Ammyy Scam

Discussion in 'malware problems & news' started by Meriadoc, Sep 1, 2010.

  1. donj140

    donj140 Registered Member

    Joined:
    Oct 9, 2012
    Posts:
    1
    Location:
    edinburgh
    hi guys.....a very thick indian accented voice called me last night n said my puter was sending error messages to microsoft(he was from the techie dept),as i had a lot on i asked him to call me this morning,which he duly did.....
    he went on to ask me to open the event viewer log and count out to him the number of error messages (red and triangles)....not that many i hasten to add..he asked me to open a new browser window and type www.ammyy.com in address bar and when i saw that it was for a program that remotely controls your desktop i turn to him and said.....nah dont thinks matey.....no one controls my desktop but me.....i asked him for his postcode and he came back with a Bradford one..."BD5 0BH"....which i googled and it comes in the heart of a residential area.......if it was a call centre it wouldnt be sited there...i'd like to add that i've city n guilds IT Diploma and do all my own repairs.....so i knew that there couldnt be that many errors with my system.
    Bradford Police have been informed.......
     
  2. LeafsMan

    LeafsMan Registered Member

    Joined:
    Sep 7, 2012
    Posts:
    9
    Location:
    Canada
    I had some guy call me not once but twice the other night to which I yelled ~ Snipped as per TOS ~ I am trying to get laid. No more call backs LOL. I also had one guy call some months ago so I played around with him. When he asked for my IP address I asked him what his is so I can check whats wrong with his computer. He said that there was nothing wrong with his. I said same here nothing wrong with mine. He started to get mad. I said hey I am a computer tech and know there is not a thing wrong with my computer but I can look at his for him to make sure everything is fine. CLICK he hung up on me. So they called back and when I answered they hung up right away. They called back another time and my wife answered the phone and said ohh you talked to my husband about this. He said give me your IP Address and he will fix your computer for you. Click they hung up LOL
     
    Last edited by a moderator: Oct 10, 2012
  3. fcb

    fcb Registered Member

    Joined:
    Oct 24, 2012
    Posts:
    1
    Location:
    Canada
    Hello guys, I'm a new user here, so I apologize if I'm going about this all wrong. I'm from Canada, and earlier today to make a long story short, I partially fell into the AMMYY scam. The gave the guy remote access for some time, and then when he asked me to make a payment I declined and he hung up. Nonetheless, upon inspecting my computer I realized that this **insert demeaning swear word here** deleted all of the files in my documents and some other ones.

    I do not have any important info on my laptop such as credit card info or anything, but I am concerned that they still have access to my computer, or any of the other devices attached to my router (if that's possible?) What exactly should be my next steps in dealing with this?

    Thanks a ton!!
     
  4. murphaleen

    murphaleen Registered Member

    Joined:
    Jan 28, 2013
    Posts:
    1
    Location:
    USA
    Re: Ammyy Scam still working it!

    This forum is 1st that I've found that addresses the "Ammyy Scam" at length. It is alive and cheesy as ever! Today is Monday, January 28, 2013, and I just received 2 very unprofessional sounding phone calls at 1428 and 1434. I may be 73 yrs old [tomorrow is my actual BD], but this call sounded "scammy" from the get-go. Tip-offs: addressing me by my phone # not my name, speaking in an Indian-sounding accent, using words and phrases out of syntax, loud noises in background. Then we were suddenly disconnected.

    Can you believe that she called back within a minute? She apologized for the disconnect, but I said that it was OK because it gave me time to call my neighbor to come over. She continued her spiel, but I interrupted her to say that my neighbor was interested in what she had to say. She timidly said OK. I then explained that he was a law enforcement officer and was relaying all of the information to his chief. CLICK! She was gone.
    So sad that people stoop to this. She only had my phone number which is readily available. Just wonder what source they tapped to get it. And, is it mainly directed toward us "old fogies"?
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,550
    Location:
    Lloegyr
    Re: Ammyy Scam still working it!

    I doubt it has anything to do with age. I have had these calls, I don't even live in the US. They are most probably scam call centres situated somewhere in Pakistan, Bangladesh or India. They pick numbers out of the phone book & work their way through the English speaking world. What annoys me particularly is that there are plenty of people who still fall for this scam. It's not their fault of course, many people are not particularly computer-savvy. I wish the governments or police forces of these countries would close these 'expletive' call centres down. Alas, they are probably as corrupt as the scammers themselves.
     
