View Full Version : This a scam?

09-02-2011, 08:51 AM
Yesterday a work friend told me about the troubles he had with his old PC at home (Acer, Celeron, about 256 Megs RAM, HD about 40 Gigs, XP) with somebody calling him regarding the problems he had (yesssss, sounds familiar, doesn't it?) The calling lady apparently said he's got problems with Spybot (which he had) and a few other things. Later at night, after making tea, he saw the mouse moving by itself and thought that odd. I went and had a look last night.

I could see nothing wrong, I could see no added programming like TeamViewer because apparently they "got on to the PC from where they were". I've got a suspicion that there must have been a backdoor program of some sort, because how else would they be able to tell him that Spybot is acting up (it did), gave his unique computer code (correctly), etc. etc. It may have been wild guesses though. Late at night he thought for himself that this was a scam, so he cancelled the $101 payment, and cancelled his credit card. I will try and get the name of the scammers - I think there's an invoice somewhere. The last part of the email addy on the invoice shows something like greybyte.xxx

I did not check his modem but I'm sure it's unprotected. It's one of the newer one's that Telecom hands out

Incidentally, this guy do not use his computer for anything else than email with his two daughters, downloading photographs from his camera and putting it on CD, and reading Stuff. No on-line banking, no online payments of any kind so even if the sammers got on, they could not get much.

My question : there seems to be no obvious "entry" visible into his PC but I somehow think there must be a backdoor. Perhaps a rootkit? How do I find out? Or would it be better just to reinstall XP via the OEM sitting on his HD? Of course I have to do something to his modem but the rest of it is worrying because I do not think/know how you can link up via XP (perhaps you can?)

Thanks in advance


09-02-2011, 08:55 AM
good on him for having the nouse to see through what was going on.

i would do a clean install if he could use an xp disc ( if you had one), then you can be sure there isnt anything nasty still on it.

09-02-2011, 09:22 AM
What can you do to his modem? Other than blocking ports and NAT, theres not much 'protecting' a modem can do

09-02-2011, 09:24 AM
I wouldn't give any money to anyone who called me...for anything.

09-02-2011, 09:41 AM
Remote Desktop:

Is his computer OS XP Home or Pro

09-02-2011, 10:23 AM
I would grab comodo and see what programs try to get access to the internet or from the internet. Worked for me blocking someone trying to get in.

09-02-2011, 10:46 AM
he saw the mouse moving by itself

Does Hijackthis show anything running?

Clean the whole thing out, make sure he has proper, up-to-date protection, scan with everything.

09-02-2011, 01:30 PM
Modem - I don't think he has any password going.
XP - I think OEM Home version
I will run a HJT and post - when I'm not rushed like last night.


09-02-2011, 09:45 PM
Might be a god time to tell him he should tune up his comp. by doing a reinstall reasonably frequently, as he is running on bare bones specs, without ant "fat" in the system, (Windows does generate blubber), or upgrade if he thinks it worthwhile.

09-02-2011, 10:06 PM
What can you do to his modem? Other than blocking ports and NAT, theres not much 'protecting' a modem can do
A good start is to change the default password and then make sure the firewall is running.