Please register or login. There are 0 registered and 1270 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s December 16 - 02:25am EST 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Problem Products /
 

  Bogus Microsoft rep takes over computer 
 
 Author 
 Date Written 
 Tools 
Bob Brockmann Apr 26, 2014, 10:30pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List Replies: 18 - Views: 3090
My school teacher daughter got a phone call posing as Microsoft stating that she owed seven years of fees for not registering Windows which with penalties was several hundred dollars. After phone negotiation it was reduced to a sum she was willing to pay. She allowed him to install software on her computer to take over and help her set up the payment. Hard to believe but she was set to give him the last four digits of her bank account when she got cold feet and called me. As soon as I could absorb what she was saying I told her to stop. As soon as she hung up to call me he started sending ugly chat messages calling her a **** and other names. She couldn't get out of the program so I told her to turn off the computer. Now the computer puts out no video. It acts like it is booting normally. The hard drive spins up and makes the proper accessing sounds but no video out. I get no beep codes. I have changed to a known good video card and monitor. I changed out the memory. I have tried booting from the CD. I have disconnected everything but the keyboard and monitor. How can someone who takes over your computer cause a problem like this remotely? I don't see how a virus or any type of software can cause this type of problem. I can't even reinstall Windows since I have no video. The computer was not even moved between shutting it off and turning it back on. Any ideas please.


Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Rhort Apr 27, 2014, 04:01am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> .
Ok, well I canít really think of anything software-wise that would cause an issue in that way, unless thereís some sort of rootkit on there which has got to the BI/OS, so my first suggestion would be:

1. Strip the machine down, disconnecting all peripherals from the motherboard with the exception of the CPU (and associated cooling solution obviously), and one known good stick of RAM

2. Attempt to boot and see if you get the ďI have no video cardĒ beeps from the board itself, which will at least tell you that itís attempting to POST, even if itís not outputting any video

3. If you get the beeps, reconnect only the video card and retry

4.

i. If you either donít get the beeps at all, or after getting the beeps the video card still doesnít receive any output, then reset the BI/OS by disconnecting the CM/OS (either by temporarily removing the battery itself or by shorting out the jumpers); the process of doing this should be instant, however Iíve received advice ranging from 5 mins to 24 hours in order to complete (certainly every time Iíve done this it was instant), and then start again with Step 1

ii. If you get video output after Step 3, start reconnecting peripherals one at a time (personally Iíd start with the main HDD) until you get a boot (or POST) failure, and then youíve identified (at least part of) the problem and youíll know where to start to look for a fix

Let us know how you get on with that.

_________________________________________________________________________________
~ The manual said "Requires Windows '95 or better" ...so I installed Linux!
Bob Brockmann Apr 27, 2014, 05:03pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Thanks for the input. I removed the battery and shorted the bios. Stripped the board down to memory only; no beeps. Removed memory; no beeps. Tried different speaker [desperation] no beeps. Different power supply; no beeps. I guess it isn't even starting the post. Don't see how the imposter could harm the bios, but can't flash it anyhow. Don't see how a shutoff can harm a motherboard, but can't see how it could be anything else. Unless someone has another option I guess it's a new [used] motherboard so daughter can use same cpu and memory.

john albrich Apr 27, 2014, 09:05pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Rhort said:
...then reset the BI/OS by disconnecting the CM/OS (either by temporarily removing the battery itself or by shorting out the jumpers)....


WARNING re: shorting the CMOS 'reset' pins
Not saying this happened because it looks like you had major prior problems, but if you do this in the future and/or on other motherboards...
Many motherboards can be damaged by shorting the CMOS reset jumpers unless the PSU is turned-off at the PSU power switch and/or disconnected from AC mains and residual power is allowed to deplete before you short the pins (waiting a minute after you remove AC mains power, then shorting the pins is sufficient time). The PSU power switch (if one is provided) is located on the PSU itself...it is NOT the front panel "power" switch.

Check the motherboard detailed manual for details. Unfortunately this warning is often a single non-highlighted sentence hidden deep inside the motherboard manual.

