Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: need help understanding computer hijack

31 May 2016   #1

Windows 7 pro 64bit - SP1
need help understanding computer hijack

A friend had his computer hijacked. If it happened the way he says I don't understand it at all, and the implications are very scary. Can anyone explain this?

Here's what he says happened: The phone rang and my friend (I'll call him John) answered. The caller (I'll call Crook) told John that he (John) was owed a refund on some fictional recent computer repair he'd had done. John realized this was some sort of a scam, but instead of hanging up kept on talking to Crook. Crook seemed interested intwo things, 1) in making sure that John was near his computer, and, 2) in keeping John on the line by giving him long pieces of information that he says were necessary for John to claim his "refund."

After a few minutes, with no more interaction than talking over the phone, a message appeared on John's computer indicating that it had been hijacked. Crook then told John over the phone that the computer was frozen and that John would have to pay to regain access to his computer. John said "no," (words tothat effect) and hung up (finally!).

Some additional info: --At no time did John give Crook any information about his computer, nor did John enter into his computer any information given by Crook.--John's internet and phone provider is Comcast. --John's OS is Windows (not sure which version). --Anti-malware software may or may not have been up-to-date, not sure. --Interestingly, Crook had someone with him in the same room while talking to John (I'm not sure how John knew this).

Here's another wrinkle that may be significant or may be a total red herring: In trying to regain access to his computer John took it to a local repair shop he had used before. They were completely unsuccessful in cracking the locked system. John then sent the HD only to tech-savvy relative who mounted the disk and retrieved the files.

So, please... what actually happened here? Is it really this easy for someone to gain access to another's computer? And what is the best defense to such an attack?

Thanksfor any enlightenment!

My System SpecsSystem Spec
31 May 2016   #2

Windows 7 Professional 64-bit

During the phone conversation, did user John type anything into the computer, answer any sudden email, go to any web site suggested by crook, etc.?
My System SpecsSystem Spec
31 May 2016   #3

Windows 7 Professional x64, Arch Linux

The whole situation seems outlandish to me, and with the way you've laid it out, it 'feels' like a riddle.

But taken at face value, my guess would be that the system was already compromised and Crook wanted John on the line and near the computer in order to put John in an incredibly uncomfortable - dare I say, emasculating - position in hopes he would be more compliant to the ransom demand.

The computer shop's inability to do anything is unsurprising even considering the relative could. But I'd classify it as a red herring, because we don't know the competentcy of the shop techs, or even how the drive/system was "frozen". If serious encryption had been involved, we'd have to consider the possibility that the relative was complicit...
My System SpecsSystem Spec

31 May 2016   #4

Windows 7 pro 64bit - SP1
it was a dark and stormy night

Well, I'm glad I'm not alone in being abit incredulous.

RolandJS: John swears that while on the phone he did not touch his computer; was only standing nearby.

alphaniner: Yes, I know... sorry. I am feeling a bit Sherlock Holmesy. All that you say makes sense (though I'm pretty sure John's son was not in league with Crook). The reason I mentioned the second person with Crook was that I was imagining that individual as the true hacker, somehow using the phone connection to access John's computer as Crook kept John hanging on the line.

The one factor I did not mention for fear of its being given too much weight initially, is that John is, admittedly, not terribly computer knowledgeable. So,unless someone has any other ideas I will leave the thread open for a while longer before concluding that John's computer was already compromised before the mysterious phone call.

Thanks much for the responses.
My System SpecsSystem Spec
01 Jun 2016   #5
Wandering one

Win7 sp1 Pro 64bit / XP sp2 Pro (games only)

An off the wall thought. Since the phone a lot of people use today is linked to your home WIFI could not the phone call be holding an unsecured router link open to access the computer?
My System SpecsSystem Spec
01 Jun 2016   #6

Windows 7 pro 64bit - SP1

Wandering one: That is sort of where my paranoia was taking me but I don't pretend to understand the finer points of routing or networking -- especially re. Comcast! I do understand that an ill-maintained home wifi is an easy target for hacking.

But, is it possible that wifi might not even come into play? In my friend's case, the phone line plugs directly into to his router (perhaps this is always the case for Comcast -- I don't know). Couldn't a hacker just run the same sort of automated probe over an open phone line that might be run through a wifi connection -- searching for unprotected router access, absent firewalls,unchanged default passwords, etc.?

If so, seems like that would also be possible even in a case where the phone is not connected directly to the router, but where the router and phone simply use the same copper wire?

