Today, I noted that my MBAM Premium was not running, and that it was not installed. It apparently had been uninstalled inadvertently by me or by another program (perhaps a virus or malware).
I went to the Malwarebytes homepage and searched around a bit to see how to reinstall my MBAM Premium. I have a Lifetime version and I kept my product key and ID.
Not sure which version to download and install, I went to the Internet and found a website that offered Malwarebytes tech support. It appeared to be legit, but I was (and still am) not sure.
After providing my email address, I received a "chat with tech popup" that I opened. They tech requested my telephone number. I received a phone call from 1-209-257-4300 -- a California number. The male spoke with a foreign accent -- probably from India or another Middle Eastern country. He said he could help me reinstall my missing MBAM Premium. I agreed to let him install a remote user program and he proceeded to download the current version of MBAM Premium. I watch his every move. I did provide him with my MBAM product key. It installed quickly and we ran a scan. No issues. The account information on the reinstalled program was correct.
He did not ask for any credit card numbers or other forms of payment. We both speculated on how the version was uninstalled. He decided to check by TASK MANAGER and noted that I have two Csrss.exe files running. He immediately informed me that my PC was infected with a Trojan. Fortunately, I've been through this issue before. In fact, the legitimate Csrss.exe file is required and important. It is legitimate -- if it resides in your \Windows\System 32\ folder. The tech did not right click on either of the Csrss.exe files to determine their location (they are where the should be).
He was completely convinced that my PC was infected with a Trojan. He said that I must take it to a Windows certified technician to remove the infection. I asked him why Malwarebytes could not detect and remove the infected Csrss.exe files. He said Malwarebytes cannot do that. (REALLY!) I asked him if he could recommend another program to remove the (presumed) infection. He said NO, only a certified Microsoft technician could do the job. He seemed to sense that I was very skeptical about his diagnosis and asked if there was anything else he could do for me. I said no and terminated the 2-way chat and the program that allowed him to access my PC. After our contact, I removed (deleted) the 2-way program used by the technician.
Whoever he was, he didn't know what the hell he was talking about with respect to the Csrss.exe files. Before writing this, I used Totalvirus to scan my Csrss.exe (and related) files. They are clean. I've also re-scanned my PC with multiple programs Including EMSISOFT, AVAST, and Suerpantispyware (in addition to MBAM Premium). My PC is behaving as it should. No issues whatsoever.
I have submitted a support ticket because I would like to formalize this event with Malwarebytes. Either they are using an ignorant technician to provide support or this guy was a fraud. I checked the telephone number the tech used and it is legitimate and apparently has never been used as for a SPAM or other illegitimate purpose. Yes, I know there are programs that allow the fraudulent use of legitimate numbers. This could be one of those.
Below is a screen shot of all of my Csrss.exe and related files. None are infected -- according to MBAM, Totalvirus, etc.
ANY AND ALL COMMENTS ON THIS EVENT WOULD BE HELPFUL.
FYI, I am a loyal customer and believe that MBAM Premium is a superior product.