Monthly Archives: December 2013

Fake Tech Support and Phone Scams

A friend called me today after falling for a scam. She would not have even realized there was a problem if her computer had not started acting strange.

She told me she got a call apparently from India. They told her that her windows was expiring and her computer was at risk and claimed they were from Microsoft. WINDOWS DOES NOT EXPIRE, unless of course you don’t have a legal copy to start with. We will assume you are legal for this.

She admitted she followed their instructions and let them access her machine remotely and paid the $29.00. Since I had no idea what they had done and she said she couldn’t boot the machine I walked her through restarting in safe mode which worked. I then had her run a system restore from a command prompt “rstrui.exe” and restore it to a couple of days prior. Had I been looking at it myself I might have tried to figure out what they did but since I didn’t have the machine I figured the safest thing to do was restore it.

First piece of advice: Microsoft will not call you that way. If someone does it is most likely a scam, HANG THE PHONE UP. If you do talk to them ask questions, get their information and write it down then report it to the local authorities. Second thing: Never give anyone remote access to your computer, unless you know them and trust them, you initiated the call for support to a legitimate support (ie Dell, HP, Microsoft etc.).

If you want to read more you can check Windows Security Blog , ZdNet , the guardian. That is only three but if you search you can find many more.

I had not seen this myself. A friend contacted me and said he had been infected with it. I started doing a little research.

Seems to be adware more than anything. I personally despise adware, viruses and malware. When I see it on my computer I get rid of it and anything associated with it.

The first thing you could try if it hasn’t been on your computer long is to restore your machine to a previous date (before you were infected). Even if you do that I would suggest scanning the machine to make sure.

Rather than duplicate everything that is already out there about it you can check this page for detailed information. They have a lot of details about it and links to all the tools to scan and remove.

Hope it helps.