Fake Tech Support Scam: What You Should Do!

A fake tech support scam is a type of fraud where scammers pose as legitimate technical support personnel from well-known companies to trick victims into giving them access to their computers, personal information, or money. Here’s how these scams typically operate and how to clean up your system if you did/do fall victim to this type of scam!

How Fake Tech Support Scams Work

Initial Contact:

• Cold Calls:
  Scammers often call victims directly, claiming to be from reputable companies like Microsoft, Apple, or a popular antivirus provider. They usually say they've detected viruses, malware, or other issues on the victim's computer.
• Pop-Up Warnings:
  Victims might encounter alarming pop-up messages while browsing the web. These pop-ups often claim that the computer is infected and instruct the user to call a provided number for immediate support.
• Emails:
  Scammers may send phishing emails that appear to come from legitimate companies, warning about security threats and urging the recipient to call for support.

Convincing the Victim:

• The scammer tries to convince the victim that their computer is at serious risk. They use technical jargon and alarming language to create a sense of urgency.
• They might ask the victim to open certain files or run specific commands that produce harmless but alarming-looking results, reinforcing the scammer’s claims.

Gaining Remote Access:

• The scammer persuades the victim to install remote access software, such as TeamViewer, AnyDesk, or LogMeIn. This gives the scammer control over the victim’s computer.
• Once they have access, they might pretend to run diagnostics or show fake errors to maintain the illusion of a serious problem.

Exploiting Access

• The scammer may install malware, steal personal information, or use the computer to commit further fraud.
• They often demand payment for their "services," claiming they can fix the issues they "found." Payment might be requested via credit card, wire transfer, gift cards, or other non-reversible methods.

Continued Exploitation

• Even after payment, scammers may leave behind software that allows them to regain access or continue monitoring the victim's computer.
• They might sell the victim's information to other scammers, leading to further fraud attempts.

How to Protect Yourself

Be Skeptical of Unsolicited Contact

• Legitimate companies rarely contact customers out of the blue about computer issues. 
• If you receive an unsolicited call or message, be wary.

Verify Claims Independently

• Don’t trust pop-ups, emails, or calls without verifying their legitimacy through official channels. 
• Look up the company’s official contact information and reach out directly.

Do Not Allow Remote Access

• Never give control of your computer to someone you do not know or trust. 
• Legitimate support personnel will not ask for remote access unless you have initiated the contact through verified means.

Use Reputable Security Software

• Keep your antivirus and anti-malware software up to date. Use reputable programs like Malwarebytes Anti-Malware to protect your system.

Educate Yourself and Others

• Learn about common scam tactics and share this knowledge with friends and family, especially those who might be less tech-savvy.

Here's a step-by-step guide to help you ensure your computer is secure and free of any unwanted remote access software if you did fall victim to a fake tech support scam/scammer.

Immediate Steps To Take If You Have Been Scammed

1. Disconnect from the Internet

• Unplug your ethernet cable or turn off your Wi-Fi to prevent further remote access.

2. Identify and Remove Remote Access Software

• Check Installed Programs
• Go to `Control Panel > Programs > Programs and Features`.
• Look for any remote access software (e.g., TeamViewer, AnyDesk, LogMeIn, RealVNC).
• Uninstall any suspicious or unfamiliar programs.
• Check Task Manager
• Press `Ctrl + Shift + Esc` to open Task Manager.
• Go to the `Startup` tab.
• Disable any suspicious entries that start with Windows.

3. Scan for Malware and Adware

• Malwarebytes Anti-Malware:
• Download and install Malwarebytes
• Run a full scan and remove any detected threats.
• ADW Cleaner
• Download and run ADW Cleaner.
• Follow the prompts to clean any adware, toolbars, or PUPs.

Additional Steps You Can Take...

Network Settings

• Ensure no changes have been made to your network settings:
• Go to `Control Panel > Network and Sharing Center > Change adapter settings`.
• Right-click your network connection, select `Properties`, and check for any unfamiliar protocols or services.

