Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - Online scam
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Online scam

 Post Reply Post Reply
Celtictexan View Drop Down

Joined: 10 November 2017
Location: Texas
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Celtictexan Quote  Post ReplyReply Direct Link To This Post Topic: Online scam
    Posted: 10 November 2017 at 7:49pm
I've apparently been scammed by some type of #$%@^&! and was advised to post details here. Apologies if this is the wrong forum, mods feel free to move it or advise me to repost in the correct forum. So details:

I view tumblr quiet a bit. I started getting a popup quite often when going into it. I don't have the full details of what it said, but basically it said I was infected with whatever variety of malware spyware etc, etc. Usually I just closed it out and would go back in no prob. So first mistake, I finally got curious and responded. It was supposedly from Microsoft and had a 1-800 number. I called it, and right away it was answered. Warning bells went off immediately. No one at a legit big business like this ever answers so quickly, especially with a 'real' human.

But it all sounded extremely professional. I agreed to let them take over my comp. He (foreign voice not unusual but the bells in my head got louder) started flying through different screens showing my this and that, but what weakened my caution a bit were screens showing outside connections (according to him). His recommendations was to do a free virus/whatever scan. I reluctantly agreed to the scan. The scan turned into a high pressure sales pitch, suggesting the install of sysinternals. Again the pitch was very, very good. I eventually agreed and paid $597.00. Along with sysinternals, I was suppose to get one year of computer support for any, and all problems.

After veri-signing two different forms giving permission (bells getting louder) I was supposedly transferred to the "higher level support" for the install. They suggested I go do other things, as it would take about and hour to do, the bells are deafening at this point and I don't take that bait, I sit and watch all that's going on. First thing I notice, is that the virus scan started at the "lower" level was stopped. And the sysinstall started. Also all my other virus protection programs were either deleted, or turned off. But supposedly this was a firewall that would prevent any further virus and so the System Mechanic was not needed. I can't comment to much on the other stuff they were doing as it was happening quick and above my working knowledge. So, in the end two windows were loaded on my desktop. One the sysinternal package, and another that contained a support phone and website. I had opened it and saw the contact info was there.

So right away I notice lots of buffering on Netflix and such, our phones became slow, random disconnects on my comp, along with the comp sometimes just randomly shutting off on its own. Conveniently about this time, I get a call asking how I like the new service. I had been trying to find info on the company that sold it and could find zero info about it on the net. So I told the female caller (again foreign) about the issues and asked why I couldn't find info on this company. Her response was that, those issues were above her, and said I should go the box with the support info, call and get help with my issues, which I was about to do anyway. I said thanks, hung up opened the box (window?) and there was no longer anything there. All contact info was gone. I got on to Windows support today (after waiting 45 min. proving a legit site). First thing I got from them is that they would never have popup windows on any site or push the use of any of their programs. So they are doing what ever they do on they do on there end. They also suggested I go here and report this.

After her, I of course, went straight to my bank and started a credit card fraud investigation which may, or may not, work out well for me in the end.

So, I'm not really expecting any help here although I'm curious if I should delete this the sysinternals they installed, any would be welcome, I'm just warning about the scam. I'm 65 and I'm a 23 year Navy vet. I'm just saying this, as to show I'm no rookie at being a target of scams. I've been around the world several times, seen scams happen with others, and in younger years been the victim of scams more than once myself. But after a bit of maturing, and much worldly experience (think ports in foreign lands with hundreds of young men going on liberty) I can say its been a long, long time since I've been scammed, and this is the first time online. This was a very slick operation and I fell for it. So I do feel the need to share it. I'll be posting this elsewhere also, as wide a dissemination as I can.

One more thing. The legit Windows person told me to run windows defender in offline mode. It picked up one Trojan which I m sure I must have had a long time as it seems associated with music files I downloaded a long time ago. Makes me wonder why I was paying System mechanic all these years, so maybe this is the second time I've been scammed. Defender, which I had off to prevent conflicts picked up this: TrojanDownloader:ASX/Winmad it seemed to be hiding in my backup sorage devices. I'll be using it from now on. Malwarebytes that they also uninstalled had never picked it up either.

So any suggestions or if more info is need by anyone Ill try to answer. This post is mostly just a warning for any who may run into themselves.

The only thing that I can point to is from the emails concerning the DocuSign agreements is Super Tech Service Agreement.rtf. Supposedly the company that sold it to me. For whatever reason I cant copy the actual document.

Back to Top
Martin Winkelmann View Drop Down

Joined: 10 September 2017
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Martin Winkelmann Quote  Post ReplyReply Direct Link To This Post Posted: 24 November 2017 at 3:48am
Looks like you fell for the good 'ol tech support scam.

Please bring your PC to a computer repair shop you trust and ask them to back up your files and do a clean reinstall of Windows.

God knows what shady software these scammers installed on your PC!

The sysinternals apps this forum is about are very legit tools for professionals to troubleshoot PCs and hunt malware. It is not an antivirus application. The scammers most likely just pretended to use them.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.