Solved Tech Support Phone Scam

jackdup

Member
Member
Messages
43
I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.

A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?

Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropriate boxes checked so I can see hidden files and operating system files. The computer is an ASUS.

Where is the start menu stored on her computer so I can find the actual shortcut for creating the recovery disk to see what it runs and try to run it that way to make a recovery disk in case it is the only way to recover her computer. I have found more than one start menu folder but they all have the arrow inside which I assume means it is actually in a different folder elsewhere on the drive but have been unable to find a start menu that I can open as they all say access denied.

Thank you
 

My Computer

System One

  • OS
    8.1
you are not going to find a way to make the recovery's on a non working computer. the best fix is a reinstall,its likely that here recovery partition is still good ,you just need to save what you can, and run the recovery, check ASUS site for info on what key to hit on bootup to activate the recovery .
It sure is a small world when we are so gullible to think that Microsoft or someone that cares , is going to call us/little old me, and tell me my computer is sick and offer to fix it ,good luck

like the calls telling me they can offer me better interest rates on my credit cards ,and I don't even have a credit card
 

My Computer

System One

  • OS
    win8.1.1 enterprise
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Hinze57
    CPU
    AMD FX 6100 6core 3.30gHz
    Motherboard
    gigibyte ga-78lmy-s2p
    Memory
    4gig ddr3
    Graphics Card(s)
    Radon hd5000 Series
    Sound Card
    onboard realtek hd
    Monitor(s) Displays
    19" viewsonic/ 22"Samsung
    Screen Resolution
    1680x1050
    Hard Drives
    128gig ssd Kingston
    80gig WD 10000 rpm spinner
    Case
    micro
    Keyboard
    microsoft curve 200
    Mouse
    Logitech wireless M215
    Internet Speed
    high speed 20
    Browser
    ie 11
    Antivirus
    windows defender
    Other Info
    updated enterprise apr 2/14
Is there no way to get around the password, or to reset it somehow? I made a rescue USB drive so I can now boot into safe which I couldn't before. I can also get into the registry this way but have no idea what to look for there but hoped someone here would have the expertise to get around the password if a person could get into safe mode.

Thank you
 

My Computer

System One

  • OS
    8.1

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
I've seen this same thing where the scammer merely applies the "hidden" attribute to the user's files, so that can be easily reversed. If they have encrypted the files, that's a different matter entirely.
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
I've seen this same thing where the scammer merely applies the "hidden" attribute to the user's files, so that can be easily reversed. If they have encrypted the files, that's a different matter entirely.

I would be very appreciative if you could tell me how to do this.

Thank you.
 

My Computer

System One

  • OS
    8.1
Go to the folder where the documents should be and type "attrib -R -A -S -H" to remove read-only,archive, system and hidden attributes... Use a command prompt with admin privileges...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Go to the folder where the documents should be and type "attrib -R -A -S -H" to remove read-only,archive, system and hidden attributes... Use a command prompt with admin privileges...

I'm not sure which folder you would mean as I don't get into windows at all so it is the entire system that requires a password not just certain things within Windows. Of course that could be what you mean but would appreciate if you could clarify for me.

Thank you.
 

My Computer

System One

  • OS
    8.1
I have issued this command from the "My Documents" folder, where most people store their data. you need to be familiar with Windows folder structure to do this work. It's not difficult but it requires some knowledge and patience...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
I just re-read your original post and you need to issue these commands on the drive from the PC, not the flash drive since the data was probably "hidden" by the scammers and was not able to be copied...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
thank you for the suggestions but the data is still on the drive. I had it out and copied off the personal data, pictures etc, and then installed it back into the original computer. The problem is when it starts booting it comes up and asks for a password before you even see the loading or starting windows screen and without the password you can't proceed.
 

My Computer

System One

  • OS
    8.1
The answer is already provided in this thread by topgundcp on how to reset the password. If that is too difficult Paragon Software have a bootable Linux tool that will empty the password and enable you to logon, unless the drive is encrypted.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    MSI MS7360
    CPU
    Intel E8400 (Wolfdale)
    Motherboard
    MS 7360 P35 V1.0
    Memory
    4 GB
    Graphics Card(s)
    MSI Geforce GT610
    Sound Card
    Realtek Onboard
    Monitor(s) Displays
    Dell 19" Widescreen
    Screen Resolution
    1920 x 1080
    Hard Drives
    3 x 500 GB Hitachi and Seagate Drives
    PSU
    Corsair 500W
    Case
    Generic
    Cooling
    2 case fans, Artic CPU Cooler
    Keyboard
    Logitech G19
    Mouse
    MS Comfort 4500
    Internet Speed
    19 mbps
    Browser
    Firefox
    Antivirus
    MS Defender
The answer is already provided in this thread by topgundcp on how to reset the password. If that is too difficult Paragon Software have a bootable Linux tool that will empty the password and enable you to logon, unless the drive is encrypted.

I downloaded and installed/burned a CD and booted into Macrium and then selected command prompt icon as instructed. I went to the next thread he references and renamed utilman to xxx etc as instructed. When I reboot as instructed in step 6 I get the password screen as before and don't get to the screen he shows in the thread.

I can boot and get a command prompt and now if I type net user administrator and hit enter it gives all of the details of the administrator account and says user name administrator and under comment says built in account for administering the computer/don and the rest goes off the screen so can't read it.

Under global group membership it shows none. It also says password required yes and user may change password yes

When I try the instruction to make your self admin net localgroup administrators (username) /add and I substitute the original user name in place of user name it says There is no such global user or group. When I had the drive out and connected as a slave in another computer to get her information pictures etc off there was a directory with her name and the same name I used in the command above.

I have tried rebooting but I still get the same password screen as before. It is not a windows password screen and comes up before the starting windows or whatever Windows 8.1 says when it is starting up.
 

My Computer

System One

  • OS
    8.1
thank you for the suggestions but the data is still on the drive. I had it out and copied off the personal data, pictures etc, and then installed it back into the original computer. The problem is when it starts booting it comes up and asks for a password before you even see the loading or starting windows screen and without the password you can't proceed.

that almost sounds like a bios password ,if it is you should be able to remove the bios battery to change back to bios defaults , but I could be wrong .
 

My Computer

System One

  • OS
    win8.1.1 enterprise
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Hinze57
    CPU
    AMD FX 6100 6core 3.30gHz
    Motherboard
    gigibyte ga-78lmy-s2p
    Memory
    4gig ddr3
    Graphics Card(s)
    Radon hd5000 Series
    Sound Card
    onboard realtek hd
    Monitor(s) Displays
    19" viewsonic/ 22"Samsung
    Screen Resolution
    1680x1050
    Hard Drives
    128gig ssd Kingston
    80gig WD 10000 rpm spinner
    Case
    micro
    Keyboard
    microsoft curve 200
    Mouse
    Logitech wireless M215
    Internet Speed
    high speed 20
    Browser
    ie 11
    Antivirus
    windows defender
    Other Info
    updated enterprise apr 2/14
When I reboot as instructed in step 6 I get the password screen as before and don't get to the screen he shows in the thread.
Can you take a picture of the Password screen and post it ?
 

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
Glad I found this page! I have the same question. Got a call from Windows before and the caller asked me to download the teamviewer app, which I did. I gave him the username and password and I saw the cursor on my screen move on it's own. I was suspicious so I hung up. Now, I'm wondering if he was able to copy information that was on my computer. I got usernames and passwords to my online banking accounts saved there.
 

My Computer

System One

  • OS
    windows xp
Back
Top