I've just had a caller claiming to be from Virgin Media call my house telling me that I have a virus on my computer.

He then explained that they had an offer for McAfee Internet Security for £90 to protect all computers in my house for 9 years. A technician pulled up a folder on my computer called 'prefetch' via a remote control called TeamView.

I thought this was legit til the guy on the phone started asking me for my bank card's long number. I then got into an argument about how, as I pay by direct debit, they should already have the payment details they need.

I've told them to call back later. Is this Virgin Media being stupid, or a scammer?

Have a read of this thread (http://www.cableforum.co.uk/board/25/33666530-micropcsupport-com.html) - different name, same scam.

One question, did you click things to give him access or did he already have access.. Either way I'd be wondering what else they're looking at :(

PS - just noticed they installed their scamware - I would probably do a system restore back to yesterday or at very least uninstall TeamView. (have a google for 'Windows System Restore').

Yet another story from this year, lots of digy companies about atm :(

http://www.pcpro.co.uk/news/security/356833/pensioner-targeted-by-fake-virus-phone-scam

---------- Post added at 15:43 ---------- Previous post was at 15:40 ----------

Another site with many links, worth a read..

http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam

I've just had a caller claiming to be from Virgin Media call my house telling me that I have a virus on my computer.

He then explained that they had an offer for McAfee Internet Security for £90 to protect all computers in my house for 9 years. A technician pulled up a folder on my computer called 'prefetch' via a remote control called TeamView.

I thought this was legit til the guy on the phone started asking me for my bank card's long number. I then got into an argument about how, as I pay by direct debit, they should already have the payment details they need.

I've told them to call back later. Is this Virgin Media being stupid, or a scammer?

Its a scam and has nothing to do with VM

Sounds like a massive scam to me ! If he does phone back tell him to stick his anti virus where the sun doesn't shine. If he was from VM you could have asked him to confirm your address or account number or what packages you have for the TV/Internet/Phone.

Also, if you've now installed something at his behest I'd strongly recommend uninstalling 'TeamView' then running the following FREE tools:

Spybot - Search & Destroy©® 1.6.2
http://www.safer-networking.org/en/download/index.html

Microsoft Security Essentials
http://www.microsoft.com/Security_Essentials/

Spybot is a anti malware program and is usually manually run by the user every week or month

Microsoft Security Essentials is a free antivirus and anti-malware that runs continuously in the background, it will ask you to do a first time scan upon installation but you might want to skip that and then do a full system scan instead.


Off the top of my head those are the two tools I'd recommend, I'm sure others might have some suggestions as well.

Only spotted them doing 2 things, bringing up a 'prefetch folder' and then some box that looked like antivirus software with traffic lights on.

Is there a phone number I can call to report this?

But how did they get access???? Did you follow instructions to give them access?? or did they already have access??

:rolleyes:

Just d/l and run malwarebytes to clear your machine
http://www.malwarebytes.org/

I've just called them, it's a spoof.

These scammers are getting better aren't they :(

---------- Post added at 15:55 ---------- Previous post was at 15:53 ----------

But how did they get access???? Did you follow instructions to give them access?? or did they already have access??

:rolleyes:

They told me to install TeamViewer and install the software.

Everything seemed legit and professional until he wanted my card number.

The phone number was 09869186XX.

There's no reason as to why someone would open up the PREFETCH directory to do an AV scan, just that these scams are known to not only try to charge you but also to leave/change files that include trojans, botnets, malware...etc.. Not all will be found in a simple virus scan or even a malwarebyte scan..

My own advice to peole who have downloaded the program based on a phone call is grab a pair of scissors, cut your internet wire and phone cable and don;t ever reconnect them... Other than that I always re-install a PC that's had a confirmed 3rd party inside of it ;)

I feel so stupid, I can't even find where TeamViewer's located so I can uninstall it :\

BTW, the number you called back on probably charged you anything from £1-£1.50 a minute

Teamviewer>> try control panel, add/remove programs and see if it's in the list

---------- Post added at 16:07 ---------- Previous post was at 16:03 ----------

Do you still have the URL to team viewer that they got you to type in? If yes then can you PM me that link please as I'd like to know which domains if any and who owns them

PM only please

I've just called them, it's a spoof.

These scammers are getting better aren't they :(

---------- Post added at 15:55 ---------- Previous post was at 15:53 ----------



They told me to install TeamViewer and install the software.

Everything seemed legit and professional until he wanted my card number.

The phone number was 0986918691.

the 09 numbers cost you a bit then as well.

http://www.teamviewer.com/index.aspx appears to be a readily available app so I wouldnt panic about malware but it does allow file transfer so I would run all the scans.

If in the unlikely case they have installed malware system restore will not help you btw

The teamviewer client can be altered to auto-remote to home, hence they use that program. Zing can you think of any reason (apart from nasty ones) as to why they'd head straight for the Prefetch folder?? :(

Seriously, do you know any friends / family who are PC 'tech heads'? You either need to deep clean that PC or reinstall from that backup (?!) :( Do not use it for any online banking or even email until it is cleaned.
I would also consider using another computer to change any passwords for bank / email accounts you have accessed from this computer.
I know it sounds harsh but the **** have placed code on your computer that could be doing any number of nasty things.

