Ammyy Scam

Discussion in 'malware problems & news' started by Meriadoc, Sep 1, 2010.

  1. jakewatson

    jakewatson Registered Member

    So I got the call in Canada at 9:30 last night just like most of you. I figured the guy was a scam but decided to follow him through till he tried to sell me something or do something really suspicious. Anyways he started out as "Greg Stone" and got me to search for error reports on my computer yada yada yada. 47,000 errors or what ever. He goes on saying I'm in grave danger and my computer is going to crash and be completely corrupted and not fixable if i wait. so I being young and stupid went through with the scam process and let him remotely access my computer o_O . As he asked me to type into my run box certain commands I just closed every window that was currently open and find someone madly typing(from a remote location) commands into a notepad type window. suspicious yes I know. what's even more suspicious was that they were typing; error:985236...98.56% files ...only solution is to download unlimited service... and some more junk like that. So they close their box and ask me to retry my scan which i do. Ironic enough at the bottom of my new search for corruption comes the exact same message that he was typing... Since when did windows Preload the message the if you have so many errors the only solution is to buy this one fix-all program. anyways it was over 200 dollars canadian so i straight up told him i couldn't make the purchase since I'm "under 18" and needed to wait till my parents are home. he wasn't very happy with that but said i needed to do it as soon as they got home. He told he he's going to call back on monday (highly doubt it!!) and i asked him if i had "trouble" if i could call him so he gave me his number (I highly doubt it's correct at all but here it is) 307-529-0607 and his name is now Steve Carter haha.

    What the really concerning thing is how the hell did they get my computer ID, name, phone number, and he claimed to have my email too. Well done Windows, your security is really doing a good job of protecting my privacy.
  2. OWN9494

    OWN9494 Registered Member

    Ok really odd...they now have a nbr listed to call them for HP support. They actually got the ammyy installed on my comp but as soon as I got off the phone i did research and immediated disconnected internet and did a system restore on my computer. hopefully they dont automatically install a trojan or some other funky virus when you download all this crap. i went to google and typed in HP support and I called this nbr 877-334-4955. he also had me type into my web browser the website. i first got a clue that this guy wasn't with hp when he asked me what kind of computer i had..."a dell or what". i was like WTF!? but continued on anyway because I CALLED THEM using google. im about to report this to HP and see wtf they have to say about this BS.

    also if you type in that nbr on google it gives you thier "hp support" bs and more phone nbrs. hopefully there are some good hackers out there who can use this info and kick the crap out of these guys.

    so HP on saturday is of no use. called the actual HP support...i got more mad at them than i did at the scammers because of how retarded they are....didn't really get anywhere. they told me i should of went to thier website instead of using google...who the hell doesn't use google for numbers now a days? so i called the sales people which i knew would be americans and the best i got was i could be transfered to the philipeans or call back on monday to speak with americans. so im gonna opt for the monday call and hopefully let you guys know something. i might get them to have the problem more nationally known...hopefully. i really dont think law enforcement will do ~ Snipped as per TOS ~ about this. so it's up to u hackers...YAY GO HACKERS!!!:thumb: ;) ...makes me want to learn how to hack just so i can mess up these people.
    Last edited by a moderator: Aug 6, 2011
  3. Laptop111

    Laptop111 Registered Member

    I know I am an idiot so please do not hurl abuse because I realise how stupid I have been. I downloaded Ammyy Admin after being told there was a problem on my computer by 'Microsoft' and for about a minute they were controlling my computer. They didn't download anything onto it but deleted a few files. I stopped it before they did anything else. Obviously I am very worried about this. I called up Dell (my laptop is a Dell Studio) and they downloaded for me SUPERAntiSpyware, Hitman Pro and Advanced Systemcare. All programs removed something, but the question is am I fully safe? I am using Windows 7 and when I click on customize (for the icons on the toolbar) there are still options for Ammyy Admin to show notification. When I select show notifications it says 'this notification icon is not currently active'. The Dell guy said I am fine now but I am not so sure.

    Please help!! (and yes I know I am stupid for falling for this scam).
  4. McNovice

    McNovice Registered Member

    Thank you to the person thast set this page up. I just got called by them and was told they had received these messages and he directed me to look at his computer. I told him I was not comfortable as I did not know who he was and I asked him to provide me with my detail. He provided my full name and address, scary. He then guided me to their website but as soon as I saw no mention of Windows I google AMMYY and found this site. I told him I had to go out and I would call back he gave me a phone number in Melbourne. An Indian chap with the name of Jack Lawford lol. Why have these people not been stopped? hung up and had the living hell beat out of them
  5. Rob4507

    Rob4507 Registered Member

    Hey Everyone,

    For anybody that is interested on what they sound like, I actually got a chance to record one of their scam conversations that they tried with me. They call so often that I have fun with them now as you will hear. :D

    I highly recommend you do the same. It is so much fun!

