX 4070 Ti Super I9-12900k
- Latest: AlmightyKing
-
-
-
-
Facebook
Twitter
Instagram