Check for Suspicious Services

• Press `Win + R`, type `services.msc`, and press Enter.
• Look for any unfamiliar services that are running and set to start automatically.
• Right-click and stop these services if they seem suspicious

Update Your System

• Ensure your Windows operating system is up to date:
• Go to `Settings > Update & Security > Windows Update`.
• Install any available updates.

Reset Passwords

• Change the passwords for your computer accounts, especially if they have administrative privileges.
• Change passwords for any online accounts accessed from this computer.

Enable Firewall and Antivirus

• Ensure Windows Firewall is enabled:
• Go to `Control Panel > System and Security > Windows Defender Firewall`.
• Make sure you have an antivirus program running and up-to-date.

Monitor for Unusual Activity

• Keep an eye on your system for any unusual behavior or performance issues.

Final Steps

Consider Professional Help

• If you're unsure about any step or want to ensure complete security, contact Pacific Northwest Computers in Vancouver, WA at 360-624-7379 for further assistance!

Data Backup and Recovery

• Backup your important data to an external drive or cloud storage.

System Restore or Reinstallation

• If you suspect deep-rooted infections or issues, consider performing a system restore or a clean installation of Windows.

Feel free to reach out if you need further assistance or if anything is unclear. Stay safe!

Pacific NW Computers

www.linktr.ee/pnwcomputers

www.pacificnwcomputers.com

New Virus Alert: CryptoLocker!

A New Virus Has Surfaced ~ CryptoLocker

CryptoLocker is a new, nasty piece of malicious software that is infecting computers around the world; encrypting important files and demanding a ransom to unlock them. If you get hit with this virus you risk having your personal data encrypted and lost for good!

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

The CryptoLocker virus can be removed from an infected system, but unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful.

Preventive Measures:

1. BACKUP ALL OF YOUR DATA ASAP! That’s the only way to reduce the risk of losing your files forever. Also, to avoid getting your backup's encrypted your backup device should be disconnected from your computer until the next time you need to access it or run a backup. 
2. Download and install a free utility called 'Crypto Prevent'. Crypto Prevent is a small utility that changes a few settings in your computer to help prevent the CryptoLocker infection from happening in the first place! Its not a golden bullet however, so having current data backups is your ulitimate defense. You can downloading the Crypto Prevent utility directly from the link below!

http://www.foolishit.com/vb6-projects/cryptoprevent/

If you need any assistance we can setup a visit to help secure and backup your computer for you!

Let us know if you have any questions or issues!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379

Browser Redirect Virus Fix! Search Conduit, DefaultTab, MyWay Web Search, Etc.

The majority of computers coming in with virus infections all have browser hi-jacks and other browser-related malware infections. A browser hijacker is something installed onto a computer system and attaches to an internet browser to change internet browser settings; such as the home page and default search engine. This causes the now infected internet browsers to start up using their search bar or their search engine OR even just redirect you to where they want you to go. This type of infection can generate browser pop-ups while you’re surfing the internet, slow the computer's overall performance as well as lead to further and more severe virus and infection issues!

As with a vast MAJORITY of BHO's (browser helper objects such as toolbars), most use unethical practices and are utilized by ethical and unethical third parties, including cybercriminals and scam artists, to generate revenue through sites tied they are working for/partnered with as well as other third-party domains and advertising based search services.

