Dell fake support call

Cambridge PC Support · #1 08-11-2012, 10:15 AM

Customer had a call supposedly from Dell early the other morning. The usual stuff about being heavily infected. Then he flipped the screen and told him that it would cost £xx to resolve, the customer refused.

When I got to the computer it was set to boot into Safe Mode only, so sorted that and his documents are all missing, no Documents folder at all, no Music, Pictures, nothing! I've had a good look round and found absolutely nothing. Even looked for deleted files, still nothing. No hidden partitions, no large archived files

The only other trace I can find is some LogMeIn Rescue files in appdata.

Weird one that

PBComputer · #2 08-11-2012, 01:08 PM

have you tried running unhide.exe? from bleepingcomputer?

Cambridge PC Support · #3 08-11-2012, 07:39 PM

Nope, did an image then restore to another drive (minus security settings) and also viewed filesystem from a Unix boot Cd. Also checked for hidden partitions.

Cadishead Computers · #4 08-11-2012, 09:37 PM

is anything hidden in a different profile or similar?

Just find it extremely weird how anyone could do this..

Cambridge PC Support · #5 08-13-2012, 11:21 AM

Yep it is very weird.

I checked all over, searched for .doc file and .jpg files. Also ran an undelete tool against the partition, nothing, the only folder in his profile was AppData.

The profile was acting up so I've now created a new one and given it all back to him.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode