System may be compromised

Sir George · Jul 7, 2014

My son called this afternoon and said he had an issue with an IPhone and in order to get support he did a Google search for Apple support. The first hit in the results was the following link;

Amazingtechsupport

He called them and the tech, who had a heavy accent, asked him to attach the device to his computer and then requested remoted access. FOOLISHLY and after my giving him several warnings to never allow remote access he did it anyway. He explains what happened next as follows;

The tech ran a "dos" emulation window and the screened scrolled for about 15 seconds and at the bottom of the screen was the following message; "Your system has been hacked". At this point my son called me to explain what just happened and during him explaining things the tech proceeded to draw, with what my son said looked like using a pencil, to make a symbolic sad face; ie, :-( Then he circled the "Your system has been hacked" and said "Do you see that?". By now I had obtained enough detail to say disconnect your system and get off the phone, which he did.

My questions are;
1. Does anyone know if the link is associated with a legitimate company?
2. Is there anyway I can check the system for a keylogger, nefarious software or damage?

I have had him run a scan with MBAM and Avast and both came back with no infections detected, although I doubt from what he discribed that the system would be infected with malware or a virus.

ignatzatsonic · Jul 7, 2014

Sir George said:
My questions are;
1. Does anyone know if the link is associated with a legitimate company?

Minimal chance it's legit.

I counted at least a half dozen grammatical, spelling, and punctuation errors in a quick reading of the first page presented in that link. That's been a foolproof indicator of scams that has yet to fail me.

The name alone makes me roll my eyes. That would be enough to make me look elsewhere.

http://stuffgate.com/amazingtechsupport.us

Apparently been around 2 months.

Sir George · Jul 7, 2014

ignatzatsonic said:
Sir George said:

My questions are;
1. Does anyone know if the link is associated with a legitimate company?

Click to expand...

Minimal chance it's legit.

I counted at least a half dozen grammatical, spelling, and punctuation errors in a quick reading of the first page presented in that link. That's been a foolproof indicator of scams that has yet to fail me.

The name alone makes me roll my eyes. That would be enough to make me look elsewhere.

Amazingtechsupport.us is worth $5,840 USD - Amazingtechsupport

Apparently been around 2 months.

Thanks! Any information you can provide on question #2?

Layback Bear · Jul 7, 2014

Have you reported the website to the authorities?

The computer and the phone are probably compromised.

I would also recommend changing all passwords and anything to do with banking, credit cards ect.

ignatzatsonic · Jul 7, 2014

Sir George said:
Thanks! Any information you can provide on question #2?

Nothing beyond the obvious---run anti-malware apps and Google the best you can for answers re keyloggers or whatever. I've never hooked up with any website like that or interacted with "tech support" in that way, so I don't know how embedded they can become. But a good Google pounding should give you ideas on what to check. Malwarebytes is a good tool to start with.

derekimo · Jul 7, 2014

They appear to change their name quite often too,

https://www.google.com/search?q=120...rome..69i57&sourceid=chrome&es_sm=93&ie=UTF-8

And in the same building as the Delaware state chamber of commerce.

Jacee · Jul 7, 2014

Dubious! ...... AmazingTechSupport.us WHOIS, DNS, & Domain Info - DomainTools

Slartybart · Jul 7, 2014

2. Is there anyway I can check the system for a keylogger, nefarious software or damage?

Jacee is probably the best person to answer that question.

Sir George · Jul 8, 2014

Jacee said:
Dubious! ...... AmazingTechSupport.us WHOIS, DNS, & Domain Info - DomainTools

Thank you for the reply. As I stated in my original post, I had my son run Avast and MBAM and both of them found no problem. If I visit him with a current up to date version of Kaspersky's AV on a thumb drive and run it without any detections would it be safe to assume the computer is OK or could there still be issues with something like a keylogger?

Thanks in advance for your help.

Tews · Jul 8, 2014

IMO once a system is infected, the only way to insure that you are safe, is to format and reinstall your OS.

Sir George · Jul 8, 2014

Tews said:
IMO once a system is infected, the only way to insure that you are safe, is to format and reinstall your OS.

Thanks. One more question, would it be safe for him to copy files, such as Quickbooks and MS documents, or could they contain an infection?

Tews · Jul 8, 2014

Again, IMO, All files on an infected system are suspect. If you decide to copy the files, save them on a seperate drive. Good luck!

Jacee · Jul 8, 2014

Read this article Keyloggers: How they work and how to detect them (Part 1) - Securelist - Information about Viruses, Hackers and Spam

System may be compromised

Sir George

New member

My Computer

ignatzatsonic

Aspiring Gnome

My Computer

Sir George

New member

My Computer

Layback Bear

3 Brain Cells

My Computer

ignatzatsonic

Aspiring Gnome

My Computer

derekimo

New member

My Computer

Jacee

Consumer Security

My Computer

Slartybart

Re Member

My Computer

Sir George

New member

My Computer

Tews

Professional Lurker

My Computer

Sir George

New member

My Computer

Tews

Professional Lurker

My Computer

Jacee

Consumer Security

My Computer