In other words, I'm wondering if it might be possible for an open phone line to also be providing hacker access to any router on the same line (just as a wifi signal might); and, thereby, to devices on the network ? If so,seems like that could explain this instance. I hope it's not that simple.
My System SpecsSystem Spec
01 Jun 2016   #7

Windows 7 Professional x64, Arch Linux

I was briefly a cable guy for Cox Communications, and the phone box was the first thing from connected from the drop. I assumed the same was true for John when you said his phone service was through Comcast. Is it VOIP then? That could change things a bit.

If you're interested in getting input from people who are more likely to really know this kind of stuff, you should try the Stack Exchange community.
My System SpecsSystem Spec
01 Jun 2016   #8

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium SP1, 64-bit

Isn't phone service through an ISP provider VOIP by definition?

If the phone connection was not involved, I'd have to assume that the system was compromised before your friend ever answered the phone--assuming his recollection as to what he did after answering the phone is correct.

If I have your phone number, I can do a reverse lookup and get certain info easily. If I was slick at that and determined, I'm not sure how I might leverage that info (your name, your ISP, your IP address, street address, relatives, and I'm not sure what else) to hijack your PC.

You'd be surprised and/or appalled at what is online and available as public record, just by having a full name and approximate location. Why, I have right here before me a 2013 mug shot of an old girl friend. Got a few cheap yucks over that. She was convent-bound at one time, back in the prehistoric era.

I'm sure there are plenty of bad guys whose living depends on leveraging that kind of info. All it takes is criminal intent and those people would be perfectly willing to see what they can wring out of a random phone number. Your friend's number may have been randomly chosen and just may have been a lucrative target by accident---1 out of 10 for instance, the other 9 leading nowhere to the hijacker.
My System SpecsSystem Spec
01 Jun 2016   #9

Windows 7 Professional x64, Arch Linux

Based on my experience I wouldn't have thought so if the ISP is also (primarily?) a cable provider. But then I really don't know how those boxes worked. Could have been stripped down cable modems for all I know.
My System SpecsSystem Spec
01 Jun 2016   #10

Windows 7 pro 64bit - SP1

alphaniner: Good suggestion re. Stack Exchange. And the thought about VOIP may be quite relevant-- turns out my friend does have xfinity VOIP; not only that but they had a hard time getting it configured and working properly (?) about two months ago. Wikipedia has a great article (as usual) on "Voice Over IP," and does a good comparison with traditional systems, so I'll leave that.

There's obviously no way to determine here exactly what happened with my friend -- the computer may well have already been infected. I was mainly curious whether an attack aided by a voice connection made any sense at all. I'm still not sure but I now have more points to consider, I'll mark the thread solved.

In the meantime (recalling an anecdote of alphaniner's from a different thread HERE) I think I will not be inclined to stay on the phone with hopeful scammers just to mess with them, but will hang up ASAP in case they ARE busy trying to hack my router.

Thanks all.
My System SpecsSystem Spec

 need help understanding computer hijack

Thread Tools

Similar help and support threads
Thread Forum
understanding CPU-Z
If CPU-Z shows DRAM Frequency at 600 and you have duel channel that would mean your ram is working at 1200. If one has DDR 3 on a 3 channel motherboard DRAM Frequency 600 is that ram still working at 1200 or 1800? N/B frequency at 2400
Performance & Maintenance
Hijack this log
Hi i Was Told to do a hijack this scan to see what was causing my ie pop up problem eventhough im using fire fox. judt wondering if any of you can tell me what needs deleting and fixing. Heres My Log Logfile of HijackThis v1.99.1 Scan saved at 16:32:47, on 29/11/2010 Platform:...
Browsers & Mail
Yaa! DLL Hijack Auditor: For Microsoft DLL hijack vulnerability
Not sure if anyone has posted on this tool (or similar tools) yet, but security Exploded makes incredible tools, especially Anti Rootkit tools and Root kit detection tools, so I was happy to learn about this: rmhsCBMIJnA
System Security
understanding computer
Booting up you PC Why computer don't say "GOOD COMMAND" never appreciates tell with them...:p:p:p
Chillout Room
IE 8 hijack
OK boys and girls. It seems that I've been jacked. But not really a quality job in my book. I started noticing little quirks in IE 8 (x86) yesterday.Little flickers here and there. As well as the navigation bar having had switched the refresh/stop buttons to the opposite side, "IE" warnings(see...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:17.
Twitter Facebook Google+