Ammyy Scam

Discussion in 'malware problems & news' started by Meriadoc, Sep 1, 2010.

  1. J_L
    Offline

    J_L Registered Member

    Interesting info you got there x942. Are you going to report those to law enforcement?
  2. x942
    Offline

    x942 Registered Member

    I will and am already in contact with local RCMP department here. I am hoping for a call back so I can record the entire conversation for more evidence. Right now they are saying some more evidence will be needed to prove caller ID and IP addresses aren't being spoofed. I will release everything on my dropbox after I get a recording or two. I hope for sure that they get caught. I also think that other "small" time cons are jumping on board as a friend of mine had a call come in from Vancouver trying the same thing (but trying to get him to get teamviewer). Wouldn't be surprised if alot more scams start popping up like this. the numbers I logged were similar to the above results. I have a few from australia (088 ). The rest of the digits very each call however. They may be spoofing their ID (Call Trap should have defeated that though) or They have multiple #'s available.
  3. Meriadoc
    Offline

    Meriadoc Registered Member

    Hee, nice x942.

    Cheeky (insert here) 'eh. I feel the fact that 'they' luck out like this is just deserts and anything gleaned from someone that's trying to fleece you is fair game :)

    ayb
  4. dylan522
    Offline

    dylan522 Registered Member

    Dear All

    I was called this afternoon, I have had errors trying to install the new service pack 1 for W7 ultimate and the guy said he was from microsoft tech support and if I logged on to AMMYY a microsoft technician would solve the problem for me for free using a remote desktop.......hmmmmmm.....felt a bit weird so I didn't, and asked him to call back tomorrow and to send me an email as that's my usual way to get rid of cold callers....I suppose the email might be traceable somehow through an IP address or something so if he sends me a mail I'll post it here? He had an Indian accent and said his name was Jimmy Wilder? I asked him what company he worked for and he didn't reply.....I said if he had my phone number he should also have my email address? How are they picking up the error reports and linking them to my phone number? pretty clever?.....doesn't say much for microsoft's security........

    dylan
  5. x942
    Offline

    x942 Registered Member

    haha true enough ;) I have reported some logged conversations to the RCMP and am currently attempting to send them to the FBI - having dificulty though. Mainly they are now considered evidence and as such I can not send them anywhere :/ They look like they are in trouble now though :):thumb:
  6. Angeleyes
    Offline

    Angeleyes Registered Member

    I received a phone call yesterday. It was from an Indian sounding woman, she said she was working for Microsoft and my pc was full of viruses, she said she could show me the viruses, I was very concerned but she was very convincing, she told me to type Ammyy web address in to my browser, which I did, I even asked her if this was genuine and of course she said yes. She then handed the phone to her "supervisor" who was an Indian sounding man. He said he would show me where the infection was, he also told me to open notepad and typed in 3 different things that they could supposedly download to fix my computer and that they would send me the activation keys as apparantly in the UK you need to do this by law. At this point I asked if this was going to cost me and he says it was free, then added there would be a one off payment of £79. Immediately I said, my husband will have a fit, and closed down my pc. ( a bit slow on the uptake maybe but they were very convincing.) I actually felt sick, I ran a full system scan and no virus or anything were fine, hope all will be ok as they have my name, address and e-mail address, can't believe how stupid I was!
  7. LoneWolf
    Offline

    LoneWolf Registered Member

    There are many scams out there, you experienced one of them.
    One must always remain on your toes because the fact is that if there is a way to scam/steal, someone out there is doing it.
    By the way, welcome to Wilders.
  8. BMACK3
    Offline

    BMACK3 Registered Member

    Thank goodness for this site. I just received a call from these scammers. A guy with a very East Indian accent said his name was Alistair Jones which of course was the first thing that made me suspicious. He gave the line about how viruses were showing up on my computer and how I was ignoring the warnings that were popping up on my screen and how my firewall was damaged and only he could fix it. Then I had to ask him who he was calling on behalf and he told me that he was from Microsoft Tech Support. He instructed me to type in AMMYY and I did so. When I typed in AMMYY as instructed this site came up as AMMYY Scam. He wanted me to click on AMMY Admin but I opened this site instead. Your site explained word for word what had just happened to me so that is when I was sure I was being scammed. I asked the guy if he was a scam and he denied it. I told him to give me his number and I would call him right back. He hung up. Thank you so much. I am not terribly computer savvy and could have been taken by this if not for you guys.
  9. tracletch
    Offline

    tracletch Registered Member

    I just got a call today from these people. I have technical support and knew this was a scam, but hre is the web address I was told to type into my run box. -www.ammyy.com-
    Luckily I know better and when I typed this into my Google Search bar this site came up.

