• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

I get a cold call from a guy who says he's going to save me from a virus!!!

Page 5 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Status
Not open for further replies.
I guess maybe I'll reinstall Windows 7 on this machine. It's a PITA, I have a ton of stuff installed, I'll have to reinstall everything. MSE only found one thing, the same as on my XP laptop, powerreqscheduler.exe. Both times it wanted me to remove it and I did. I did full scans on both machines. Should I really wipe the HD and reinstall from scratch? If you are not truly knowledgable and don't have genuine integrity, you needn't reply.

Some people have said I should absolutely not do any internet banking or shopping without reinstalling Windows. AFAIK, my credit cards have fraud protection, if someone makes fraudulent charges with my CC, I'm protected, the credit card company deals with it. Just what is the risk here?
 
Last edited:
Do you still have the .exe? Logmein is a legitimate service, though that's no guarantee that what you got was the legitimate executable(I don't even know its official name). If you have that, you can check the md5 with the one on the official site, and see if they're the same. If they are, AND they didn't download anything else while controlling your machine, changing your passwords /may/ be enough, but I wouldn't be comfortable with that.
 
If the various tools you used are not finding anything you may be safe, but honestly at this point I'd just reimage to be sure. You can also try to run hijackthis to see if there's anything weird in the startups. It could be something that's dormant.
 
lxskllr said:
I don't think Muse is trolling. I've been reading his posts for awhile, and he comes off as as some kind of idiot savant. I think he does technical work as a profession, but some of the questions I've seen are dumbfounding. He's an interesting dude, and as near as I can tell, fully authentic.
Click to expand...
Thanks for the vote of confidence. I always read your posts with interest!
 
Red Squirrel said:
If the various tools you used are not finding anything you may be safe, but honestly at this point I'd just reimage to be sure. You can also try to run hijackthis to see if there's anything weird in the startups. It could be something that's dormant.
Click to expand...

I'm not strong in this stuff, I've run hijackthis in the past and some other stuff, used to run superantispyware, still have it on one or two of my machines, not this one. I'll run some stuff tomorrow, will check out malwarebytes, not sure I've ever used it. Is it free? I'll see what happens, will hold off on reformatting the HD. Unfortunately, I don't think I have an image to go back to. When I rebooted I did chose the "last good configuration," but I don't know that that would have circumvented some kind of intrusion.

Reinstalling Windows wouldn't be the end of the world, I've installed Windows dozens of times.
 
If you never took an image then yeah you'd want to reinstall. Don't trust last known good configuration when you are dealing with a virus. A lot of virus infect those files so when you restore you just get the virus again.
 
Hmm if the caller did indeed use a legit logme in app, you may be safe. The damage was going to be done while in the session, and if you did not start the session then you should be safe.
 
Muse said:
Hey, I freely admit I made a mistake, I make mistakes all the time and know you just have to move on, "live and learn" is one of my mottos. I really think you're pretty clueless.
Click to expand...

Clueless? Coming from a guy who fell for an obvious scam, I'll take that as a compliment.

You post a thread like this on a forum of computer geeks, many of whom work in IT for a living, and you're shocked at the response.
 
Last edited:
I would not feel safe until I did a reinstall. Since they were using legit tools, they may not be picked up by any scanners.

Can't believe anyone would fall for this, my professor was telling me about one of his clients falling for a similar scam. Not just once, but twice!
 
Red Squirrel said:
Hmm if the caller did indeed use a legit logme in app, you may be safe. The damage was going to be done while in the session, and if you did not start the session then you should be safe.
Click to expand...

AFAIK, I did start the session. Their implementation of this scam was pretty crafty and professional looking. The least professional thing was the guy I was talking to, but as an ESL stoogie presumably in a call center in SE Asia I figured maybe he wasn't supposed to know a spade from a heart and I played along. He kept promising me he'd immediately connect me with this Shane ____ guy from Microsoft, and I started imploring him, absolutely yelling at him to do that but he kept yammering at me trying to get me to continue with the process. It initially involved running a string from the run dialog and then some applications started running on my machine, the first of which must have been a download. It didn't appear to have a browser interface at all. It was pretty slick. Control of my machine was largely ceded to someone else (maybe the caller, but I had a sense that another person was involved) including cursor action.
 
Last edited:
Muse said:
Dude I wasn't joking and the only reason I ran the damn download is the first two responders in this thread said, basically:

1. Sounds legit
2. What do you have to lose?

I was on the phone with this guy I didn't have time to fuck around and do research, so I followed his instructions. Seems weird, but not unreasonable, but I'd have felt a lot better about it if I got an American Microsoft technician on the phone who sounded reasonable. I could understand an Asian hireling sounding like he didn't know what was really going on, just reading his script, which this guy did sound like. But he was incredibly persistent, it was weird!!!!!

