Hi, I felt it my duty to report an incident of this exact issue that happened to my mother last night:
Out of the blue, a cold-caller called her from the number 202-317-1111. The person on the other end of the line had a fairly strong, probably Indian, accent, and claimed to be calling from a contracted company hired by Microsoft. He claimed that her computer was sending out excessive error messages. He had her download a file named "Vsupport_365QS_en.exe" and run it. This, along with having her turn on remote access to the computer.
At this point, he handed the phone off to his "supervisor" who had a slightly less of an accent, who then then proceded to dig Way deeper into the system than I even knew existed (and I'm a Computer Information Systems major at local college). I am assuming it was to baffle her. He then stated her computer was infected, and our existing AV software was insufficient to the task and that he could sell her good AV software for $200.
At this point, she came and got me. I got on the phone, and he asked about my technical expertise level, and I stated Expert. He then tried to sell me AV software of my choice "Norton, McAfee, Trend Micro" at which point I hung up on him, informed my mother that it was a telemarketer, and handed her back the phone. She started to tell me what he had done, and I went to investigate. (this is where I discovered what he had been doing) - I immediately unplugged the network cable to the computer to cut off his access.
He then re-dialed no less than 7 times. My mother picked up one of them and he assured her he wasn't a telemarketer, before I grabbed the phone and hung up on him. We had to keep ignoring the calls, before he finally gave up.
This morning, I booted to a USB bootable Anti-virus thumbdrive, and did a full system scan. The only things we found, were that EVERY .doc file in her documents folder had been infected with a macro, and there was 1 new file titled "I let a questinable technician have remote access to my computer.doc" also with macros inside it. Thankfully no viruses were found.
Still disconnected from internet, I booted up the computer, grabbed her files to a thumb drive, and rebooted to my windows CD and Formatted the HD and reinstalled everything. I don't know how to clean her files yet, so that thumb drive is just sitting there.
As far as what he Got from her files, we have no idea. She spent all night and morning calling and canceling every credit card, debit card, and bank account she has. We don't know what he got, but one item in that folder was last year's income tax records copy.
Thanks for reading, I wanted to emphasise that this is really happening, and give a turn-by-turn description of how it happens. Also, any tips on how to clean macros out of Word files would be appreciated.
You’re covered for all Mother’s Day going forward now.
Many take these things way too lightly until it’s too late. It amazes me they spend money on AV protection falsely believing it protects from everything and go roaming around carelessly all over the Internet. At best, it’s the very last line of defense and not particularly good at that.
Several hours of mitigation is worth every bit of your financial identity. You have everything you own to gain; the real question is what are you willing to lose?
Basically, I find it very helpful,and informative. Thank you for creating it.
As for any clarifications...That would be kinda like, the "Grasshopper" offering the "Sensi" recommendations !
Thanks again, Selvan..and for all you do.
Thought I would leave this to others, but it easy to find your own solutions (Google, of course). Here’s one: http://www.extendoffice.com/documents/word/758-word-remove-macros.html
This thread is taking off nicely, which solves the problem of preventing it from disappearing and being forgotten. I may take the original post and turn it into a document though if the posts begin to diverge too far from the subject matter.
Tracey Romine has writen a blog article about these rogue companies, which is worth reading.
It looks as if we both decided simultaneously to post something on the same topic. Synchronicity or what?
I and several others in the UK have reported receiving calls from a number apparently in Chennai (Madras), India.
The number, unusually, is available through BT's call-back feature and so it may perhaps be a fake number. Nevertheless I took a call from that number and the very poor line quality and the Indian accent indicates it possibly did come from somewhere in India. This is likely to be a general-purpose call centre rather than a dedicated "tech support" operation because the same number is reported for both "Microsoft support" calls and fake "lifestyle survey" calls.
The number is 0091 44 2085148596 (0091 = India, 44 = Chennai/Madras).
Edit - There are plenty of articles about these phone scams, and a few YouTube videos. Some folks take a perverse (and quite understandable) pleasure in tormenting their callers by stringing them along ....
Here's a couple of links.
We get them here too. My responses to them vary, from telling them they've reached the FBI to "we have no computers here" to swearing at them or just hanging up. Either way I then add the number to my Call Screen list.Message was edited by: Ex_Brit on 21/07/14 3:56:28 EDT PM