Solved I just got that call...

[HAVOC]

I just got that call... (fix my computer)

My cousin called to tell me that he had a pop-up that said he has a virus and to call this number. He did and was told that it will cost $300 to fix and he can take it to Staples to get fixed (never heard of that one).

I'm going there tomorrow to fix it. Can you guys/girls give me a list of software I might need?

So far I have MSE, Malwarebytes, ComboFix, HiJackThis.

 

[ignatzatsonic]

Google that phone number or try in some other way to determine what particular virus that might be and then pound Google for a solution--which might mention applications that are known to be able to get rid of it.

 

[PSCO2007]

My cousin called to tell me that he had a pop-up that said he has a virus and to call this number. He did and was told that it will cost $300 to fix and he can take it to Staples to get fixed (never heard of that one).

I'm going there tomorrow to fix it. Can you guys/girls give me a list of software I might need?

So far I have MSE, Malwarebytes, ComboFix, HiJackThis.

This is obviously a scam.

Don't go to Staples ( or Bestbuy Geek squad) for any repair.

A person on this forum went there ( on her own) and they charged her over $300 for a computer that was one week old and had nothing wrong with it - just lots of bloatware.

If you think you might have a problem, it can be fixed here.

In the future, when you comp is clean, get in the habit of doing image backups and if you do get a virus, you can do a restore and be back to normal in minutes.

Search Results - Macrium Software

You can also call Staples, and I'm sure they will tell you that they did not initiate that call.

 

[HAVOC]

I've told my cousin numerous times to make backups of everything. Does he listen? No.

I kept trying to tell him over the phone that it was fake and he's convinced he has a virus. I know he has something bad on his system but I'm not sure what. His son later tried to download Minecraft (I have no idea from where) and they got a lot of other "software" with it. He now says his computer is acting very weird. I'm going to look at it after work today.

I also added to the list, AdwCleaner, rkill and tdsskiller.

 

[Borg 386]

Several people I know got calls telling them their PC was infected & unfortunately, a couple believed it. They allowed the company to access their PC's & were charged for services & the company's "Special repair tool." That tool turned out to be JRT. The people got charged $150 for "services & the repair tool."

Superantispyware has a portable version you might want to add to the list. JRT is also another one you might want to add.

SUPERAntiSpyware - SUPERAntiSpyware Portable Scanner

Junkware Removal Tool Download

 

[PSCO2007]

I've told my cousin numerous times to make backups of everything. Does he listen? No.

I kept trying to tell him over the phone that it was fake and he's convinced he has a virus. I know he has something bad on his system but I'm not sure what. His son later tried to download Minecraft (I have no idea from where) and they got a lot of other "software" with it. He now says his computer is acting very weird. I'm going to look at it after work today.

I also added to the list, AdwCleaner, rkill and tdsskiller.

Ask your cousin how they knew he had a problem.

They were the problem to begin with!

After you check it out, you will be able to fix it at this forum for Free.

Any time you download programs, always click "custom" and uncheck all the other garbage they want to add.

That's probably what he got with the download and can be easily removed.

 

[akjudge]

Just be very careful about ComboFix --- it is NOT for those who do not know EXACTLY what they are doing...

 

[HAVOC]

I'm sitting at his computer now. His son downloaded Minecraft (paid, from Minecraft's site) and that's when the problems began. Malwarebytes found 2700 items, MSE found nothing (quick scan), HiJackThis found a couple things, TDSSKiller found nothing, RKill found some items. I won't run ComboFix until I ask people on this site if I ned to.

He was unable to get online. LAN settings in Internet Options keeps getting changed to a proxy server.

I'm presently updating Windows and other programs on the computer.

 

[PSCO2007]

I just received a similar call, but mine came from "Windows Technical Dept".

I told him my phone was being monitored by the DEA, as I'm a big time criminal - He slammed the phone down so hard, my ears are still ringing.:roflmao:

 

[whs]

I just received a similar call, but mine came from "Windows Technical Dept".

I told him my phone was being monitored by the DEA, as I'm a big time criminal - He slammed the phone down so hard, my ears are still ringing.:roflmao:

This was an excellent answer.

 

[HAVOC]

Most of the infection has been cleaned, I think he had every type of malware on his computer.

How long should ESET online scanner and MSE take to do a full scan?

I'm thinking about saving the documents he needs to his WD MyBook drive and wipe the computer, I don't think I'll be 100% sure I'll get all of it.

 

[whs]

Most of the infection has been cleaned, I think he had every type of malware on his computer.

How long should ESET online scanner and MSE take to do a full scan?

I'm thinking about saving the documents he needs to his WD MyBook drive and wipe the computer, I don't think I'll be 100% sure I'll get all of it.

Don't bother scanning with MSE. A full scan takes several hours and never finds anything. Use Malwarebytes instead. That is a powerful scanner.

For saving the files, you can use this Linux tool and before you put them on the OneBook, scan them here. But there is a 128MB size limit. So you will have to do it in batches.

 

[HAVOC]

Maiwarebytes was the first scanner I used and it found 2700 items. After that I used other programs and they all found a couple items. He called me and said ESET finished, there were two items that weren't removed so I had him write them down so I could come by later and see what they are. I think he's going to run MSE just to see if it finds anything.

Any idea on why the proxy settings in IE kept changing?

I have to add, when he called that number, a person convinced him to let them gain control of the computer.
Am I better off just starting from scratch? He'll have customer info on this computer. He owns his own business.

 

[whs]

Bad news. If they got control of his system, they probably stole everything. You must start from scratch and he has to change all his passwords.

I would make an image of the partitions that contain his data and recover the data later from there. Use free Macrium and not Windows imaging. Safest would be a virtual partition for the recovery process. Use Windows 10 TP in the virtual partition. It is free. If the virtual partition gets infected you can care less. You just delete it at the end of the operation.


You have to be extremely careful with those data files. Only Virus Total can make a really deep scan.

 

[HAVOC]

Can I save the needed files/documents/pictures to the WD external drive and scan that with a known clean PC (my netbook) and Virus Total? I don't care if my netbook gets infected (it won't be connected to my network either). I can then wipe his computer and reinstall Windows.

 

[RolandJS]

That a stranger got inside a business computer is something to be very very concerned about. I sure hope customer records, accounts information was not stored on said computer. That business needs a no-nonsense IT person that when IT speaks, everybody in the office listens.

 

[whs]

That's one way of doing it. But a virtual machine would be less painful.

It is not very likely that the files are infected, but you never know what these guys do. I am more worried that they stole a lot of files and passwords. The passwords need attention asap. And if there is banking info in the system, talk to the bank(s).

 

[HAVOC]

He said there is no banking info on the computer. There are other users on the computer, wife and son. Should they change their passwords?

I'm going to ask him to gather all the discs for software he needs including Windows so I can do a reinstall. I need to make two profiles, him as the admin and his wife as a standard user.

One last thing. What is a good/free program to use that will allow me to login to his computer from my house should he need tech help?

Thank you.

 

[Pauly]

I use teamviewer, light free and easy to use, doesn't handle dual displays that well but other than that I find it great
TeamViewer - Free Remote Control, Remote Access & Online Meetings

 

[RolandJS]

I'm going to sound very un-nice here, what are and why are family members doing non-business things on a business computer? Many many business advice sources indicate: business and family nonbusiness should never ever be mixed -- especially on desktops or laptops conducting business involving clients, vendors, and so on. I'm sorry if I come across harsh, I'm concerned.