  6. BladeRunner

    BladeRunner Registered Member

    That was awesome! ( What's the Internet?!! HA!)
  7. crofttk

    crofttk Registered Member

    Thanks, Rob. Good one!
  8. J_L

    J_L Registered Member

    So that's what they sound like. I'd rather not contact them at all, because a scam company knowing my phone number won't be good.
  9. wixmy

    wixmy Registered Member

    I had these scammers call this morning. They regularly call every few weeks. I work in IT security myself so knew straight away this was a scam.

    The Indian sounding guy who called today asked me to press the Start button. As I run Linux that proved difficult! I then started playing music from old childrens programmes in the background pretending the music was coming from his phone system. He was surprisingly persistent calling me back many times in the hope that the background music would go away. Don't think he liked the Banana Splits theme tune too much! I then had someone else call me who was more senior. Surprisingly we had the same problem with background music... I did managed to get a 0203 UK phone number out of him but that just goes to a voice mail.

    When the background music wouldn't go away I asked him to speak louder as I couldn't hear so he then started shouting down the phone! Hopefully that will have disturbed a few of the other scamming attempts going on from the same office. This went on for about 45 minutes before the second guy gave up and put the phone down.

    Next time they ring I'll try getting the caller to stand on his chair to get rid of the background noise or perhaps go under his desk. I wouldn't be surprised if they fall for it...
  10. cm1971

    cm1971 Registered Member

    Ha that was great but you have more patience with them than I would. :D
  11. Peter2150

    Peter2150 Global Moderator

    You know, the sad part of this, along with those who have been conned, is from I can see the Ammyy site seems legit. It is a remote control program which is free to use.

    These scum, are just taking advantage of that to get people to give them remote access. Have a missed something.

  12. Keyboard_Commando

    Keyboard_Commando Registered Member


    I have been trying it out myself and for freeware it's fantastic. Good for when a friend or family has a comp glitch. I had no idea it existed before this thread.

    I don't have WOT or any community rating tool for my browser any more, I'm guessing Ammyy's reputation is currently mud with those type of tools now.
  13. VenusFangs

    VenusFangs Registered Member

    Newfoundland, Canada is also getting these scams. Yay?

    Got a call from "Megabyte Solution" saying they were getting reports of malicious software on my computer. When I said I'll contact Dell, the guy shouted "They'll never call you back on this!" Had me look up files (I did, just to see what he was jibber jabbing about), and then the caller was "horribly shocked at the number of malicious files on my computer! How was it even running??"

    When I hung up at this point, he called back and insisted that this was NOT a scam, and that I must get my computer cleaned. He told me to go to, and I searched "Is Ammyy a scam" instead. Thank you for all your posts! Knew it was, but still...very sneaky to get you to use the run box, and look all official. I immediately called my mom, who is in her
    60s and sometimes "scam-worthy" to make sure she was alerted to this!

    When I called my phone company, they said there was absolutely nothing I could do, and that we all get scam calls, so basically just suck it up and deal with it. So, there's really not much phone companies and such will do, and it seems like the attitude is "Hey, we all have to deal with ants at a picnic"...stupid Bell Aliant. :rolleyes:

    Again, Thanks for all your reports, and this site is now bookmarked!
  14. JKBC

    JKBC Registered Member

    BC, Canada

    BTW - my day - I work in network security.

    If you installed anything these guys asked you to install, your computer is now completely compromised.

    Treat it as though your house was broken into and you're not sure if your spare set of front door keys were stolen, of if you just mislaid them. Assume the worst - they were stolen and the thief is waiting patiently for you to put more valuables were he can get at them unnoticed.

    You should format your HD and reinstall your choice of operating system.
    If you don't how to do this, find someone that does.


    Just got off the phone from "Windows Telephone Support".
    Obviously a scam from the moment the conversation started.

    This is a really bizarre social engineering trick. I guess they figure people are more educated about spam and are probably now more trusting of a human voice.

    I guess they must get a significant number of people falling for it as it's at least a year old and they are still using the same names and story.

    My experience matched newforresters account.

    I got "Eric" (with a heavy East Indian accent) talking to me for 10mins before I got bored and hung up. Throughout the entire conversation I wasn't logged into my computer (was on my iPod at the time).

