Grandma allowed Computer 350 Tech scammer to install junk.

[byzantine]

Hi,

My chore is to remove the icon and the associated malware that my grandmother has allowed the scammers to download. She also gave them remote access to her computer and I want to make sure that is gone.

When I right click on the icon there is no "uninstall" option, of course.

I don't want to left click on it (execute it) because God only knows what it would do then.

The icon on the desktop is titled "Computer 350 Tech".

She is running Windows 7.

Thanks

 

[z3r010]

Honestly, you really need to wipe the machine and reload it, you have no idea what type of malware could be installed in the background.

 

[Paul Black]

Hi byzantine,

My chore is to remove the icon and the associated malware that my grandmother has allowed the scammers to download. She also gave them remote access to her computer and I want to make sure that is gone.

When I right click on the icon there is no "uninstall" option, of course.

I don't want to left click on it (execute it) because God only knows what it would do then.

The icon on the desktop is titled "Computer 350 Tech".

Well, I would definately, without a shadow of a doubt, re-install Windows. You will probably never get to the bottom of what they have done, and therefore you will leave yourself open to all sorts of risks. It is just not worth it, believe me!

RE-INSTALL.

How do you know they were scammers, what exactly happened?
How was the icon put onto the desktop, was it from a link that she received or was it by remote access?
Do you know what remote access program/software they used?
I assume that the program doesn't show in up Programs and Features?

I hope this helps!

 

[Barman58]

You also need to consider changing all passwords used ever on the PC - tthe remote access would have given the scammers complete access to the system and they will have stolen all passwords and account details stored on the hard disk and probably installed a keyboard scanner which will steal any passwords that were not stored on the system the next time they are used, any bank details will likely already been sold, so check with relevant financial agents, and do this quickly, most banks will protect the accounts in this situation, but only those transactions that occur after they are informed

 

[Paul Black]

You also need to consider changing all passwords used ever on the PC - the remote access would have given the scammers complete access to the system and they will have stolen all passwords and account details stored on the hard disk and probably installed a keyboard scanner which will steal any passwords that were not stored on the system the next time they are used, any bank details will likely already been sold, so check with relevant financial agents, and do this quickly, most banks will protect the accounts in this situation, but only those transactions that occur after they are informed

Excellent points and post Barman58 .

 

[byzantine]

Hi byzantine,




Well, I would definately, without a shadow of a doubt, re-install Windows. You will probably never get to the bottom of what they have done, and therefore you will leave yourself open to all sorts of risks. It is just not worth it, believe me!

RE-INSTALL.

How do you know they were scammers, what exactly happened?
How was the icon put onto the desktop, was it from a link that she received or was it by remote access?
Do you know what remote access program/software they used?
I assume that the program doesn't show in up Programs and Features?



I hope this helps!

She doesn't remember it very well. I don't know if it was a phone call, or an email, or a pop-up. They said her Gmail would no longer work due to a virus, and they would set her up with a Yahoo account for $150. She gave them her credit card number, and also gave them access to her computer (somehow).
The $150 charge has shown up on her card already, but no other ripoff yet. She was supposed to call her credit card and have it closed and a new one issued. I have to check with her on that.

Programs and features shows a Microsoft.net Framework 4.7.2 intstallation on 9/11/18. Could that be it?

 

[Paul Black]

Hi byzantine,

Programs and features shows a Microsoft.net Framework 4.7.2 intstallation on 9/11/18. Could that be it?

Definately not that, that is legit.

I hope this helps!

 

[byzantine]

Hi byzantine,


Definately not that, that is legit.

I hope this helps!

Yes, thanks. How can I tell if a keylogger has been installed? Will it have a name listed somewhere?

 

[Paul Black]

Hi byzantine,

She doesn't remember it very well. I don't know if it was a phone call, or an email, or a pop-up. They said her Gmail would no longer work due to a virus, and they would set her up with a Yahoo account for $150. She gave them her credit card number, and also gave them access to her computer (somehow).
The $150 charge has shown up on her card already, but no other ripoff yet. She was supposed to call her credit card and have it closed and a new one issued. I have to check with her on that.

