Jump to content
CaptainHindsight

Is my relative's computer hopelessly infected?

Recommended Posts

I think that one of my relative's was tricked into letting someone take remote control of his computer a few weeks ago.

Full details are below.

My ultimate question: if he actually let someone take remote control of his computer, could they have infected it so deeply that it is hopeless to try and clean it?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Full details:

Wednesday evening (2 days ago) I emailed a 90 year relative's in law that I wanted him to run a Malwarebytes scan before I come to visit him this weekend.  (I had been planning to do several computer chores for him, such as swap his hard disk with an SSD.  I wanted a Malwarebytes scan done before I show up just to ensure that his computer has no malware before I possibly clone his hard disk.)He emailed me this back yesterday:
 

Quote

 

    About 2-3 weeks ago, McAfee suddenly displayed a window on my computer asking me to renew.
    I don't remember McAfee even being still installed on my computer.
    Nevertheless, I agreed, and paid 39.99.
    Then that window said to call a person.
    He told me something which I could not fully understand (poor hearing, poor computer knowledge).
    He took over my computer, and scanned it for me, and told me I was poorly protected.
    He even showed me a table with one column containing my ss# etc.
    I was scared, it means my info could be readily stolen.
    He asked me to enroll for full protection, and I chose the one year option for 399.99.
    He worked on my computer for about 45 minutes, then said now safe and fully protected, no one can steal my information.
    During the procedure, it seems that Malwarebytes was removed, due to a conflict?
    A few hours later, I wanted to cancel, but he said he had done the labor, so it is not cancellable.

 


Oh no.  Sounds like a classic scam.  A brief web search found similar accounts:
    https://www.bleepingcomputer.com/news/security/mcafee-tech-support-scam-harvesting-credit-card-information/
    https://community.mcafee.com/t5/Consumer-General-Discussions/Elaborate-Scam/td-p/589738

My relative forwarded me some emails sent to him by that company.  The call themselves "AS Clout" but also seem to identify with asknet.  They give this as their contact info:

Quote

    Email us at asclout@support-asknet.com or call us on 415-449-5700
    ...
    asknet AG
    Vincenz-Priessnitz-Straße 3
    76131 Karlsruhe
    Germany
    Tel: 0721/964580
    Fax: 0721/9645899
    Email: info@asknet.com


A web search for that US phone number 415-449-5700 found this page
    https://www.bbb.org/us/ca/san-francisco/profile/ecommerce/asknet-inc-1116-193791/complaints
and the 03/18/2019 complaint sounds exactly like my relative's case.

We called up his credit card company in a conference call and disputed the charge for 399.99, cancelled his existing credit card, and asked for a new one.

The lady at the credit card company said that there were no unusual charges on his card, just ones he has made in the past.

If I understood her correctly, that lady also claimed that the firm that billed the 399.99 is known to them and is not a hacker.  Maybe not, but at a minimum they are scum who prey on vulnerable people like my relative.

I then had my relative uninstall everything McAfee related from his computer.  I think that he said that there were 5 McAfee programs.

When that was done, I had him download and install Malwarebytes and start a full threat scan on his entire computer.  It started last night and is still running now, maybe 9.5 hours later...  (My relative has long complained that his computer, a cheap Dell all in one, is agonizingly slow.  This is why I originally wanted to replace his hard drive with an SSD.)

What I want to know is if my relative's computer hopelessly infected at this point.  If he truly let someone take remote control of his computer, could they have installed malware so deeply that nothing can restore it?  Say, with malware embdedded in his firmware or something?

I tried to probe my relative exactly on what happened.  His memory is fuzzy.  He cannot recall for sure if he downloaded a program that let the other person take over his computer.  He also said that even when the person claimed to be working on his computer, he saw almost no activity (e.g. his mouse rarely or never moved?).  It is not obvious to me if his computer actually was taken over.

If I replace his existing hard drive with the new SSD that I bought him this weekend, I am likely going to use Dell's operating system recovery approach to cleanly install Windows 10 on the SSD.
https://www.dell.com/support/article/us/en/04/sln299044/how-to-download-and-use-the-dell-os-recovery-image-in-microsoft-windows?lang=en


 

 

 

 

Share this post


Link to post
Share on other sites

Hi,  @CaptainHindsight    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

I very much am saddened to read that your relative was scammed from over $400  by a complete tech support scammer.

Make sure you report all details to your local state's attorney office  and to the FBI  and dispute strongly with CC company to reverse those charges.

https://www.ic3.gov/default.aspx

 

Please re-inforce with your relative to never never allow any unknown, unverifiable person to get onto his computer.

They need to watch all bank and credit card accounts just in case their identity was lifted.

 

As far as the security state of the computer, you can run scans with Malwarebytes , with Windows Defender  ( if he has Windows 10 or 8.1 ), plus some other security scan tools.

In my experience helping other victims of tech support scams, it is not expected that they would have infected his system.

The scammers typically just use flim flam displays to fool the non-technical victim.   They do not typically add on infections.

But could some one have added some malware  ....it is possible.

This is where a battery of scans would be run to check on that.

 

You seem to be writing that you will copy off his personal files and data....all his stuff, save them.   Then do a hardware upgrade and then cleanly and freshly install Windows 10 and then add on security software.   That is probably the safest to do for the long term.

 

NOTE: If you started a Custom scan with Malwarebytes for Windows , it can take many hours depending on the number of files on it.

NOTE:

Safety education for your relative.  His original issue was a scam malvertising display on his screen.  Please relay these tips to him and to family.

Avoid tech support scams: This is a list of several articles about this topic.

This video features info from Microsoft and appears to be also sponsored by AARP. Well done and easy to understand.
This is "the link"

"Beware of US-based Tech Support Scams"

 

"see our Tech Support Scams – Help & Resource Page"

 

Plus these as well.
https://blog.malwarebytes.org/fraud-scam/2014/08/tech-support-scammers-rip-big-brand-security-software-with-fake-warnings/

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

.

P.S.  Let me know if you need other help.

Sincerely,

Share this post


Link to post
Share on other sites

Hello.  Checking up on this case.  Is there anything else that you need help with?

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.