Products and software associated with the browser redirection infections:

• Activeris AntiMalware
• Ado System Protect
• AnyProtect
• Any Send
• AssetsManager
• Babylon Toolbar
• BFlix Toolbar and TheBFlix
• BlockandSurf
• Boost Shopping
• Browser Guard
• Browser Protector
• BrowserRedirector
• Bubble Sound
• Chromium (Dregal)
• CinemaPlus vX.X
• Conduit
• Consumer Input Firefox Extension
• Coupoon (two 'oo')
• CrossBrowse
• DefaultTab
• Delta Toolbar
• Dregal (Chromium)
• Driver Pro
• Driver Restore
• Driver Updater (No Publisher/Specifics)
• File Type Assistant
• FLV Runner Toolbar
• Free Ride Games Player
• Games Desktop vX.X
• GeniusBox
• HashBrat
• IdleCrawler
• IE Web Protect
• IE Web Protect Plus
• Linkey
• Linksicle
• MapsGalaxy Toolbar (and other random/various related 'MapGalaxy' products)
• MediaPlayerEnhance
• MixiDJ  
• Mobogenie
• MyPC Backup
• MyWayWeb Search Toolbar
• NewPlayer
• Optimizer Pro vx.x
• OneSoftPerDay
• Pasta Leads
• PC Fix Speed vx.x.x
• Plus-HD-x.x
• PC Optimizer Pro
• PC Pro Cleaner
• Powerful Browse
• QuickRef
• Remote Desktop Access (No Publisher/Specifics)
• Search Conduit
• Search Protect
• Search Results LLC
• Shop To win
• Shopper Pro
• Shoperz
• SmartWeb
• Software Updater (No Publisher/Specifics)
• Software Version Updater (No Publisher/Specifics)
• Special Savings
• Unico Browser
• Wajam
• Web Companion
• WebProtector
• Web Protect for Windows
• WiseCare 365
• Yontoo
• Yontoo Layers
• YTDownloader

Removal Process:
1st Step
Uninstall all programs listed (and any others "odd" programs that have a similar install date) through "Programs and Features" aka "Add/Remove Programs" found through your computer's control panel.

2nd Step
Download and install MalwareByte’s Antimalware and Spybot Search and Destroy (1.6.2) to use in conjunction with your antivirus to run full virus scans on your computer! Remove (or at least quarantine) anything that the programs identify!
*If you don't have a current anti-virus we recommend one of the following AntiVirus titles; Microsoft Security Essentials, Avast! Antivirus or Bitdefender Free.

3rd Step
In all of your web browsers (Internet Explorer, Firefox, Chrome, etc) you want to examine all installed add-ons and extensions. Remove anything that is related to the software programs listed above. Additionally, you can use ADWCleaner and JRT to get even further "under the hood" to make sure all of your web browsers are clean from Adware and Browser Hi-Jack software.

4th Step (EXTRA)
Download and run TDSKiller from Kaspersky Labs to check your systems for any types of rootkit infections.

For direct download links to the software listed above, visit "Pacific NorthWest Computers' Links and Recommended Software" blog post:
http://pnwcomputers.blogspot.com/2013/06/pnw-computers-links-and-recommended.html

Further Reading/Related Articles:

How you can get infected & what you can do to try to prevent it:

https://pnwcomputers.blogspot.com/2024/07/how-am-i-getting-infected.html

How to do a full system clean-up with virus/malware scans:

https://pnwcomputers.blogspot.com/2024/07/how-to-do-tune-upclean-up-with-virus.html

Think someone is accessing your accounts and/or devices!? Here's what to do:
https://pnwcomputers.blogspot.com/2024/07/i-think-someone-is-accessing-my.html

Fake Tech Support Scam: What You Should Do:
https://pnwcomputers.blogspot.com/2024/07/fake-tech-support-scam-what-you-should.html

Fake Hard Drive Diagnostic Virus; Browser Pop-up/Redirection Fix

Pacific NorthWest Computers KNOWS rogue security and fake software applications very well. Fake software virus applications make up for 85% of the infections that we see on a day-to-day, week-to-week, month by month basis here in the shop. At first it was just fake security software programs. But the newest "trend" in the fake malicious software world is fake hard drive diagnostic software.

