Fake BSOD scammer cleanup...

[TechLady]

I am getting so many clients taken in by the fake BSOD sites and phone calls it's scary. Most of the scammers seem to get in, put on a good show, charge the customer and leave. (Although I had one client get blackmailed; he put her system under a password lock). Either way, the security implications are not good...as you know.

Anybody have a good list of things to check for after this happens? And tools for checking? Sorry if this has been asked before, I did try a search first!).

First thought is all the passwords clients always have stored in Chrome (in plaintext!)...

 

[Porthos]

Got one today. Needed Win 10 anyway. Nuked.

 

[andveg38]

In the meantime, I made this...feel free to share with your clients:

Thanks!


Sent from my iPhone using Tapatalk

 

[Markverhyden]

In the meantime, I made this...feel free to share with your clients:

It's even funnier when you see it on a Mac. LOL!!!

 

[TechLady]

It's even funnier when you see it on a Mac. LOL!!!

Yeah I actually had an older lady get taken in by this on a mac. I don't know why the complete absurdity of seeing this on a mac doesn't cross their minds, but somehow it just doesn't...

 

[Markverhyden]

Yeah I actually had an older lady get taken in by this on a mac. I don't know why the complete absurdity of seeing this on a mac doesn't cross their minds, but somehow it just doesn't...

I had one as well. There are those who just do not comprehend what it's all about. You know how some EU's can be. "My computer told me...."

 

[Shawn.H]

We've had this a lot at our shop since a majority of our customers are senior citizens. Every few months they seem to change how they game people a little bit. Even the banks are now telling people to get there computers cleaned up if they let these people in. If any of your clients did end up paying these folks make sure to tell them to contact whatever method they used and get new cards issued or bank accounts changed.

 

[nlinecomputers]

Not to be critical,but the BSOD example shown is pretty dated. That's a 9x style that hasn't been valid in 15 years.

 

[nlinecomputers]

I would replace the one in your example with this one:

 

[nlinecomputers]

And windows 8 and 10 BSODs look like this:

 

[cyde_ePhex]

And then there is this fake one:

Fantom ransomeware: http://www.bleepingcomputer.com/new...-files-while-pretending-to-be-windows-update/

 

[TechLady]

That is scary. Wow, I don't see how people are ever going to detect that's fake.

@nlinecomputers You're completely right (oops)--screenshots have been fixed! See below.

 

[TechLady]

 

[JoeTech]

When they ask how they can avoid falling for these things I tell them this.

 

[glennd]

Love it, might have to reference it. Did you notice the last paragraph? "Remember..if the if the "

 

[TechLady]

Love it, might have to reference it. Did you notice the last paragraph? "Remember..if the if the "

Arrrgh. I'm tired.

Edit: fixed the typo...has been corrected in the version linked to from my signature.

 

[TechLady]

No suggestions for cleanup...??

 

[cypress]

@TechLady thank you for the mini newsletter always appreciated!

As far as the clean up goes, alot of those hide in the browser. I killed the processes and checked Startup and kill off anything there. Then I run rKill just incase I missed something and do, JRT, AdwCleaner, TDSSKiller, Emsisoft Emergency Kit.

Generally Adwcleaner gets most of it.

 

[nlinecomputers]

Clean up depends on the virus. Your normal routine, if good enough, is probably fine.

 

[TechLady]

I was thinking for the cases where nothing overtly seems amiss. Some of them just display a parade of fake code and leave but I want to make sure there's no hidden backdoors, etc.