Friend called 'MS' and got fake rep?

A friend who couldnt log into his email as his password no longer worked said he googled something (cant remember exact search query - but was something like 'microsoft email password problems') and he said the 1st link at the top was what he thought to be a "Microsoft" link and had a "toll free 0800" number in the link, he didnt click on the link but rang the toll free number...

heres the info he could recall:

A) this rep was african/american sounding
B) this rep supposedly had remote control of his PC but my friend doesnt recall initiating it (although I think he may have but not realised or remembered)
C) this rep showed him the event viewer 'errors' and said they were viruses and that al qaeda might be using his computer
D) this rep installed IOLO System Mechanic and used all the problems found in that saying this was part of it all and that his Anti-Virus (AVAST Free) has let them all in
E) this rep wanted to charge £169.99 for 1 years AVG Anti-Virus saying that all government agencies use this and if he bought it from PC World he would only get 7 days guarantee

my friend only wanted help accessing his email? needless too say he didnt pay the money but he said the guy had his address already and asked for his name and date of birth (which he gave)

I just wanted help in backing up my advice to him that this person was not genuine from microsoft as he felt that he might have been.

using TeamViewer I checked his computer and there seems to be nothing other than 2 PUP's (survey's websites installing software or browser extension to monitor browsing habits) which I removed, Avast was working fine, I scanned startup locations in Msconfig, Services and Task Scheduler (I am aware there may be other startup locations but it was 1am and had been on the phone 3 hours almost) and nothing is set to run at boot, nothing running in task manager, I scanned with the following all of which came up clean:

Avast (real-time shield)
MalwareBytes
Super Anti-Spyware
Panda Cloud Scanner
Trend Micro House Call
Kaspersky TDDS Killer Anti-Rootkit

The computer was working fine, web pages were fine (no redirects, and wasnt before removal of PUP's), I turned up heuristics on avast and enabled PUP detection too

I managed to go through all the loops to get his email access again.. personally I think he may have been locked out for trying too many times with incorrect password OR has changed it but forgot or mis-spelled it - it is possible his account has been hacked/accessed by someone else I suppose but his inbox has all the usual mail and its all unread? seems a bit pointless to access someones mailbox, change the password and not read any of the mail?

anyway if someone can confirm my findings that this rep was fake and possibly offer up any other advice that would be great...

thanks


snadge

 

Someone I used to work with brought me his computer for the same exact reasons. If you weren't clearly british, I would have assumed it was the same guy.

Honestly, I didn't believe him. He said he "called Microsoft" and they said he had a virus. He too had a problem with hotmail/outlook.com, and said Microsoft had a number to call. Now, I know it would be next to impossible to get a real person at Microsoft for their free service, so I thought he was full of crap.

He had the same story though. He was shown that his computer was infected through some "list of errors", and that it needed to be cleaned. He didn't mention anyone trying to sell him anything, but if it was for $170 US dollars, he is way too cheap to bite.

I ran every A/V I could think of in an offline scan, but only found remnants of old infections in the registry (no active malicious executables, drivers, etc). At least this was just a sales pitch and probably harmless....

Microsoft would never sell AVG, as they obviously have their own free antivirus tool. I think there is clearly someone who managed to place a fake support number at the top of google.

 

Best bet would be to use the resources below and contact the FBI.
http://www.fbi.gov/scams-safety

Also see: http://www.welivesecurity.com/2013/05/06/support-scam-cold-calling-the-next-generation-2/
Additional support scam help:
http://www.welivesecurity.com/search/?s=support scam&x=0&y=0

 

thanks guys - im trying to get him to call his phone provider (BT) to get the number but ive a feeling he is a bit reluctant but we'll see - he changes to a new provider in 2 days so may not be able to get it after then

Iam going to initiate a new TV session and install Spyware Terminator and Private Firewall (lite & effective) - even though scans showed the computer to be clean Iam worried there is a backdoor open somewhere, hopefully a firewall will help this, he currently enabled the Avast Trial turning on its firewall which will do for now.

thanks again

 

he has just posted on my FB wall "the call was genuine and free" - sigh!

 

Could you explain what this exactly means ?

 

he has since said "he spoke to an american woman who said it was genuine...so it was real"

you know as much as me, I send detailed emails asking him to call BT (UK) to get the number he called to give to me so I can check it out, but to do so before Thursday (gone by) because he switches from BT to Talk Talk and may not be able to get it after then.... im assuming he saying he called BT and they said it was genuine lol..

he either called BT and they said the number was genuine 0800 (but thats all, and he thinks she meant its microsoft too)
or, he's called some other dodgy number!!

 

I hope that you are able to get to the bottom of this at some point, mate.
Generally - MS and others do not call *you* unless you have solicited a support call from them - beware.

 

nah he called them lol

dunno if you read the 1st post , but he called a number from a google serp and got some african sounding man , told him he has loads of problems, was going to charge £170 for AVG and showed him errors in event viewer saying these were viruses and such that AVAST let in.. he says he took remote control without him initiating it!!

the lad is totally PC illiterate and has severe memory problems, its possible he called, got nowhere with MS then received the call from fake one later? or something? i dunno...

 

that would be handy - if I got the number lol... ive a feeling i will never get it! so I will never know what the number he called was, if he wants to believe them over me then so be it- he can pay them to sort out these "non-existent" problems too

 

Beware of Scareware & Ransomeware.

Rogue installers and hijackware are supported at these Forums.

As Ron said: Call the numbers supplied and ask for assistance here.