  6. Sam Hell

    Sam Hell Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    44
    Location:
    my desk
    Hi. I've muddled through most of the pages in this topic but have apparently missed the one crucial post on how to find ammmy on the computer and get rid of it. Not found by ad-remove or Revo Uninstall. Meanwhile...

    i'm going to start another topic concerning how I ended up with this, but topic will be re ZeuS trojan. Need someone to look at that one also. Thanks.
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,550
    Location:
    Lloegyr
    Surely the Ammy site software can just be removed from programs & features? It's not the software itself that's malware, but it allows unscrupulous scammers from the Indian Subcontinent to have access to your computer.
     
  8. Sam Hell

    Sam Hell Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    44
    Location:
    my desk
    OK, maybe i was just looking for refs to Ammyy. Maybe their site has a prog name. THX :)
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,550
    Location:
    Lloegyr
    You're welcome.
     
  10. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,020
    My lady got one of these calls, at work no less. She went along all the way through, installed the client and gave them access and everything. They looked through tons of the zips and logs and seemingly loaded some stuff onto the system.

    She kinda knew right away it was a scam and let them have at it on a vm. A vm full of all kinds of unimportant fluff stuff. Medical texts, marine biology, astronomy..
     
  11. Trey4856

    Trey4856 Registered Member

    Joined:
    Feb 26, 2013
    Posts:
    1
    Location:
    Germany
    Yeah, it's still going on. I just got a call about 10 minutes ago from some guy saying their name was "Johnathan Finger" with an Indian accent... They still say that your computer is infected or is running slow and prompt you go to go to that ammyy website. Of course I didn't do it and I asked for his contact information and where he was calling from. He said from the Microsoft site in Manchester. So I called Manchester, talked to their IT support department and let them know what was going on. If it's been going on for this long, apperently they have been pretty successfull and this needs to stop.
     
  12. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    Still going on and on and on......call came in from California 530-619-xxxx (CA, don't think so!-# was disconnected) did not answer-checked the number at 800notes - a foreigner :ninja: calling claiming to be with Microsoft...etc.......I'm glad I have Caller ID :cool: just ignore them and let it ring!
     
    Last edited: Mar 12, 2013
  13. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,103
    Location:
    on my zx10-r
    i kept these guys on the phone for over an hour a couple weeks ago when they called i always answer just to mess with them. sometimes i tell them they reached a porn line, sometimes a escort service etc, sometimes i ramble on in italian while they keep trying to get a word in, sometimes i start reading them a china jade menu as a answer each time they ask me a question.... its just good fun and someone i dont at all feel bad messing with.
     
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,550
    Location:
    Lloegyr
    I admire your patience. It hasn't happened to me for quite a while but if they do phone me I usually politely ask the caller just how gullible they think that I am & put the phone down. If they call again right after that I might have some fun with them ... ;)
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    You should record some of thoes calls and upload them. :D
     
  16. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    Latest update-they have changed spoofed numbers-now shows an Illinois Call (was California) number 630-894-0625 (# subject to change of course and is disconnected).o_O
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    I have never received a phone call from them. Must be lucky! :D
     
  18. Craig234

    Craig234 Registered Member

    Joined:
    Jun 13, 2013
    Posts:
    1
    Location:
    US
    I just got called by them.

    Same routine, they claimed they were from Microsoft. I asked for a callback number, they gave me 2961926714, read 2 numbers at a time (not the US way of reading a phone number - 29, 61, and so on). I pointed out there's no such area code as 296, they said it's California, no, there's no such area code. I said you work for Microsoft, who is the CEO? They couldn't answer.

    Their scam starts with their asking you to run 'eventvwr', the Microsoft Event Viewer, where they show you it lists a lot of errors (mine has over 8000). They asked how many and expressed great shock at the number and how that proved I had a lot of virus risk for them to help fix.

    I said no, they're harmless. He asied if I knew what the errors are, I said I'm not here to take a quiz from you, you say you are Microsoft support, you should know. He transferred me to a 'supervisor'. I'd told the first guy all along he was going to ask me to download something giving them access to my system, and it wasn't going to happen, he denied they would; the supervisor did, trying to get me to sownload ammyy.

    That led me to this thread when I googled it.