    I wonder when someone will do something about these people/scam.
    How much money will they collect from victems?
    Who do I contact to get this corrected?
    I will call my provider and find out what the heck is going on.
    When I tried to find their phone number it was not listed on my answered calls.
  10. Marsbar
    Offline

    Marsbar Registered Member

    Hi

    I just joined Wilders. I had a call from "Glen" at "Windows Support". It sounded sort of legit - he knew my number, said that my Windows Defender had been sending 50 messages of errors per day, and my PC had been having problems (correct) and was at risk. He said he was calling from Victoria (Australia). He got me to open up Computer Management, System Tools, Application, and filter the messages, and there were indeed a lot of red error messages.

    He then had me open the ammyy site, and asked me to left click on a button titled "Start Working with AMMY Admin (Its Free)" I did, and my Flashgot opened and told me it wanted to download an executable. I let it get as far as opening to install, and then started asking questions about their authorisation by myself or Microsoft to access messages sent by Defender from my PC, while googling AMMY - and found this site. I got the callers phone number, (0390105652) and told him I would call back - I didn't want him calling me. I called the number and someone did answer "Windows Support" I hung up.

    Questions for the experienced people on this site:
    1. How did they get my phone number?
    2. How did they also know I was running Defender?
    3. Can someone experienced open the AMMY site, and install the software on a secure machine, and advise what either or both opening the site, and installing the software, actually does?
    4. If either or both opening the site and the software does something malicious, how can less experienced users (me too) repair their PC?

    The answers to these questions could save us from loss or damage, put our minds at rest, or show AMMYY is legitimate, or even be evidence of criminal behaviour. Thanks in advance.

    MARSBAR
  11. x942
    Offline

    x942 Registered Member

    Spam lists, sold to them, brute force dialing, auto-dialing, phone listings, etc. lot's of ways.

    Widely used program. They just guessed really.
    Already done. The site installs a version of Team Viewer (or similar) and allows remote access. This isn't a typical virus as it does infect the system but it does allow remote access. Do NOT install it.
    Chances are there isn't anything wrong with your pc. Best bet is to run a FULL scan from Defender and than with MBAM (Malwarebytes anti-malware). After wards install Comodo Firewall (or another firewall) and a better AV like Avast Home or AVG.
  12. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    The actual Ammy software isn't doing anything illegal, it's not malware/a virus. The trickery of the person calling you and using Ammy to gain control (remote access) of your computer is illegal. That is the problem.

    Your home telephone number is out there. It is going to be on marketing lists which are easily obtained. I still get calls even though I've requested my home number to be removed from such lists.

    Microsoft don't call their customers to give support unless you request them to do so, they've got no way of knowing the problems, not unless you've contacted them first. (I've never heard of Microsoft just calling a customer out of the blue). If you're a payed up member of a tech support, they too have no way of knowing your computer is having problems unless you've reported it. These scammers are pretty forceful, but have none of it! Don't do as they say.

    Windows Defender, for instance, this program is running in the background of 99.9% of computers running a Windows operating system. So these scammers will ask if you are using a certain software, or even say the name of an internet provider - which they tried in my case, and keep fishing untill you tell them the info they seek - then say this software/service is reporting many errors. They are seeking information from you to gain your confidence - tell you that they are the support for Microsoft, BT, etc. It's BULL. Just hang up the phone. Do not tell anyone any information over the phone. Infact call them a bunch of names before you hang up. It feels better that way.
  13. alexp1979
    Offline

    alexp1979 Registered Member

    I just want to say thanks to everyone who's posted on this thread. It's saved a vulnerable elderly woman a lot of stress and probably money. I wish there was an easier way to prevent these scams from preying on less tech-savvy people whose lives are invaded by people devoid of conscience.

    Thanks for caring! :thumb:
  14. bzzzzz
    Offline

    bzzzzz Registered Member

    I got the same call from an Indian woman today.

    Unfortunately (for her) I'm not using a windows computer. She froze up when I asked her which version of Windows she thought I was using, even though she had knowledge about corrupted files on my system.

    I followed all her instructions but we couldn't get anywhere because my computer won't run windows executables. I'm currently using linux mint.

    Don't trust these people at all. I'm not sure if they are from AMMYY or just using this website as a tool to gain access to some of the registry files.

    My call ended by her hanging up on me when she realised I wasn't using windows.
  15. x942
    Offline

    x942 Registered Member

    They called again (well my PBX that is) I recorded the entering thing and even ran the AMMY tool in a VM on an Isolated system behind a switch. Interestingly the attempted to STEAL files from my documents (Labeled as "banking" "passwords" and "taxes"). From there they attempted to install a backdoor when Avast went crazy.

    I asked what they were doing and they said it is an "advanced system monitoring tool" and is sometimes detected as a virus but this is only a FP.

    Right... sure... FP.. Anyways I recorded all of this information as well using screen capturing, Wireshark, DPI, and a Keylogger.