Bob Brockmann Apr 27, 2014, 09:23pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Thanks for the info. Although I didn't know that shorting the bios could harm the motherboard with the power off, I pulled the power cord before removing the battery and waited 3 or 4 minutes [which is usually plenty] and then decided to go ahead and jump the bios pins as well before continuing with my checks.

Naveen Goud Apr 28, 2014, 02:51pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Hello,

I don't think that any guy could remotely damage the hardware on your friend's PC. Moreover, if he/she could succeed in installing any kind of malware, all that takes place at software layer and cannot damage anything at the hardware layer.

So, what I presume is that you guys are still in the influence of the bad experience you had with that guy and so are thinking that the guy might have damaged the PC as well.

But what I see here is a bit different. I think something kind of damage at the hardware layer took place in this meantime, and since it went un-noticed you are blaming that guy.

In my view, forget that guy and listen to this suggestion. If at all he succeeded in corrupting your hard drive OS, at the most, you will loose some of the data if in case, it was stored on the same partition of your OS. Just format your hard drive partition and reload the OS. If the past OS has virus issues, then by doing so it will solve.

If still the hardware issue persists, then I think it has happened due to some voltage fluctuations, humidity or some kind of improper handling of hardware.

If its possible, take it to the hardware guy and he will use a spare video card to detect what exactly has happened?


Company: http://www.stonefly.com

Facebook:http://www.facebook.com/stoneflyinc

Twitter: http://www.twitter.com/stoneflyinc

Linkedin: http://www.linkedin.com/company/stonefly-networks/products?trk...iz_product
john albrich Apr 28, 2014, 05:29pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Apr 28, 2014, 05:39pm EDT

 
>> Re: Bogus Microsoft rep takes over computer
.
There are a number of ways software can damage a PC and/or peripherals. One could write custom malicious code (malware), or one could also use readily available and otherwise very useful software/utilities in a malicious way...especially if one has been given unrestricted remote access to the computer.

Such programs could be used to simply disable the CPU fan via software, change RAM, CPU, GPU, FSB, multipliers, etc timings and/or voltages to cause nearly instantaneous catastrophic overheating. A number of these programs allow such changes to be made in real-time with just a few keystrokes.

Even without accessing the BIOS/UEFI panel, one could use any of dozens of readily available "generic" system monitoring or overclocking programs/utilities. Many motherboard manufacturers even include such a utility to allow users to "tune" their system performance. Such programs make changing these critical parameters easy. Given access, as was the case reported in the original post, it would be easy for someone to install and modify and use such a program to cause such problems. That would be classified as malicious use of perfectly normal software. This would be similar to someone using a normal everyday useful tool like a knife to hurt someone. The tool is legal and very useful, but can be used in a harmful way.

The ease of such changes depends on the motherboard, the CPU, the video card, etc. but with many modern motherboards such components can be damaged nearly instantly using such programs and utilities. It's the malicious use that would be illegal (it's a federal crime in the US).

Naveen Goud Apr 28, 2014, 06:20pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
John,

I agree to what you have said about some malicious codes. But those codes are software's which are designed with high investment and are only used against PCs or PC groups, which are highly sensitive and offer some gain in return.

In this case, i don't think that the said user came across such malware tools, as she is just a home user.

Yeah, there could be a possibility that due to some personal grudge, a friend of her, might have induced some malicious malware into her PC and that has caused some software trouble, which has made the system fail to boot up. Additionally, i suspect that a hardware trouble has also cropped up on a simultaneous note and so is causing such issues.

Company: http://www.stonefly.com

Facebook:http://www.facebook.com/stoneflyinc

Twitter: http://www.twitter.com/stoneflyinc

Linkedin: http://www.linkedin.com/company/stonefly-networks/products?trk...iz_product
john albrich Apr 28, 2014, 06:47pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Apr 28, 2014, 07:43pm EDT

 
>> Re: Bogus Microsoft rep takes over computer
Naveen Goud said:
John,

I agree to what you have said about some malicious codes. But those codes are software's which are designed with high investment and are only used against PCs or PC groups, which are highly sensitive and offer some gain in return.

In this case, i don't think that the said user came across such malware tools, as she is just a home user.

Yeah, there could be a possibility that due to some personal grudge, a friend of her, might have induced some malicious malware into her PC and that has caused some software trouble, which has made the system fail to boot up. Additionally, i suspect that a hardware trouble has also cropped up on a simultaneous note and so is causing such issues.


I think that's an misread of the situation entirely. The operation appears designed to fraudulently obtain money from large numbers of people. They obtain credit card numbers from their victims. THAT is their "gain". It seems organized...and not a known personal contact. They are posing as someone from Microsoft, and calling people as part of a "con" job. The calls are placed possibly at random, possibly by simple numeric sequence, or possibly from some list they obtained from somewhere (e.g. a list of teachers in a school system they know uses Windows). Perhaps they even legally bought a customized list of Windows users from some social networking website or "app" that collects, filters, and then sells such information as "marketing data".

As for "just a home user"...we don't know that. She's a teacher, with potentially all sorts of access and personal information on her system...although it would seem a simple "con" operation was the primary action here, and not a systemic hacking attempt. Although I do have some thoughts on that as well precisely because she is a teacher, likely with special access to some school/government systems. She could have been targeted as a "gateway" for her IT access, but like I said, it was more likely a one-off "con" job.

As for the "But those codes are software's which are designed with high investment and are only used against PCs or PC groups, which are highly sensitive and offer some gain in return." No...they do NOT require "high investment". A person with access to the computer such as that given by the daughter can cause damage with perfectly legal and useful FREEWARE programs/utilities obtained from any number of legitimate download sites or even using a motherboard manufacturer's control utility. These are not malware, viruses, etc. The attacker (if necessary) can load the utility on the computer and change the appropriate settings in less than a minute. The victim doesn't have to do anything once access has been given to the attacker. Please read my earlier post on that. ALL the attacker needs is unrestricted access to the computer...whether it's remote or on-site access is also irrelevant.

I really don't want to cloud the issue, but there is an very important secondary point on your perceived "high investment" for actual intentionally developed malware.

Such malware is readily available out in the world of hackers. They have HUGE libraries of the malware, viruses, etc they share amongst themselves. They do not need to develop it from scratch. In addition, it's neither as difficult nor expensive to write from scratch as you seem to think it is. A good coder could write something really nasty in less than an hour that would work on a number of systems...especially if a user is under-educated in computer security and gives them direct access to their computer. In addition, there are enough computers out there that have little or no anti-malware defenses and the numbers work for the attackers. I personally know a few people, and I've read industry articles that people who had anti-virus software installed, later removed it because...they were annoyed by the fact the anti-virus software popped-up notices that it detected security breaches. So, rather than deal with the KNOWN and reported security issue(s), they removed the anti-virus software to get rid of the "annoying" alerts.


201404282340uct edit:
a couple clarifications

Bob Brockmann Apr 28, 2014, 10:13pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Thanks for all the information. I really appreciate people who are willing to help total strangers. The imposter had control of my daughters computer for several minutes before she called me. Time enough to do any of the many things mentioned above. I had no idea that he could get into the bios remotely. I guess pulling the plug could cause a power surge, but I don't see how it would be any worse than shutting off the power switch on the power supply which I have done several times over the years on other systems that were hung. I wonder if he just did something in the bios that won't allow it to post. This is an old system that I built for her several years ago. I pulled out the cpu and memory and put it in another motherboard I had in the closet and it booted just fine so they are not hurt. I sense that if I could get in the bios her board is still all right.
Thanks again guys

john albrich Apr 29, 2014, 02:31am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> More Info to Reduce/Prevent Device Damage
.
Bob,

I hope you don't mind just one more bit of "teaching moment" stuff regarding system failures. While it is unlikely this applies directly in your daughter's initially described situation, this could be helpful to you in the future since it looks like you are "hands-on" when it comes to computers.