There goes my phone again, I'm not answering. It hangs up after one ring. This is weird shit. I just registered at fraudwatchers, confirmed, but it won't let me post for some reason.

I've never been called by anyone before who asked me to download and install something.
Click to expand...

BWAAAA HA HA HA HA HA! The reason they said "What have you got to lose?" is because the answer to that is OBVIOUS! If they had some reason to say that it "seems legit," wouldn't it make sense to ask HOW? Why do you think they didn't SAY how? The reason they said that is because it obviously did NOT seem legit. You asked in an off-topic forum.

I really hope you are just trolling because that has got to be the single dumbest thing I've ever seen a "techie" fall for.
 
lxskllr said:
Look over this page...

https://secure.logmeinrescue.com/helpdesk/howitworks.aspx

I'm guessing these guys are moonlighting as scammers, but work in a legitimate CS call center. LogMeIn-Rescue is a premium paid service companies use to support clients. Note how the .exe deletes itself after use. Do you have the exact url of the site you downloaded the .exe from?
Click to expand...

I don't have the URL. In fact I deleted the EXEs from my machine, wish I'd at least copied the file names, but I don't know what they were now. I say names because I did two downloads. This guy's hustle was that I had to do it real fast because the virus would transmute things on my machine very quickly and the download wouldn't work unless I ran it quick. He tells me a minute after I did the first download that I had to repeat the process and download a second installable, and I did and ran it. Deleted both permanently from my machine yesterday. I'll check out your link above now. Thanks for the help.

Edit: Yeah, that's the app they were using, I recognize the GUI.
customerapplet_small.jpg
 
Last edited:
Muse said:
AFAIK, I did start the session. Their implementation of this scam was pretty crafty and professional looking. The least professional thing was the guy I was talking to, but as an ESL stoogie presumably in a call center in SE Asia I figured maybe he wasn't supposed to know a spade from a heart and I played along. He kept promising me he'd immediately connect me with this Shane ____ guy from Microsoft, and I started imploring him, absolutely yelling at him to do that but he kept yammering at me trying to get me to continue with the process. It initially involved running a string from the run dialog and then some applications started running on my machine, the first of which must have been a download. It didn't appear to have a browser interface at all. It was pretty slick. Control of my machine was largely ceded to someone else (maybe the caller, but I had a sense that another person was involved) including cursor action.
Click to expand...

Wow.
 
CZroe said:
BWAAAA HA HA HA HA HA! The reason they said "What have you got to lose?" is because the answer to that is OBVIOUS! If they had some reason to say that it "seems legit," wouldn't it make sense to ask HOW? Why do you think they didn't SAY how? The reason they said that is because it obviously did NOT seem legit. You asked in an off-topic forum.

I really hope you are just trolling because that has got to be the single dumbest thing I've ever seen a "techie" fall for.
Click to expand...

You are another phony, dude. I made the post while I was actually talking to this hustler on the telephone. I didn't have time to sort out the goddamn ironies/sarcasms and other subterfuges you phonies use here. If you think I'm pulling everybody's leg here, take a long walk on a short pier.
Capt Caveman said:
Wow.
Click to expand...

Really intelligent comment.
 
Muse said:
Dude, dig this I started the thread while I was talking non stop with this guy with a fucked up accent. I didn't have time to check shit out. Fuck the assholes with their sarcasm, they can jump in a shit hole and drown in it.
Click to expand...

Why not just hang-up on them? Are you stupid or trolling?
 
Muse said:
You are another phony, dude. I made the post while I was actually talking to this hustler on the telephone. I didn't have time to sort out the goddamn ironies/sarcasms and other subterfuges you phonies use here. If you think I'm pulling everybody's leg here, take a long walk on a short pier.
Click to expand...

Once again: He asked you "What do you have to lose?" If you didn't answer "The integrity of my computer and data," then you are an idiot no matter what anyone said here. With that kind of ignorance, I must ask: Do you even know the difference between an executable and a data file?!

You have GOT to be trolling. Well done.
 
Muse said:
You are another phony, dude. I made the post while I was actually talking to this hustler on the telephone. I didn't have time to sort out the goddamn ironies/sarcasms and other subterfuges you phonies use here. If you think I'm pulling everybody's leg here, take a long walk on a short pier.

Really intelligent comment.
Click to expand...

I'm intelligent enough to know someone calling me out of the blue that I don't know, making the request that they have is not legit without having to post to ATOT for guidance. That's sad and scary.
 
Status
Not open for further replies.

TRENDING THREADS

Back
Top