    The IP address is the same as before ( I have since blacklisted them on my router). The vm is now being store offline on an encrypted disk to prevent it from being run accidentally until I can do something with it.
  16. J_L
    Offline

    J_L Registered Member

    A video of that would be nice.
  17. Korperal
    Offline

    Korperal Registered Member

    Interesting how I received a call from these folks after researching the "Direct Buy Club" after seeing commercials and instigating some curiosity. I suppose you could say I was in scam detection mode!

    Working as a System Admin it was easier to spot anyways but could seem legit to some people. They had me run a bunch of simple command prompt commands to "compare information" I suppose you could say. But once they said "ammyy.com" google went a crazy with scam suggestions. Anyhow that's just my tale. Hope this site helps others to fend of these scammers.
  18. x942
    Offline

    x942 Registered Member

    I will see if i can post the screen capture later on today. There is no audio to it though.
  19. jeddy1919
    Offline

    jeddy1919 Registered Member

    i just got done by it they were controlling my computer but i did not give away any card details they carried asking for them so i went on my laptop and typed this in then all the scamms came up so i shut them out and turned off my computer are my card details safeo_O
  20. nix
    Offline

    nix Registered Member

    Yes, I'd like to see that, too.
  21. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    It's safer to just cancel the card and get issued with another. The worry just isn't worth going through.

    For future computer use: if you have to save any sensitive documents on your computer ... look into using encryption software. I always recommend a program called AxCrypt its a very simple program to use, simply right click the file/files you need to encrypt and password it. It works on both 32/64bit and is free. This will stop any prying eyes.

    I also recommend truecrypt this is another simple encryption software to use, and it's free!

    Search through the forum for tips of hiding files and encryption. This is going to be your best protection if anything like this happens again. Encrypting sensitive files on your computer is a really good habit to get into.
  22. salutsalut
    Offline

    salutsalut Registered Member

    I was just called in Canada! At 9:30 at night I figured it couldn't be a reputable caller, but I still was pulled in when I couldn't find the fake company (Megabyte Solutions) in a quick google search for scams. Once he convinced me my computer was in trouble (60,000 errors!!) I was directed to the Ammyy website.... That's when I became very suspicious - when he told me that once my computer problems were fixed then the connection with Ammyy would end. I told him I would not be connecting to Ammyy and he transferred me to a "supervisor" (sounded like he just passed the phone to the person sitting beside him) and I hung up.

    I hope they don't call back!

    Does anyone know anything about the commands he has you enter into the black run box? Should I be worried? I entered "cmd" and "eventvwr." The other one, "inf" didn't work.
  23. amackay11
    Offline

    amackay11 Registered Member

    Salutsalut.... I had the same call today (I am in Canada too). No need to worry about eventvwr and cmd. Errors that he showed you in 'Event Viewer" are common and not related to viruses or 'malicious files'. As long as you didn't let them do remote access with the ammyy site, your should be fine. Their site is -megabitessolutions.com- The caller got quite upset when after 30 minutes of doing what he said, I called him a 'scammer'. He called me a moron and said I was the real scammer. Said he would remotely 'cancel' my windows. He also passed me off to the 'manager' sitting next to him. They may in fact provide a legit service but any user with half a brain doesn't need their service. Just don't download suspicious files and use good free virus protection such as Microsoft Security essentials.
  24. Wyliecoyote
    Offline

    Wyliecoyote Registered Member

    Hi, I'm new to the security forum but just had a call from a friend who'd been pestered on the phone by someone purporting to be from Megabyte Solutions and in a weak moment, she did what they asked which is as follows:
    Open Start, Run and type in Eventviewer (which apparently showed up errors to convince her), then they asked her to Open Start, Run and type in -www.ammyy.pom- (might have been .com?) and then the same again with -www.impcremote.com-.
    They then said to turn off her laptop then open it back up in 15-20 mins. Luckily she called me and I put in a search for scams and found this was becoming a common scam. I've told her not to start up her computer until we find out what to do. I then searched and came up with this thread, thank goodness!
    So, guys, what should she do now to make sure that her computer is safe as
    Any advice would be much appreciated as I'm no expert!
  25. MarcyB
    Offline

    MarcyB Registered Member

    I just got a call from these people 10 minutes ago. A man with an Indian accent who claimed to be named "John Martin". The place sounded mad busy, and he kept asking if I could hear him. He said he was from ITC Canada, which he said stands for Internet Traffic Control (non-existent).
    Anyways, at first I was thrown off guard, because of paranoia. He told me that my info was being leaked and my pc was sending his servers error messages... Same story that everyone else got. Anyways, I should have played a long a bit more, but I was ~ Snipped as per TOS ~ when he refused to give me his phone number, so I hung up. He only got so far as to ask me to turn my computer on. So what can a person do to help stop these bullies?
    Last edited by a moderator: Aug 5, 2011