    Their caller ID was spoofed to 00000000000 (it's ridiculous that our phone system allows spoofing phone numbers. They could fix that).

    Heavy Indian accents; I'm surprised how long they stay on the phone after being told (almost immediately) it's a scam. Most scammers hang up on you the moment you indicate you aren't playing along with their scam (talking to you, 'Card Services').
     
  19. unwisekid

    unwisekid Registered Member

    Joined:
    Jul 3, 2013
    Posts:
    1
    Ok so today. My dad got a call from someone who says they're from microsoft. He gave the phone to me so that I could deal with it. They asked me to download ammyy and I was so stupid to fall for it. I was 'transferred' and some heavily indian accent guy told me that he is going to find all the 'viruses' and whatever. So I l gave him the ID adress on ammyy and for a while I let him on my dad's laptop.
    I know I was so dumb to fall for the scam. It wasn't until I went on my own cellphone and started searching if the ammyy was real. I found out that it was a scam. I panicked and took out the internet connection. I then ran to my laptop and started exiting and uninstalling the programs they've installed. I tried to unistall ammyy but it wasn't found in the programs when I was unistalling programs.
    So I stopped the connection on ammyy and deleted the .EXE. Shortly after, they had been calling non stop. They've stopped now. I almost fell for the scam and now I'm scared. I read that they look for your credit card information, etc. I also heard that these people can't be unstopped. I really am scared. I still feel paranoid. Is there anyone else I can do?
    My laptop operates Windows 8... I still feel like I should do more. Thank god I found out before anything else happened.
    I feel so terrible, because I am always extra careful to scams and viruses. I always knew better but I fell for a scam today, and I can't stopped thinking about how much trouble I could have put my lap top through.
     
  20. fire_fly

    fire_fly Registered Member

    Joined:
    Mar 13, 2011
    Posts:
    6
    Scam AMMYY: need help

    I got a call today from someone claiming that my computer was not updating with the Microsoft servers. Here to help me for free! I knew it was a scam and decided to play along and asked them to call me back.

    When they called back, I recorded the voices and started Problem Step Recorder and created a system restore point on a computer I rarely use.

    I did let them install AMMYY just to see what they do. They go to the Event Viewer and claim that all events are errors. Then onto msconfig in run. They had me look at services. They claim that all stopped services have been stopped by viruses and my computer will not start soon.

    I played along for over an hour. Now they tell me that I have so many errors and viruses that it will take a long time to fix my computer. And they will have to charge me. Ultimately, told them I couldn't afford them.

    I have turned off that computer and want to use it for evidence to stop those nasty scammer people.

    I have a couple of questions:

    Unfortunately, he turned off the Problem Step Recorder at the very end and I did not get to save it. Where can I find that file?

    I live in the US. Who can I report this to?

    Fire Fly
     
  21. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,898
    Location:
    U.S.A.
    Re: Scam AMMYY: need help

    fire_fly, the file is normally saved to the Desktop as a zip file, however, if the recording was stopped and the file was not named & saved, it could be lost.

    Review: Solving Windows 7 and Application problems quickly using Problem Steps Recorder (PSR)

    FYI. Report Fake Tech Support Calls.
     
  22. fire_fly

    fire_fly Registered Member

    Joined:
    Mar 13, 2011
    Posts:
    6
    Re: Scam AMMYY: need help

    JR,

    Thanks for your prompt response. I thought that there is a temporary file where files are stored temporarily until they are saved or closed.

    Sort of like when you watch a video, you can find it and copy it to another location. I'm not sure where to look and what type of file to look for.

    I hope this clarifies my question.

    Fire Fly
     
  23. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,898
    Location:
    U.S.A.
    Re: Scam AMMYY: need help

    fire_fly, not that I'm aware of. When PSR is stopped, it responds with a Save As dialog box, and if the Cancel button is clicked, before entering a file name, you see this warning:

    2013-07-27_220540.png

    Meaning: if Yes is clicked, the info is gone!
     
  24. fire_fly

    fire_fly Registered Member

    Joined:
    Mar 13, 2011
    Posts:
    6
    Re: Scam AMMYY: need help

    Darn!!!

    Thanks for your time.

    Fire Fly
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,898
    Location:
    U.S.A.
    Re: Scam AMMYY: need help

    fire_fly, you're welcome! Take care.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.