This fake diagnostic software virus pretends to have found issues with your hard drive, proceeds to hide your data (to seem more legitimate) and then tries to sell it self as a fix for all "problems" it has identified with your hard drive. When first released, it was not to difficult to remove. But the issue we are running into now however is that when a customer brings a system in that has this virus on it, we aren't just worrying about just getting the virus removed. But more importantly, reversing the changes the virus has made to an affected system. The big challenge has been with Browser hooks.

(Our Updated Browser Infection Blog Article Found Here)

Most of the time when we encounter this virus it will actually "hook" into (or simply put; infect) the executable "IExplorer.exe", which is Internet Explorer. Once "hooked" the virus can change, modify how Internet Explorer functions and can generate pop-ups and redirect searches and navigation in the browser. All after the virus cleaning is completed on the affected computer. Now, most of the time programs like Spybot Search & Destroy are very effective at reversing system modifications created by viruses. But so far, this browser hook issue is not "automatically" fixed by virus scanners and utilities and since hooks can sometimes be impossible to remove. This type of an issue can prevent us from declaring a system clean and can sometimes require us to reinstall the computer's operating system. Well, we think we figured out a fix!

After working on a computer from a local insurance agency, I did some extensive poking around an infected computer's file system and registry and was able to locate a registry location for something called “DOMStorage” under Internet Explorer’s HKEY_ CURRENT_USER registry key (HKCU\Software\Microsoft\Internet Explorer\DOMStorage). In this registry entry, I found folders matching the names for some of the websites that were being generated in the random IE pop-ups's. I knew I was onto something but did not know what "DOMStorage" even was nor did I know why or how Internet Explorer even used it.

After doing some research on DOMStorage (http://en.wikipedia.org/wiki/Web_storage) it looks like DOMStorage, or Document Object Model Storage, is a web application software method and protocol used for storing data in a web browser. So I thought to myself, “Well if they can store data there, they could very well plant a program in those locations to hide and allow themselves to generate those pop-ups!”. So I went ahead and deleted all of the folders in the DOMStorage registry location (and there were A LOT of sites listed in there) and it’s safe to now say after removing those folders there have not been ANY Internet Explorer pop-ups since! After pop-ups coming up several times a minute, the system is running great and is running flawlessly for several days; with web surfing and all! No browser re-directions or anything!

(Our Updated Browser Infection Blog Article Found Here)

So I would say this is another problem solved and another win against viruses for Pacific NorthWest Computers!

Jon Pienkowski
Owner/Operator
Pacific NorthWest Computers

Rogue Hard Drive Error Repair Software

A new fake HD repair/error finding virus software is going around, and it hides all of your personal data so it  looks like all of your data has been lost or deleted; RUN FULL, MANUAL, VIRUS SCANS ASAP IF IT HAS BEEN A WHILE and MORE OFTEN THAN USUAL!

Rogue Security Program Infections; At a Glance!

More and more everyday I am see and hear about people becoming infected with Rogue security Software virus. 

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. – Wiki

Right now the most common form of infection they are using is web page hi-jacking and “trap” websites that are created to “host” the virus (why using Firefox is so important).

So what people end up encountering is a web page that has been hacked, hi-jacked, infected or exploited that is unknowingly “hosting” this virus and ends up spreading the infection to whom ever visits the website. In doing this, their trap has been set and the infections begin! This form of infection is commonly refered to as a “Drive-by Download“.

After the computer becomes infected, users start to see and encounter “security warning” icons in their task bar (lower right of the desktop), pop-ups warning of an infection and fake animated virus scans indicating your computer is infected as the virus itself tries to build its credibility. In  most cases the virus can even infect the Windows Security Center making it even harder for users to identify whether the software is real or not. However the goal being achieved out all of this is for the virus creators to make money. So they are hoping that the users of the computers that become infected, and fooled by the “song and dance” the virus puts on, and buy their infectious and fake security software.

So I wanted this to be a little heads up and explanation for everybody about this subject since it is the most common repair I encounter to date.

Be Aware, Stay Informed and Scan Often!
 
~Jon Pienkowski, Pacific NorthWest Computers