Ripoff attempt

Topic

New Reply

You get a call from India saying that your PC is badly infected. This has happened to me twice. They have you do this procedure:

1. Press windows symbol on keyboard and r. Run window appears.

2. Type eventvwr, click ok. (That’s event viewer, logs of what’s happened in the past.)

3. Choose Windows logs > Applications. (That’s a log of one type of event. There are about 5 others.)

4. A long list of entries appears. (In my case, over 50,000, going back over a year.) She told me these were all errors caused by my internet activity. Not true: almost all were just logs of events, including some past errors. They are for information only and do not mean that anything is wrong at present. (In my case, which is probably not typical, hundreds of errors from Bonjour appeared. Bonjour has something to do with iTunes, which I don’t use. Searching on “bonjour services” gave instructions about how to remove it, but the instructions could not get started.)

5. Each entry in eventvwr is a log file for a different kind of event. They do not do any harm by just being there. I cleared all by rt-clk except Windows, which cannot be cleared. For this they wanted $300, $200 or $100!

6. I can’t think of the name of the site where you can check such things. They may not have heard of this.

Reply | Quote

Replies

MrBip,

This one’s been around for a while. They often claim to be from Microsoft. Blatant scam! The website you were thinking of is http://www.snopes.com. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

I have a customer that fell for this……allowed the folks to remotely access their computer, but didn’t pay for anything. But now, there is older looking Windows password logon box whenever you boot up and cannot get past it. We get this in safe mode, even SM cmd prompt. I’ve taken the hard drive out and scanned it on another computer, so I know it’s not a virus. I’ve attempted to run a system restore as well after booting from a Win7 DVD, but I don’t know if SR was turned off, or if the scammers turned it off, as I cannot find a restore point. Anyone else see anything like this? Or what else to try before we reload the system?

Reply | Quote

Are you able to run something like Autoruns or WhatInStartUp?

Both are free and neither require an install. You may also run Autoruns from http://live.sysinternals.com.

Joe

--Joe

Reply | Quote

Joe, are those programs able to run via cmd? Booting up with a Win7 DVD is the only way I can get this machine to a workable place….

Jon

Reply | Quote

Jon, did you try resetting the Windows password? :
http://pogostick.net/~pnh/ntpasswd/bootdisk.html

Jerry

Reply | Quote

Jerry, it’s not a Windows user account that it’s asking for a password for….just states this system is configured to require a password. It has what looks like a Win98 or 2000 style icon. I have two buttons [ok] and [restart]. I know it’s not a Windows thing as if I restart, the system tells me it wasn’t shutdown properly and requests I attempt to repair…..repair doesn’t do anything. Now that Win7 has gone to a bootmgr rather than boot.ini, is there any way to look at what’s in bootmgr without being logged in? Or, is there a way to manipulate via cmd. If not, I guess it’s factory reset, here we come….darn social engineering hacks….

Reply | Quote

Those programs require Windows to run.

See if What is Windows Defender Offline? helps.

Joe

--Joe

Reply | Quote

Could it be a BIOS or disk password? If its a BIOS password, you might be able to get around it by shorting the cmos battery jumpers if available or removing the CMOS battery for 5 minutes.

Jerry

Reply | Quote

Jerry, its not a BIOS password as it does display the Windows splash screen. Joe, it’s not a virus….I’ve taken the drive out and scanned on a clean machine. I’ve attached a picture of the password screen I see…… ??33512-IMG_20130326_155545-800×600

Reply | Quote

I believe that’s a SysKey prompt: SysKey – Set Startup Password to Lock or Unlock Windows

Bruce

Reply | Quote

Bruce, you’re right on track! Thanks for the info…..Googled it and although it looks nasty to remove, at least I know where to start…..

Jon

Reply | Quote

The rule for being safe from this kind of thing is “Though shalt always DELETE anything you were not expecting to receive.” Some of these have you do a few things and your system will never boot up again. But at least you were smart enough to not send them any money.

Chris C.

Reply | Quote

Hello fellow loungers!

I am an Indian myself. 🙁 I express deep regrets that my country-men are perpetrating such low schemes.😡 But I implore you please don’t tar all of us with the same brush.:o: As an honest, morally upright, upstanding world citizen I have many reasons to rue my nationality especially when such low life scum tarnish our name globally. Imagine what a hellish life it must be for me, my family and community and all other honest Indians like me, over here, just because such scum have found out how to game the system – life for honest people in India has become hell!

We are trying our utmost to save our country from being driven into the dust by such vermin. 😡 And to do so, I am trying to convince my fellow nationals that we must begin by acknowledging our faults and shortcomings before we can begin addressing them. There are scamsters from other countries like Nigeria and the Chuvashia province of Russia, too (I’ve encountered them personally) but that is no excuse for us Indians to behave badly.

If there is any thing I can do to help, in any way or manner, I’ll be most glad to.:mellow: This is my way of being patriotic and clearing the honour of my country’s name.

Thank you for hearing me out. 🙂

Reply | Quote

Well said.

Reply | Quote

I became a hero of sorts at work the other day. We had a computer that needed a password entered but nobody knew what it was. I had recently read an article somewhere about how to “fix” these situations. There were at least two solutions. One claimed to allow you to delete any password, no matter how complex it was, but the process seemed rather complicated. The other method was said to be easier to use and would actually show passwords, but would only work on relatively easy passwords. Knowing the type of folks I worked with, this was my choice.
I downloaded the program named ophcrack, and burned it on a cd as an iso. I simply inserted it into the computer, sat back for about 3 minutes, and watched it list the needed password. Gotta admit, I was a bit surprised myself.

Reply | Quote