This does indeed sound like she has been scammed.

How can I tell if a keylogger has been installed? Will it have a name listed somewhere?

If you are thinking that you are going to be able to sort this out and get rid of all the remnants of what they have done, I am afraid that you are going to be disappointed. These scammers are very clever and don't leave very many clues as to what they have done, or are about to do, if any.

The amount of time you will spend trying to rectify this will be hours and hours, and then you will never really know if you have been totally successful. Then, all of a sudden, her bank account will show zero.

The only logical and sensible solution to this is to re-install Windows 7, honestly. Also, don't forget to get her to change ALL her passwords immediately. I can't stress this enough!

I hope this helps!

 

[SIW2]

Make sure you have the windows license key.

 

[byzantine]

I called her bank and had them suspend the online access to her account. Told them what happened. Bank (fraud dept) thinks simply having Geeksquad or Bestbuy run a virus scan, and certifying the computer virus-free will be enough to unsuspend the online access., and my Mom can merrily use the account again, after changing passwords.

Obviously you guys think the virus scan alone will not be enough, right?

Reloading Windows 7 sounds like an enormous ordeal.

What about doing a Housecall TrendMicro virus scan?


Best buy wants $149 for a virus check. Same with Geeksquad.

 

[SIW2]

$149 ? wow.

The best advice is to wipe and reinstall. Easy for us to say - we do it often, so we find it quite quick and easy.

If you are determined not to to do that, $149 - they are charging for their time. It is possible to have a go yourself - but that requires several different tools - there are plenty of free ones. However, that is more time and effort than reinstalling. More importantly, reinstalling is the safest way.

 

[Barman58]

I could probably supply and fit a replacement Hard Drive for that, but I may be missing something


You could go to Bleeping Computer [ BleepingComputer.com - News, Reviews, and Technical Support ]and open a case there, they are the de facto experts in that field and would do a much better job instructing you to perform the tasks required. and all they would ask for is a donation that you can afford, and that is optional.

It does mean that you would perform all the tests and remedial work under instruction but the guys over there are used to dealing with all levels of experience.

You can if you wish post a link back here which will save typing out too much again

 

[Rainner]

Reloading Windows 7 sounds like an enormous ordeal.

It does sound intimidating at first, but it isn't that bad. I would NOT pay for one of these services, knowledge is power and this is a great thing to learn for your future.

I would suggest bringing it back to factory default as this is the most effective to remove all the crap;

1. Find and save all your personal files such as pictures, docs etc. that you don't want to loose. Back them up to a external source like a thumb drive. Then again, you may not have much. If you use all the defaults for saving, this will be very easy for you to do.

2. Make a list of any important software you added to this system as this will be deleted during the restoration; Have the software on hand to reinstall including activation numbers etc. or the links to it, or the compressed files. It's good to keep a list of this off the pc for times like this.

3. If you LOVE your bookmarks like I do, export them.

4. If you have anything special, files, coding, configs you spent allot of time on, save them also.

The rest is easy very easy:

Go to 'Control Panel' > 'Recovery' > Advanced Recovery Methods > 'Return Your Computer To Factory Condition'

This is extremely thorough and easy. When it's done, your system will be just the same and as fast as the day it was purchased.

-So if you had added software, you would now reinstall that
-Add back your pics, docs etc.
-import your bookmarks

That's it! It really is simple
---------------------------------------------------------

Additional Thought for Future Safety and Ease of Recovery

I personally have a load of software I had to reinstall, most people do not have this problem. But to eliminate the need to reinstall the software I have WHEN this occurs again, what I do is:

Once my new system is back up and I installed my software packages, if everything is cool, I then create an IMAGE file. This way, next time, and there always is, I can reinstall my IMAGE file instead of the Factory Default and my system will be like new except this time with my added software packages so I don't have to reinstall them.

Good food for thought

- Rainner

 

[file3456]

Next time clone the computer to an adequate USB external HDD so when disator strikes you can simply clone back.

