Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Concerned about bots

28 Dec 2014   #1
dchrisma

Windows 72 32 bit
 
 
Concerned about bots

Recently I have received numerous calls from someone claiming to be from the Windows Support Team. I have always hung up on them because I suspected they were phishing. However, the last call said that my PC was being taken over and used as a bot. Has anyone else been receiving these calls?


My System SpecsSystem Spec
.
28 Dec 2014   #2
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Its a hoax. They want to take over your machine. You probably have bought something on line. Given your phone number or put the information on line in other ways. When putting info online, always be sure that the http is https. In addition, if putting the information online and it is not a secure location, use a different format, for example with email mrgood xxxx at xxxx gmail dot com. You do not need to worry about your current situation. Check with AV, Malwarebytes etc. Keep your eyes open for any changes to important online accounts, such as bank or stockbroker, for any changes in balances, but no need to worry.
Question for you, how would Windows Support even know? They are not monitoring individual computers.
My System SpecsSystem Spec
28 Dec 2014   #3
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Microsoft is way to busy to monitor over a billion computers.

Those callers want in your computer to steal from you.
It could be as simple as a rolo auto dialer. It just keep dialing numbers until someone falls for their trickery.
My System SpecsSystem Spec
.

28 Dec 2014   #4
LMiller7

Windows 7 Pro 64 bit
 
 

I have received many such calls.

Pay no attention to anything these callers tell you. They are trying to scare you into paying for their "services" (which they have no intention of providing). They have no knowledge of your computer or even that you have one. Many people who have never owned a computer receive these calls.
My System SpecsSystem Spec
28 Dec 2014   #5
z3r010

 

My System SpecsSystem Spec
28 Dec 2014   #6
dchrisma

Windows 72 32 bit
 
 

That's what I thought, but I wanted to check. I am very careful about what I download to my PC and keep my Security software up to date. But, based on my past experiences there are always new viruses and malware being created. I was specifically going to ask how would I detect a bot if I had one?
My System SpecsSystem Spec
28 Dec 2014   #7
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

The first thing that I would do is run Malwarebytes, my Antivirus then download and use the MS, Malicious software tool
Download Malicious Software Removal Tool from Official Microsoft Download Center
My System SpecsSystem Spec
28 Dec 2014   #8
Tookeri

Windows 7 Pro 32
 
 

Quote   Quote: Originally Posted by dchrisma View Post
how would I detect a bot if I had one?
There are signs to look for. You could start with this: https://www.shadowserver.org/wiki/pm...otnetDetection

You could also try an online service like this one to check your IP address for anomalies: https://www.check-and-secure.com/start/

And check all running processes: Process Explorer + VirusTotal (to check all processes with 50+ AV's)
But you shouldn't trust that anti-virus products can detect it, so watch out for not verified signatures(step 11) and strange or missing descriptions and Company names. Any purple colored processes are also suspicious, it means they are packed/encrypted. And submit any "unknown" files(step 6).

Besides that I have a batch file I run every now and then to check important files and settings on my system. Even if a malware manages to hide from scanners etc it still needs a way to start every time you boot up, so you should check the registry keys Run + Runonce + Winlogon. These parts should be general I think and needs to be run as admin to be able to read all registry keys for Local Machine(HKLM) and Current User(HKCU):
Code:
@echo off
echo ***** Checking IP, DNS etc...

ipconfig /all | find "IPv4 Address"
ipconfig /all | find "DNS Servers"
ipconfig /all | find "Default Gateway" | find /V "::"
ipconfig /all | find "DHCP Server"
echo.

echo ***** Checking Winlogon-Userinit...
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" | find "Userinit"
echo.
pause
echo.

echo ***** Checking Runonce commands...
reg query "HKLM\Software\Microsoft\Windows\Currentversion\runonce"
reg query "HKCU\Software\Microsoft\Windows\Currentversion\runonce"
echo.

echo ***** Checking Run commands...
reg query "HKLM\Software\Microsoft\Windows\Currentversion\run"
reg query "HKCU\Software\Microsoft\Windows\Currentversion\run"
echo.
pause
echo.

echo ***** Checking shell open commands...
reg query "HKLM\Software\Classes\exefile\shell\open\command"
reg query "HKCR\exefile\shell\open\command"
echo.
pause
echo.

echo ***** Checking hosts file...
echo.
type C:\Windows\System32\drivers\etc\hosts
echo.
echo ***** Done!
echo.
pause
Verify that the DNS point to your router or ISP, and that the Winlogon/Run/Shell commands don't include any strange or unknown programs, and that your hosts file haven't been modified. The normal setting for Winlogon is only userinit.exe. Runonce should be empty unless you just installed something that requires a restart. The Run keys will likely include several programs though. The Shell open commands are usually "%1" %* (normally no file names should be specified).


How Safe Mode works
When you boot to Safe Mode the Run and Runonce keys will be ignored (except for Runonce if it has a value with an asterisk (*) as prefix).
When you boot to Safe Mode With Command Prompt the Winlogon key will also be ignored. Normally it means it won't run userinit.exe which is the process that starts explorer.exe (the desktop). But any other programs including malware specified here or in any of the Run keys won't be started either.
So if you check these registry keys, at least no malware should be able to start in any of these ways. You could also check the integrity of system files with SFC - System File Checker. Or add the sfc command to the batch file.
My System SpecsSystem Spec
Reply

 Concerned about bots




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Fake users or bots???
Whatever ya want to call them, dose anybody know anything much about them? Like how much trouble is it to write a programe or what ever it is ya need to do to get a bot to sign up to a site and make pointless posts like "I'm energized to be one of the new users within your community, and...
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:34.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App