Might be well worth your while getting some REAL antivirus software on your computer now.

http://www.kaspersky.co.uk/trials

Kaspersky is what i use, the Internet Security suite, there are loads of offers at Amazon and it will cost you about £20 or so for a years subscription.

Let a decent program find and remove all the rubbish for you ;)

Prefetch is a 'known' folder that might convince someone that they know what they're looking for?

Not really as prefetch is rarely seen by a standard user.. All the content is automatic based on what you run..

Got a new copy of Norton 360, so I'm running that now.

Any shopping and banking I do, I do it on my iPhone. And it's set so as passwords and user names aren't remembered.

And norton 360 still might not find a redirect or trojan (depends how new the malware is and who wrote it and whether the AV company's have thier hands on a copy)..

It might be because the user might think oh wow ive never heard of that before?

I personally think this is just a phishing scam after credit card details for identity theft and fraud. I would be surprised if they are installing malware.

The fact they have an 09 number shows its quite an advanced fraud although they may be stupid and used legit details ( although unlikely) to register the line.

I would inform the old bill and give them all the relative information just in case the theives were thick and left a trace on themselves

---------- Post added at 16:27 ---------- Previous post was at 16:24 ----------

And norton 360 still might not find a redirect or trojan (depends how new the malware is and who wrote it and whether the AV company's have thier hands on a copy)..


I had a machine come in not to long ago that had a revision of the fake av scam which was no new nothing could shift it so the gitbags out there are really turning the heat up the last year or so with instances of these scams on the rise all over.

TBH you would have thought with the media coverage these get that people would have wised up a bit by now

no disrespect to the op meant :)

Not really as prefetch is rarely seen by a standard user.. All the content is automatic based on what you run..
That's what I meant - it's unknown to Joe user but known to Techies and contains 'techie' looking files.

The current reports are that they claim to remove a virus and charge redeiculous amounts for it £80+. There's also been reports on some of the main internal support groups of nasties being left (hence my previous comments)

It seems that it depends on who's doing the scam, some groups are happy with the 80+ quid for 10 minutes pretend work, where others probably run by larger organisations are the ones leaving the nasties..

My own view is that until the PC is reinstalled you'll never be 100% sure thatt here's nothing there, but I suppose that my viewpoint comes from a company support side where a re-install took 20 minutes from ghosted HDD

---------- Post added at 16:36 ---------- Previous post was at 16:33 ----------

That's what I meant - it's unknown to Joe user but known to Techies and contains 'techie' looking files.

So does 95% of the folders on a PC ;)

The prefetch folder stores copies of frequently run programs so is easy access to find out what email/web-browser and other stuff anyone uses, and easy enough to swap round a file or two ;)

The current reports are that they claim to remove a virus and charge redeiculous amounts for it £80+. There's also been reports on some of the main internal support groups of nasties being left (hence my previous comments)

It seems that it depends on who's doing the scam, some groups are happy with the 80+ quid for 10 minutes pretend work, where others probably run by larger organisations are the ones leaving the nasties..

My own view is that until the PC is reinstalled you'll never be 100% sure thatt here's nothing there, but I suppose that my viewpoint comes from a company support side where a re-install took 20 minutes from ghosted HDD

---------- Post added at 16:36 ---------- Previous post was at 16:33 ----------



So does 95% of the folders on a PC ;)

The prefetch folder stores copies of frequently run programs so is easy access to find out what email/web-browser and other stuff anyone uses, and easy enough to swap round a file or two ;)

If I was in any doubt I to would restore using a backup image. I am a strong advocate of ghost imaging ( or acronis or you favourite ap) so if something like this does happen its an easy fix

Mind you if everyone did this I would be a very poor man indeed lol

First started using ghost in mid 90's for doing images for BT

The teamviewer client can be altered to auto-remote to home, hence they use that program. Zing can you think of any reason (apart from nasty ones) as to why they'd head straight for the Prefetch folder?? :(


I think I have a theory

You can delete contents of prefect even though they look like system files. You could blag that most of them are needed and the client is paying you for your skill in knowing what you can delete or not.

You could make yourself look quite professional if you have the blag :)

It is nothing but a scam and the even most recent version of Virginmedia Security actually uses the Bitdefender engine and is built by Radialpoint so no one is ever gong to call you from us offering such such a service.

Teamviewer itself is a legit program. I use it with many of my clients for remote work. It's a stand-alone exe file on the customer machine normally called TeamviewerQS.exe - if you find and delete that then it's all gone.
Of course whatever else they may have done once they had access is less certain...

Seems like a bit of a panic situation going on here, so lets do the right thing and calmly solve the situation.There are four basic steps you can take to ensure the security of your system.

