Phone Scams and Malware
So my wife has a friend that was recently phone scammed into installing a bunch of malware on her desktop and laptop by people claiming to be IOLO system mechanics. Basically, they would call her up and tell her there was something wrong with her computers, send her to some shady websites, and have her install a bunch of junk. She also provided them with remote access to her computers. When she finally started to suspect it was a scam, she told them to stop calling her. Shortly after, both her computers stopped booting into Windows.
This is when she contacted me for help. When she brought them to me, a startup password had been set, which she had not set up. I reset the BIOS, wiped the hard drive, and did a fresh install of Win10 (disabled remote access). They appeared to be running fine, so I gave them back to her. She took them home, hooked them back up, and they seemed to be working fine. She wakes up the next day and they won't boot again. This time, the HP logo will flash for a split second and the screen goes black (both computers, no beeps). It doesn't ask for a startup password this time. She brings them back and I test hardware just to rule out a failing mobo or inverter--everything checks out. Both computers actually boot into Windows at my house (I keep them offline). The only thing I can think of is that she may have had her MS account compromised, which might explain why it's happening to both computers at the same time and only after they've been online for a while. I sent her instructions for securing her MS account before I do any more work on her computers.
I've read up on the system mechanic scams, but haven't found any technical literature that explains exactly what they do. Has anyone run into something similar, or know of a good resource I can reference? Am I just barking up the wrong tree entirely?
This is when she contacted me for help. When she brought them to me, a startup password had been set, which she had not set up. I reset the BIOS, wiped the hard drive, and did a fresh install of Win10 (disabled remote access). They appeared to be running fine, so I gave them back to her. She took them home, hooked them back up, and they seemed to be working fine. She wakes up the next day and they won't boot again. This time, the HP logo will flash for a split second and the screen goes black (both computers, no beeps). It doesn't ask for a startup password this time. She brings them back and I test hardware just to rule out a failing mobo or inverter--everything checks out. Both computers actually boot into Windows at my house (I keep them offline). The only thing I can think of is that she may have had her MS account compromised, which might explain why it's happening to both computers at the same time and only after they've been online for a while. I sent her instructions for securing her MS account before I do any more work on her computers.
I've read up on the system mechanic scams, but haven't found any technical literature that explains exactly what they do. Has anyone run into something similar, or know of a good resource I can reference? Am I just barking up the wrong tree entirely?
Comments
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□Interesting, I don't have windows 10 yet, so I don't know anything about this MS account thing, but from what little I read about it, it allows you to manage your Windows 10 computers remotely. If it were me, I'd disable the account management feature under policy in Windows 10. Not sure I like this feature, if, I'm sorry, WHEN Microsoft next gets hacked, 10 million PC users PC's might stop booting up one day. This sounds like a huge potential security issue if you ask me, while convenient, Security and convenience don't always work well together. Thanks for the head up.Am I just barking up the wrong tree entirely?
If you wiped and reinstalled the system, I don't see how malware would have survived. I guess it could be a BIOS based malware, so once the computer reconnected to the network, malware command and control would execute. You could try flashing the BIOS firmware with the latest update.Still searching for the corner in a round room. -
Phalanx Member Posts: 331 ■■■□□□□□□□Microsoft Accounts have no bearing on a computer's ability to boot. This is either going to be a boot sector or BIOS problem.
Set the BIOS to default, clear the CMOS and see if it boots. If it doesn't, see about getting the latest BIOS from the hardware vendor's website and flash it. If that fails, then I would be looking at trying a brand new HDD/SSD in there.Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
Currently Studying: Microsoft 365 Enterprise Administrator Expert -
dhay13 Member Posts: 580 ■■■■□□□□□□I got a call last week from a lady with a thick accent that said my computer had viruses and she wanted me to do a few things. I work from home and was on a call with a few team members so I put the speaker on and held it up to my mic and typed in the chat window to my team members 'let's have some fun'. So she tells me to click on a few things and I pretend to play along and act real worried. Then I told her I wsa very concerned about having a virus and asked her if I could just pay her to fix it. She said 'yes, that's what I'm here for'. I told her I'm not that stupid and that she wasn't getting any commissions from me. She promptly hung up.
-
Phalanx Member Posts: 331 ■■■□□□□□□□I got a call last week from a lady with a thick accent that said my computer had viruses and she wanted me to do a few things. I work from home and was on a call with a few team members so I put the speaker on and held it up to my mic and typed in the chat window to my team members 'let's have some fun'. So she tells me to click on a few things and I pretend to play along and act real worried. Then I told her I wsa very concerned about having a virus and asked her if I could just pay her to fix it. She said 'yes, that's what I'm here for'. I told her I'm not that stupid and that she wasn't getting any commissions from me. She promptly hung up.
That's not fun. Fun is booting up a network-isolated Linux VM for them and giving them access to it while you watch what they do.Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
Currently Studying: Microsoft 365 Enterprise Administrator Expert