    The funniest bit was when Eric tried to convince me my computer was infected.

    Eric asked me to press start and type "inf". I guessed he wanted the content of my c:\windows\inf directory, so when he asked me what I saw I said "hundreds of files".

    Eric said, "Each one of those inf files in there is an infection". So I immediately said, "Thanks for letting me know, I've just deleted all the files and the folder they are in. Am I safe now?". He actually sounded panicked!! ;)

    I've got my VM honeypot ready. Hoping they call again when I'll be more prepared.
  15. JKBC

    JKBC Registered Member

    @ the forum moderator/admin.

    You should create a sticky that summarizes this scam and what to do (just hang up).

    It should be the first thing people read.
  16. Ph3arr3t

    Ph3arr3t Registered Member

    I am in Canada as this seems to be their hunting ground for now.
    when the guy called me and was able to confirm the number of logs in the event viewer without having installed anything yet I was a tad skeptical as to how he could see in my system. W1nd0lt OS doesn't hold any of my info as I don't use it. I have a lappie that runs an Ubuntu derivative.
    So to humour him I installed the app.
    I was able to log quite alot of info while in the call
    It would be nice if the other people posting here would post the same info.
    I was able to get the ip and port that the app connected to.
    if other people post it then we can figure out the domain that the perps are from.
    I also run Vista which is paranoid to start with, so I egged the caller on with playing like I am an ID10T. After the event viewer ploy he stated that he was xferring me to his T2 "supervisor". guess that was to try and make it sound important. anyway after he was done with the whole thing he was trying to get me to buy the 60 day contract from the site.
    I stated that I am not interested in that offer.
    he almost sounded confuzed when I stated that I didn't wan the contract.
    He re-emphasized the importance of buying the purchase....
    I simply stated that is the system was to crash " BFHD ... I'll just install Linux." he had no clue as to even what that was ...:D :D lol.
    as for the app itself all I did was use:
    RegHance lavasoft version.

    and in using just these 2 tools I was able to glean all entries and traces of the app from my registry and to remove any trace of the installer also.
  17. x942

    x942 Guest

    Got another call. Different number. This time when I played dumb they said "Well you obviously know nothing about computers" and hung up. So scam there. Why hang up on the mark? Normally you want someone that knows nothing. I am assuming this is one of the other "groups" doing it. I have noticed some seem to be based in different countries with no real link to eachother. Those ones don't call as often the "main" scammers do though.

    I have created a honeypot for them and have all the necessary tools to trap them.

    Laptop - Windows 7 Home no AV only "private" files. I have set up a tool called "quicksand" which slows port scans to a crawl (honeypot), and SNORT as a service (hidden using a VB script I put together this way they can't detect it), and a hidden key-logger (Metasploit was used here).

    Laptop 2 - BackTrack 5 R1 Wireshark and SSLStrip to log everything going in and out. Receives keylogged data from laptop 1 and has full SYSTEM priv's via an exploit/payload I made. This means I am in control still.

    FireWall - Pfsense logs everything too using DPI. Isolated from rest of (W)LAN.

    PBX Server to trap in coming calls, I am also using techniques to trick the carrier into relieving the true # in case the block or spoof it.
  18. x942

    x942 Guest

    They called back!!

    Now they get you to open your windows/inf folder via the run menu and tell you all of the "white" files are bad. lmao. It appears they send you to now which is just a redirect to logmein123. The code they gave me (and told me not to tell anyone oops) is 307642. I said the page wouldn't work and than the sent me to AMMY. I acted as though it couldnt run, but they said if I pay 150$ they can fix it!

    If any one is looking to put together a case against these bastards please email or pm me I want to help!.
  19. stapp

    stapp Global Moderator

    I have them on the line now!
  20. stapp

    stapp Global Moderator

    They want me to go to w*
  21. stapp

    stapp Global Moderator

    I think they have given up now :(

    They have rung twice in 10 minutes.

    I told them I was too scared to press the enter button :D
  22. nix

    nix Registered Member

    What are the odds, really, that five regular Wilders posters would get these calls? That is amazing. I think each and every one of you should play the lottery. The call base covers Australia, Canada, and the entire U.K. There are only 10,000 regular posters here. These guys are really good.
  23. stapp

    stapp Global Moderator

    They mentioned the fact that I had a Win 7 laptop.

    I think they bought the database of the store I got it from.
  24. J_L

    J_L Registered Member


    I wonder how WOT fanatics will treat this site now.
  25. Keyboard_Commando

    Keyboard_Commando Registered Member

    What's so hard to figure?