First, as has been mentioned download, install and run Malwarebytes.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Second run an online scan from here

http://housecall.trendmicro.com/uk/

Third do a boot scan using f-secure rescue disc (you need to burn it to CD and make sure you set to boot from CD in the bios boot menu)

Full details here

http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/

Finally either use VM's anti virus or get a reputable paid for one. Norton has gone up in the world to previous ones and I note you mentioned it earlier.

If when you've finished a scan with it and are still doubtful then do the three steps above and you should be OK.

and as I've said earlier a virus/malware checker will ONLY find stuff it's programmed to find, there's enough programmers out there who will write you a new trojan for £50 that until the trojan is reported to a major AV company just won;t be picked up.

I'm not saying that poor Nick will have one on his PC, just more pointing out that people shouldn;t 100% rely on such AV/MW programs ;)

In fairness Kymmy, you are quite correct but the 3 I've given are updated on a daily basis and all 3 will update on usage/install in at least the first use (Malwarebytes free needs updating on subsequent use.).

There are also AV progs which use advanced heuristics to help protect against threats that haven't been reported yet.

I just don't see the point in scaremongering as there is always a way to resolve the situation.

Wasn't scaremongering but giving the same advice that 99% of support companies would give.. If in doubt then remove all doubt :D

Sorry Kymmy, I disagree, if your post was directed at someone who was totally paranoid (and I've met some in the past) your comment would freak them out.

Anyone with any sense would know you can't be 100% secure 100% of the time (just ask Microsoft!), but with good practice and good software then you will be as safe as can be.

I can honestly say that I have only suffered once in the past 11 years from a virus which took about 2 hrs of my time to sort out as I wasn't as savvy as now.

My Hotmail account got hacked 2 weeks ago which allowed a total of ONE spam mail to be sent before I knew about it and stopped it.

The first 3 steps I posted earlier have stood me in good stead when solving problems for others not so tech savvy and have so far never let me down.

Perhaps some people need freaking out.. Take for example Nick, I bet he won't download another instance of teamview and install it ;)

Pip, quite simply this thread isn;t about those who know how to deal with virii/SW/MW..etc.. but more about those who don't.. If you sugar coat Nicks experience then no-one will take notice or learn from this and 2-3 weeks down the line we'll have another member posting the exact same thing.

Anyway as a final say on the matter, Pip can you assure Nick by using this thread alone that he is 100% safe and that there's definately nothing left on his PC even after a full scan ;) If you can then I was in the wrong job for over 15 years ;)

It's not scaremongering, it's just the fact that no-one can be sure and as such I'd rather Nick gets all the advice and not just some and then decides himself what to do :D

Anyone with any sense would know you can't be 100% secure 100% of the time (just ask Microsoft!), but with good practice and good software then you will be as safe as can be.



Says it all Kymmy:D:D:D

I agree with Kymmy's comments and do not believe it to be scaremongering.

Antivirus no matter what will only find what it is programmed to find via identified virus signatures and the heuristics will only find unidentified malware using the existing signatures as a reference point and then applying the vendors detection algorithms to identify suspected malware.

Before anyone shoots me down hear me out....

At work I have a laptop and do not use it for anything other than work related stuff. I work in IT and this involves me using the internet to research solutions to troubleshoot problems. I am very careful where I go and what I do and I mean very careful.

The company I work for uses Symantec AntiVirus (SAV) but me being the uptight person that I am I use others as well and perform regular scans over and above relying on SAV. Nothing was ever found on my machine.

Then in January this year I the system hung for no apparent reason. This made my paranoid bone twinge slightly.

I scanned my machine and initially found nothing, but it was running slower than normal so I investigated a little more.

It turns out it was infected with the Zeus trojan and it looked like it had been on the system for more than 6 months undetected.

Symantec are adamant that SAV finds and removes this trojan. I can tell you it does not.

The only thing that found it was Malwarebytes and that was only after I noticed there were definition updates that day and I updated. (Malwarebytes was already installed, used regularly and had not found anything previously).

The Zeus trojan is constantly being updated to evade detection by AntiVirus and Anti-Malware scanners.

My advice to the OP..... reinstall the OS this is the only guaranteed way to ensure that there is nothing lurking.



Berkut

@ Pip

But what determines good practice and good software?? It's all very subjective to how ones been trained and past experiences ;) If you put your faith in a few pieces of software then fine, where as I put my faith in past experiences where software has failed no matter how good others have said it was.

As I said
it's just the fact that no-one can be sure and as such I'd rather Nick gets all the advice and not just some and then decides himself what to do

how was he on your computer with teamview, you set it up for him or something?

how was he on your computer with teamview, you set it up for him or something?

Already answered in post #11 (http://www.cableforum.co.uk/board/35046198-post11.html)

Already answered in post #11 (http://www.cableforum.co.uk/board/35046198-post11.html)

sorry for not reading entire thread.

but ouch, dont follow instructions like that from a cold caller. I suggest to the OP to reinstall windows now, format c:, reinstall and learn from the experience.