This happened Friday morning, Apr. 13 about 9:45AM Pacific. This guy says it's urgent that I act quickly and run software that will rid my system of this galloping virus that's very crafty and morphing to evade attempts to stop it. He has me enter a string in a Run dialog and tells me to write down a digit integer code that I have to enter in a dialog to let an executable run. He has me download a file:
Support-LogMeInRescue.exe
I'm trying to stall the guy and simultaneously I post at the Anandtech Off Topic forum, knowing that knowledgeable people post there and that there's a high amount of traffic and I'll likely get an instant response. Unfortunately, the first two responders are snarky without being obviously so and just say "sounds legit" and "sounds legit, what have you got to lose." I don't pick up on the snarkiness and I am sucked into this thing. The guy on the phone (he's got a strong southeast asian accent) says he's going to hand me over to a Microsoft technician, a Shane Watson, as soon as I run this downloaded EXE. He says the download I just did won't work now, because the virus has craftily detected it and I have to download another, and he gives me a different 6 digit integer to enter as a code to enable the connection. IOW, he makes it seem very urgent to run this thing NOW!
I run it and it seems that my machine is taken over by remote to a considerable extent. I see stuff drawn on my screen, things look different, my mouse control is gone or compromised.
This guy shows me Event Viewer data (I think maybe it was a mock up, not my actual Event Viewer... this is a Windows Ultimate 64 bit laptop), and it says at the top left how many events are there. He or someone circles the number in red, as if with a crayon drawing tool, and he says he can't see the figure and asks me what it is. He says that if it's over 5000, it's not a big deal and they don't do anything (!) but if over that they charge a fee to fix the problem. It's over 8000, and I tell him so. I start thinking this is likely a scam and I tell him I have to go to the bathroom, can he call me back. How soon, he says, and I say an hour.
Then I go back to Anandtech and people are telling me I've been scammed and how can I be such an idiot.
I delete the two downloaded files. I see nothing amiss on the computer but many people at Anandtech say there could be files planted on my machine that will compromise my integrity, could steal my passwords, if they weren't stolen already (my browser remembers many), and I should not do any online purchasing or banking, etc. until I wipe my hard drive and reinstall Windows from scratch. Other people are less drastic and some say I should run software that will check out the computer.
I have a wireless network in the house and several computers run on it, the others being XP machines, one of which acts as a file server and is on all the time.
Should I really wipe the HD and start over on the Windows 7 laptop that I was using when I got this call? I have a ton of stuff I'd have to reinstall. Unfortunately I never made an image of the drive.
Or is it really reasonably for sure that these guys didn't plant a trojan virus or sniffer or gather my passwords and were just trying to get me to fork over money to make it appear that I am safe from what they were warning me against? The guy did call me back later and I yelled at him that he should be ashamed of himself and he should get a real job. It sounded like he was in a busy call center.
Thanks for your help.
Support-LogMeInRescue.exe
I'm trying to stall the guy and simultaneously I post at the Anandtech Off Topic forum, knowing that knowledgeable people post there and that there's a high amount of traffic and I'll likely get an instant response. Unfortunately, the first two responders are snarky without being obviously so and just say "sounds legit" and "sounds legit, what have you got to lose." I don't pick up on the snarkiness and I am sucked into this thing. The guy on the phone (he's got a strong southeast asian accent) says he's going to hand me over to a Microsoft technician, a Shane Watson, as soon as I run this downloaded EXE. He says the download I just did won't work now, because the virus has craftily detected it and I have to download another, and he gives me a different 6 digit integer to enter as a code to enable the connection. IOW, he makes it seem very urgent to run this thing NOW!
I run it and it seems that my machine is taken over by remote to a considerable extent. I see stuff drawn on my screen, things look different, my mouse control is gone or compromised.
This guy shows me Event Viewer data (I think maybe it was a mock up, not my actual Event Viewer... this is a Windows Ultimate 64 bit laptop), and it says at the top left how many events are there. He or someone circles the number in red, as if with a crayon drawing tool, and he says he can't see the figure and asks me what it is. He says that if it's over 5000, it's not a big deal and they don't do anything (!) but if over that they charge a fee to fix the problem. It's over 8000, and I tell him so. I start thinking this is likely a scam and I tell him I have to go to the bathroom, can he call me back. How soon, he says, and I say an hour.
Then I go back to Anandtech and people are telling me I've been scammed and how can I be such an idiot.
I delete the two downloaded files. I see nothing amiss on the computer but many people at Anandtech say there could be files planted on my machine that will compromise my integrity, could steal my passwords, if they weren't stolen already (my browser remembers many), and I should not do any online purchasing or banking, etc. until I wipe my hard drive and reinstall Windows from scratch. Other people are less drastic and some say I should run software that will check out the computer.
I have a wireless network in the house and several computers run on it, the others being XP machines, one of which acts as a file server and is on all the time.
Should I really wipe the HD and start over on the Windows 7 laptop that I was using when I got this call? I have a ton of stuff I'd have to reinstall. Unfortunately I never made an image of the drive.
Or is it really reasonably for sure that these guys didn't plant a trojan virus or sniffer or gather my passwords and were just trying to get me to fork over money to make it appear that I am safe from what they were warning me against? The guy did call me back later and I yelled at him that he should be ashamed of himself and he should get a real job. It sounded like he was in a busy call center.
Thanks for your help.