If grandma is just surfing the net and printing things, then it might be worthwhile to use some flavor of Linux. Many use Linux Mint.

Screenshots - Linux Mint

 

[feetand nches]

Maybe there was not remote access at all, if you know what to look for you could tell. I agree with what others said above, but if there was no remote access then there is no need to get crazy.

If she is able, ask her if she gave them any passwords, or if they asked her to download anything? Otherwise there was no remote access. "They" cannot download anything without her doing so. Unless a remote access piece of software was installed prior and they asked her to click on it and give THEM the password. Do you know if Teamviewer is installed, look in Programs and Features.

If LogmeIn was installed it should be in the C: Drive or on Program Files or Program Files (x86) Don't get me wrong, anything is possible, but you have to allow access to get access. Sometimes our clients will think they were hacked because they got a browser hijack or something. A browser hijack is scary to someone that don't know what it is, but if she didn't download a program, install it and give them the password then it's unlikely she was hacked. A browser hijack will also demand you call a phone number and then they try to talk you into paying them, this is what they do, low level scammers praying on the elderly. Giving someone your credit card info does not allow access to your computer. Just something to think about before reformatting your pc.

Malwarebytes is very good in addition to what you using now. What AV product are you using now?

Do you have a good restore point available?

Was she storing Passwords in a Browser without being password protected? Even if she was and they were unprotected they would again had to have access to the pc.

 

[Paul Black]

Hi Nasty7,

My chore is to remove the icon and the associated malware that my grandmother has allowed the scammers to download. She also gave them remote access to her computer and I want to make sure that is gone.

When I right click on the icon there is no "uninstall" option, of course.

I don't want to left click on it (execute it) because God only knows what it would do then.

The icon on the desktop is titled "Computer 350 Tech".

We have all gone with the fact that the computer has been hacked because of the OP's comments above.

You have made some good observations and comments in your post above. I am sure that anyone else coming across this thread that has a similar problem will find them very useful.

I still think that at the end of the day, for security reasons and piece of mind, that a re-install is the best option available.

 

[feetand nches]

We have all gone with the fact that the computer has been hacked because of the OP's comments above.

With all do respect I don't see any "facts" and people make unclear comments all the time, I'm only saying to get a little more clarity on the subject before the task of a reinstall because the op don't seem to be tech savvy.

I don't disagree with the safety of a reinstall, but I see this all the time, and unless the wording of the op is incorrect it's hard to say what happened.

my grandmother has allowed the scammers to download.

This suggests someone was able to download something BEFORE having access to the pc, that's not possible as we all know.

The program in question can be checked to see what the install date was, it may have been there for years. Right Click File Location, and see when it was installed. I don't see that program online either, which is weird in itself, most likely renamed icon.

So it may be worth while to talk with grandmother after she has calmed down and see exactly what happened before a reinstall. The only reason I say this is because this can be a daunting task for the uninitiated.

 

[Paul Black]

Hi Nasty7,

This suggests someone was able to download something BEFORE having access to the pc, that's not possible as we all know.

It could have been a popup [or something similar] that said the machine was infected, and in order to get rid of the infection she should click a link, and then telephone the number supplied for techical help/support. We really don't know what the sequence of events were to be honest!

The program in question can be checked to see what the install date was, it may have been there for years. Right Click File Location, and see when it was installed. I don't see that program online either, which is weird in itself, most likely renamed icon.

That is a very good point!

 

[mrjimphelps]

If you are a really savvy technician, then you might be able to clean the computer. Basically, you restart the computer in Safe Mode, and you then disable all start-up items and services that you aren't absolutely sure about.

Even doing that, you may not catch everything. Therefore, only a clean install will do it. That means that you do a custom Windows 7 install; and you delete all partitions on the hard drive, then create one new partition, and install Windows on that new partition.

Everything will be forever gone once you do this, and you will have a clean copy of Windows. But that is the only way to make sure that the computer is free from whatever the scammer put on it.

Make sure you have all activation codes for Windows and for whatever software you want to install prior to doing this, because you won't be able to get these codes once you do the clean install.