Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Friend fell for Microsoft India tech support scam - are all her hard drives corrupted?
New Posts  All Forums:Forum Nav:

Friend fell for Microsoft India tech support scam - are all her hard drives corrupted?

post #1 of 23
Thread Starter 
I am going to reload the OS for her tonight, but she has a second drive that she doesn't want to toss.

They seemed to have installed a password block. No amount of using restore points, etc. Will get us past it.

Would they have put something to reload the Trojan on the second hard drive?
She gave them her computer id and they keep calling back, so will they be able to rehack her machine?

Thanks

And yes, I told her Microsoft will never, ever, call her. tongue.gif
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
post #2 of 23
if it messed up the OS, it more then likely messed up any content you had on the drive(s)

reformat,reinstall,re-download, don't trust strangers on the phone and google everything before making a move.

edit: or hire someone with the knowledge to clean it, but then still its only a chance to get the info back.
Edited by Sadmoto - 3/12/14 at 7:01pm
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
post #3 of 23
Thread Starter 
Thanks. Reloaded OS, so far no problems.
Spare hard drive will be recycled, since she has Carbonite backup.
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
post #4 of 23
Quote:
Originally Posted by Fan o' water View Post

Thanks. Reloaded OS, so far no problems.
Spare hard drive will be recycled, since she has Carbonite backup.

Did you simply re-install :Windows over the existing installation??? I certainly hope not.
Quote:
Originally Posted by Fan o' water View Post

Would they have put something to reload the Trojan on the second hard drive?

If she gave them remote access, GOD KNOWS what they could have done. I would scan all the hard drives with a/v and anti-malware. Yes it's possible a trojan could have been placed on the non-OS drive. Worse yet, they could have put a keystroke logger on the machine.
Quote:
Originally Posted by Fan o' water View Post

She gave them her computer id and they keep calling back, so will they be able to rehack her machine?

As I said before, I hope that you reformatted the HDD instead of doing a dirty install. :That would ensure that any malware or virus on the C: (OS) drive is wiped clean. Scan the 2nd non-OS HDD as I mentioned above. Also remind your friend to protect her Windows logon by using a strong password.
Edited by DaChosenOne - 3/15/14 at 8:31pm
post #5 of 23
Thread Starter 
No I simply reloaded the OS onto the C drive, but told it to not keep any previous info. Will see how much software she has reloaded onto her machine. We could reformat and reload.

Not going to access the second hard drive at all - it was just her backup and she has switched to Carbonite anyway. It will be recycled.

Thanks DaChosenOne!
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
post #6 of 23
What is a "password block?"
post #7 of 23
It may just be me but I'd honestly reformat and not "reload" your previous programs, theres still a chance the virus/trojan/etc is IN the OS.

do a FRESH install of EVERYTHING ignore your whole "reload" idea, that is the only way to know pretty much 99.9% that you got rid of it.
Yea it'll be more time consuming to re download your drivers/programs etc but IMO its worth it knowing that its clean.

I've had a "sleeper virus" before where I didn't reformat and my computer wouldn't even go to windows after 2 weeks or working what I thought was fine. I had to have someone professionally clean my HDD's because I couldn't even boot into safemode, nothing. After it was wiped, it ran like brand new.
Edited by Sadmoto - 3/17/14 at 10:40am
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
post #8 of 23
Quote:
Originally Posted by Sadmoto View Post

It may just be me but I'd honestly reformat and not "reload" your previous programs, theres still a chance the virus/trojan/etc is IN the OS.

do a FRESH install of EVERYTHING ignore your whole "reload" idea, that is the only way to know pretty much 99.9% that you got rid of it.
Yea it'll be more time consuming to re download your drivers/programs etc but IMO its worth it knowing that its clean.

I've had a "sleeper virus" before where I didn't reformat and my computer wouldn't even go to windows after 2 weeks or working what I thought was fine. I had to have someone professionally clean my HDD's because I couldn't even boot into safemode, nothing. After it was wiped, it ran like brand new.

I agree. Malware can modify existing .exes and trojanize them. If you load the trojanized binaries onto your new system, it can infect you all over again.
post #9 of 23
Thread Starter 
My friend has ordered a new hard drive (her previous was fairly old) and we are going to a fresh from formatting re-install of everything.

Cheers thumb.gif

Oh, and the scammers keep calling her everyday - not that she is answering this time. She is going to find out who she can report them too.
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
Mild Mod
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-5930k 4.5Ghz @1.331v Asus X99-A EVGA GTX1070 SC 16Gb Gskill DDR4-2400 
Hard DriveOptical DriveCoolingCooling
850 Pro SSD, 2 Cav Blacks Asus HWLabs 280mm SR-1 and GTX120 mm radiators EK GPU waterblock and backplate 
CoolingOSMonitorKeyboard
EK Supremacy EVO cpu block W7 64 Pro Dell U3011  Razer BlackWidow Ultimate 
PowerCaseMouseAudio
Corsair AX850 Corsair 650d Modded SteelSeries Sensei Raw (heat orange) Creative 5.1 setup 
Audio
Creative Soundblaster Z 
  hide details  
Reply
post #10 of 23
Quote:
Originally Posted by Fan o' water View Post

My friend has ordered a new hard drive (her previous was fairly old) and we are going to a fresh from formatting re-install of everything.

Cheers thumb.gif

Oh, and the scammers keep calling her everyday - not that she is answering this time. She is going to find out who she can report them too.

sweet deal that'll make sure nothing is in there haha!

and you could maybe call Microsoft, but I'm honestly not sure they would do anything.
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
AMD Phenom FX-8320 4.1Ghz @stock Volts Gigabyte 970A-UD3P Sapphire 7870XT //GPU1.150Ghz//MEM1.5Ghz//10% G.Skil DDR3 8gb 1600mhz 
Hard DriveCoolingCoolingCooling
Seagate 1TB HD 5x 120MM Fans Coolmaster TX-3 1x 200mm Fan 
OSMonitorKeyboardPower
Windows 8.1 64Bit Samsung 32" LCD TV Cyborg Keyboard Seasonic 520W 
CaseMouse
Antec Unknown Gigabyte M6980X 
CPUMotherboardGraphicsRAM
Intel Core 2 Duo Q6600 2.4 Ghz ASUS IPIBL-LA (Berkeley) GT 430 3 GB DDR2 Samsung Sticks 
OSPowerCase
Windows 7 32bit Bestec 300W Hp M9040N 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Friend fell for Microsoft India tech support scam - are all her hard drives corrupted?