Newcomer

HELP! I think we're in big trouble

My wife (completly technology ignorant) opened an email and a window popped up that had the message:  "Time+Warner+Cable Customer, your system has detected possible Suspcious Activity. Please call the toll-free number below for a Microsoft -Certified Technician to help you resolve the issue:   855-335-3501.  For your safety, please do not open internet browser to avoid data corruption to the registry of your operating system,  

 

The message goes on to say PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT....."

 

So my wife doesn't shut it down and calls the number.  A guy answers and as she explains.  "He said do this and this and this and this.... and then he had my cursor and starting doing things.  Then I saw a black screen with white letters......"  It about this time I almost passed out but threw up instead.  The guy then tried to talk her into being some services to fix our now corrupted computer.  Fortunately she said she had to check with me first before she spent any money, but she left and went to the store and left the computer up so I'm certain everything has been copied or accessed.  I think the real damage is down. 

 

The question is what do I do now?  I'm not all the savvy myself with connectivity, I know I need to change all passwords, contact my bank etc,   Are all my devices that connect to the WiFi at risk now?  What do I need to do to protect my devices and repeat access to our network and systems? 

4 REPLIES
Spectrum Employee

Re: HELP! I think we're in big trouble

This sounds like a well-known scam unfortunately, it's a variation of something I've seen before, but not from working with TWC but from related experience.  TWC doesn't handle this specific issue, we just provide the utility, we are your ISP (internet service provider).

 

Microsoft doesn't volunteer support from outbound calls. If you're having an issue you call then first, not the other way around.

Same thing goes for TWC.  An outage for a whole neigborhood is easy for us to automatically identify and correct, but a specific house's equipment offline? Well that might just be you've unplugged the power on your modem for all we know from our end. You'd want to call us and ask, right?

 

I had a friend of the family make the same mistake you did many years ago.  They had me in the family and I was able to reformat and re-image their harddrive to get them back to a fresh operating system state (like a new computer all over again).  They lost some data they hadn't backed up.  And they enrolled in the LifeLock service which they were glad they did because in the case of my family member there was actually identity theft and somebody attempted to buy a bunch of stuff in their name with a Best Buy credit card they used their identity to register for, that was all blocked before it became an issue an so whomever the thief was probably discarded the stolen identity and we've never heard of any issues since (or at least I was never told of any future issues related to the theft).

I don't mean to presume what happened to the friend of the family example I mentioned is something that will happened to you, every situation is unique.  But it's good to be vigilant!

Unfortunately TWC can't do anything to help you with the computer or trying to see if you've been a victim of identity theft, but maybe my personal story I shared could give you some ideas of where to find help?  Maybe like Best Buy Geek Squad or something like that in your area for checking the computer for malware?

 

I hope this helps... good luck!

 

 

My postings on this site are my own, off-the-clock, and don’t necessarily represent TWC’s/Charter's strategies or opinions.
Expert

Re: HELP! I think we're in big trouble

Once someone has gotten into your computer with remote desktop, good luck

 

 disconnect it from the internet...

 

If there were any saved passwords they are probably comprimised.

 

I'd go in and create a new user with a new password and give it admin priviledges, I think that willkill off any other admins.

Look and see if there are new users, kill them off.

 Then go into safemode with last known good bootup, but pick something a week or more ago.

Hopefully it starts, you then need to do a virus, trojan and malware/spyware sweep.

 Clean out the trash, saved pages, cookies, etc.

 

Once all that's done, see if it will restart properly, if so, it might be safe to put it on the internet

 

If not, it's called format the hd and reload windows and all the aps.

 

Trusted Helper

Re: HELP! I think we're in big trouble


rmkoth wrote:

My wife (completly technology ignorant) opened an email and a window popped up that had the message:  "Time+Warner+Cable Customer, your system has detected possible Suspcious Activity. Please call the toll-free number below for a Microsoft -Certified Technician to help you resolve the issue:   855-335-3501.  For your safety, please do not open internet browser to avoid data corruption to the registry of your operating system,  

 

The message goes on to say PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT....."

 

So my wife doesn't shut it down and calls the number.  A guy answers and as she explains.  "He said do this and this and this and this.... and then he had my cursor and starting doing things.  Then I saw a black screen with white letters......"  It about this time I almost passed out but threw up instead.  The guy then tried to talk her into being some services to fix our now corrupted computer.  Fortunately she said she had to check with me first before she spent any money, but she left and went to the store and left the computer up so I'm certain everything has been copied or accessed.  I think the real damage is down. 

 

The question is what do I do now?  I'm not all the savvy myself with connectivity, I know I need to change all passwords, contact my bank etc,   Are all my devices that connect to the WiFi at risk now?  What do I need to do to protect my devices and repeat access to our network and systems? 


Yes,

 

You will need to contact your bank and change all your passwords.  In addition, update your anti-virus definitions and run a full system scan.  Also, get the following programs and run a scan:

 

Malware Bytes Anti Malware- (Free version Only.)  Uncheck the Trial version:

 

https://www.malwarebytes.org/

 

Adware Cleaner:

 

http://www.bleepingcomputer.com/download/adwcleaner/

 

I would also recommend posting at the General Security Forum at www.techguy.org in the General Security Forum.  Post your story there:

 

https://techguy.org/

 

Educate your wife about computer basics and security, that she should never open up ANY suspicious emails or files that you don't expect, or know who they are from.  Don't visit unknown websites.

 

Get a good pop-up blocker, get Ad Block Plus, it is offered for most browsers.

 

I also recommend My Web of Trust (My WOT) which gives color coded rankings to websites and weblinks.  Green for Good, Yellow for Caution, Red and Black for Bad.  A warning screen will show for bad WOT sites.  Here is the link to download My WOT:

 

https://www.mywot.com/

 

Satch

Newcomer

Re: HELP! I think we're in big trouble

[ Edited ]

Hey if you need any type of help with this, let me know.I work with issues like this all the time, and malware removal as well.