Concerned about bots


  1. Posts : 3
    Windows 72 32 bit
       #1

    Concerned about bots


    Recently I have received numerous calls from someone claiming to be from the Windows Support Team. I have always hung up on them because I suspected they were phishing. However, the last call said that my PC was being taken over and used as a bot. Has anyone else been receiving these calls?
      My Computer


  2. Posts : 17,796
    Windows 10, Home Clean Install
       #2

    Its a hoax. They want to take over your machine. You probably have bought something on line. Given your phone number or put the information on line in other ways. When putting info online, always be sure that the http is https. In addition, if putting the information online and it is not a secure location, use a different format, for example with email mrgood xxxx at xxxx gmail dot com. You do not need to worry about your current situation. Check with AV, Malwarebytes etc. Keep your eyes open for any changes to important online accounts, such as bank or stockbroker, for any changes in balances, but no need to worry.
    Question for you, how would Windows Support even know? They are not monitoring individual computers.
      My Computer


  3. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #3

    Microsoft is way to busy to monitor over a billion computers.

    Those callers want in your computer to steal from you.
    It could be as simple as a rolo auto dialer. It just keep dialing numbers until someone falls for their trickery.
      My Computer


  4. Posts : 2,497
    Windows 7 Pro 64 bit
       #4

    I have received many such calls.

    Pay no attention to anything these callers tell you. They are trying to scare you into paying for their "services" (which they have no intention of providing). They have no knowledge of your computer or even that you have one. Many people who have never owned a computer receive these calls.
      My Computer


  5. Posts : 51,383
    Windows 11 Workstation x64
       #5
      My Computers


  6. Posts : 3
    Windows 72 32 bit
    Thread Starter
       #6

    That's what I thought, but I wanted to check. I am very careful about what I download to my PC and keep my Security software up to date. But, based on my past experiences there are always new viruses and malware being created. I was specifically going to ask how would I detect a bot if I had one?
      My Computer


  7. Posts : 17,796
    Windows 10, Home Clean Install
       #7

    The first thing that I would do is run Malwarebytes, my Antivirus then download and use the MS, Malicious software tool
    Download Malicious Software Removal Tool from Official Microsoft Download Center
      My Computer


  8. Posts : 1,049
    Windows 7 Pro 32
       #8

    dchrisma said:
    how would I detect a bot if I had one?
    There are signs to look for. You could start with this: https://www.shadowserver.org/wiki/pm...otnetDetection

    You could also try an online service like this one to check your IP address for anomalies: https://www.check-and-secure.com/start/

    And check all running processes: Process Explorer + VirusTotal (to check all processes with 50+ AV's)
    But you shouldn't trust that anti-virus products can detect it, so watch out for not verified signatures(step 11) and strange or missing descriptions and Company names. Any purple colored processes are also suspicious, it means they are packed/encrypted. And submit any "unknown" files(step 6).

    Besides that I have a batch file I run every now and then to check important files and settings on my system. Even if a malware manages to hide from scanners etc it still needs a way to start every time you boot up, so you should check the registry keys Run + Runonce + Winlogon. These parts should be general I think and needs to be run as admin to be able to read all registry keys for Local Machine(HKLM) and Current User(HKCU):
    Code:
    @echo off
    echo ***** Checking IP, DNS etc...
    
    ipconfig /all | find "IPv4 Address"
    ipconfig /all | find "DNS Servers"
    ipconfig /all | find "Default Gateway" | find /V "::"
    ipconfig /all | find "DHCP Server"
    echo.
    
    echo ***** Checking Winlogon-Userinit...
    reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" | find "Userinit"
    echo.
    pause
    echo.
    
    echo ***** Checking Runonce commands...
    reg query "HKLM\Software\Microsoft\Windows\Currentversion\runonce"
    reg query "HKCU\Software\Microsoft\Windows\Currentversion\runonce"
    echo.
    
    echo ***** Checking Run commands...
    reg query "HKLM\Software\Microsoft\Windows\Currentversion\run"
    reg query "HKCU\Software\Microsoft\Windows\Currentversion\run"
    echo.
    pause
    echo.
    
    echo ***** Checking shell open commands...
    reg query "HKLM\Software\Classes\exefile\shell\open\command"
    reg query "HKCR\exefile\shell\open\command"
    echo.
    pause
    echo.
    
    echo ***** Checking hosts file...
    echo.
    type C:\Windows\System32\drivers\etc\hosts
    echo.
    echo ***** Done!
    echo.
    pause
    Verify that the DNS point to your router or ISP, and that the Winlogon/Run/Shell commands don't include any strange or unknown programs, and that your hosts file haven't been modified. The normal setting for Winlogon is only userinit.exe. Runonce should be empty unless you just installed something that requires a restart. The Run keys will likely include several programs though. The Shell open commands are usually "%1" %* (normally no file names should be specified).


    How Safe Mode works
    When you boot to Safe Mode the Run and Runonce keys will be ignored (except for Runonce if it has a value with an asterisk (*) as prefix).
    When you boot to Safe Mode With Command Prompt the Winlogon key will also be ignored. Normally it means it won't run userinit.exe which is the process that starts explorer.exe (the desktop). But any other programs including malware specified here or in any of the Run keys won't be started either.
    So if you check these registry keys, at least no malware should be able to start in any of these ways. You could also check the integrity of system files with SFC - System File Checker. Or add the sfc command to the batch file.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:06.
Find Us