Question about scammers...

[fojacko]

Ok, so my nan recently got scammed by someone pretending to be Microsoft. From what she's told me and from what i've seen on her laptop, they used remote desktop to install CCleaner. Now, she's payed them (she knows what she did was an idiotic thing, but we all make mistakes) and her laptop has increased in performance. Now, here's the question, Is it possible that they've actually fixed her laptop or is there most likely a virus on her laptop now?

 

PS: I'm in the process of running her laptop. After making the payment, she realized that it was a scam, so she immediately canceled her credit card and the credit card company are tracking the payment to see if it makes it's way to Microsoft (which it wont). If it doesn't they'll charge-back the transaction.

 

PPS: I've disabled remote control, so when they notice that the payment has been refunded, they can't control her laptop again. Also, she knows just to hang up if this happens again.

[Guest]

99% sure that was a scam. Making money off installing free programs.. 

[fojacko]

99% sure that was a scam. Making money off installing free programs.. 

 

Yeah, I know it's a scammer, but will they leave a virus behind or not?

 

I ran a full scan, but no threats have been detected.

[911^NEmeSis]

Well there is always a possibilty and as they are scammers, they probably had the mind to do so.

[fojacko]

What would you suggest doing to see if there is anything there? Her anti-virus (kaspersky) didn't pick up anything and when they were scamming her, they didn't disable her Anti-virus, so idk right now.

[Topido]

You should do a virus scan just in case.

[BroKenFingers]

Run the Kaspersky boot disk scanner and check for root kits..better to be as safe as you can be..have you had your Mom change all her passwords and login info..?

[GoodBytes]

Microsoft NEVER EVER calls anyone.

If you get a contact from Microsoft, it's going to be a sign package which contains a cease and desist letter or law suit.

 

I have received 3 months ago, a call from "Microsoft", saying how my Windows is not genuine, and that they need to check for it (wtf?), anyway, for fun I acted like an idiot, and said, "let me turn on my computer". In reality my computer was on, but I started Virtual Box with Windows 7 on it, and configured everything so that when she remote desktop to my computer, as he asked for this, it would connect to the virtual PC.

I acted as if my computer was slow. Once everything was setup and tested, I went to some Indian website for some remote desktop software, where everything was in Indian, and the idiot tell me to press button in Indian, like if I understood it. Anyway after 20min after that and running on the virtual PC, he connects, and opens the command line of Windows, type some random command prompt, like getting disk info, and such... then types the command "verify". Which, if you guys try, returns "Verifier is off". For those you know, verify tells Windows whether to verify that your files are written correctly to a disk. He also installs a software that locks the computer into a full screen web page, of "Microsoft". That website is saying that my version of Windows is non-genuine with a counter of 10min on top (the page was FILLED with grammar, typos and spelling mistakes, and sentences that didn't make any sense), and asks for credit card information. Anyway, he starts explaining to me how my version of Windows is not genuine, and that I must fill in the form to "unlock my computer, and that's the only way... and If I don't in the next 10min, all my personal files will be gone.", and hangs up and disconnects remotely.

 

Of course, Ctrl+Alt+Delete does the trick to kill his stupid program. The website is run locally from what I saw in the temp directory, so I am not sure how that info works... I guess it e-mails it my credit card information or sends it to a webpage. Anyway, fun 30min experience. Anyway, closed the remote session, and deleted the virtual environment, just in case that program put viruses as well or something,

 

I did call my phone provider, which stated that they can't do anything as the phone number is blocked. I called the local authorities, but again they said that they can't do anything. They advices me to contact my bank if I gave any peace of information to them. Oh well :/