Unfortunately ElectroStatic Discharge (ESD) is something a lot of people either don't understand, believe is unimportant, and/or ignore at their (and our) cost. ESD is responsible for a lot of early "there's no reason" failures and "DOA" returns. ESD failures can be intermittent or solid and can be very hard to pin down.

One problem is that many users blame manufacturers for "bad quality" when a DOA failure may actually have been caused by the user improperly handling the device(s) before or during installation.

ESD damage may be caused by the user, the shipper, and/or the manufacturer. Here are three of the most important (and not very expensive) physical investments for any user who routinely handles computer parts. I think any of these can be obtained from vendors like newegg, digikey, and so on.
ESD wrist strap
ESD work mat
Good ESD storage bags/containers (if needed)
Even with these items, one must consistently use them properly or it won't help. However, a user making a few changing in how one handles parts can significantly reduce "DOA" and early failures.

Unfortunately it's cost and time-prohibitive for a manufacturer to analyze every returned device to determine whether a failure was caused by ESD. Plus, even if it did do the analyses, the manufacturer still would be unable to determine who caused the ESD failure or when it was caused. Thus, it's just easier for the manufacturer to pass on to all of us the costs of providing refunds or replacements to such users.

More info on ESD and how it affects users and computers:
http://www.hardwareanalysis.com/content/topic/55442/#383547

Bob Brockmann Apr 29, 2014, 01:49pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Thanks John. I used to do buildups on an ESD mat and probably built this computer on it, but my breadboard troubleshooting machine sits on it now and I've gotten more careless. After all, we all know that those kinds of things only happen to other people....right? It probably doesn't apply to my daughter's situation since we didn't do anything to it but plug the power cord back in after she pulled it to shut off the computer.

Meats_Of_Evil Apr 30, 2014, 02:24am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
Very interesting thread, I hope your daughter's credit card wasn't compromised in any way. This is probably the first time I've read about such a thing happen since I had Windows XP installed! Coincidentally.... what OS was your daughter using?

Also John, nice tips as always. I miss the glory days of this site, I learned so much from it. :(

-------------------------------------------------------------------------------------------------------------------------
Everything I write is Sarcasm.
Bob Brockmann Apr 30, 2014, 02:00pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
This was an old XP machine I built up for her in 2005. It's an ECS KT600-A motherboard that has done all she needed from it for many years. I don't know if I'm more frustrated about not being able to figure out and fix the problem or the fact that there are people like this creep out there screwing up peoples lives. I yanked an old computer out of the workroom and have her running again. I'm still messing with this rig because I hate to give up on something.....bad habit!!
Bob

Juan Pena May 08, 2014, 03:32pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
As others have already said, I find it diff that anybody might have done actual harm, physical, hardware damage to your daughter's comp. I know it *is* possible, but for me, not probable.

In any case, move on. Build her a new computer, install Win 8, which I really like, install a good a/v a/malware and see if you can link the old hd via usb.. if there is info she needs to have. Otherwise, format it as severely as you can to make sure there is nothing left on it that might do her any more harm.

And let her move on, lesson learned.

Let that be the worst that happens to her in her life.

Bob Brockmann May 08, 2014, 03:43pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
The old drive still ran fine and I was able to get all her documents off. Formatted the drive and reinstalled XP. Easier for her than learning Win 8. Thanks to everyone.
Bob

Dr. Peaceful May 09, 2014, 12:23pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: May 09, 2014, 12:42pm EDT

 
>> Re: Bogus Microsoft rep takes over computer
I wish I saw this earlier, gladly many here have already provided their valuable comments.

First, people posting as Microsoft tech support and try to scam people is not new. It's date back to 2010 or earlier for the first occurrence of such. They used different reasons for scamming people, such as remove viruses, repair computer problems, paid windows updates, and even as outrageous as claiming the person won the "Microsoft Lottery". The reason they used to scam your daughter, saying she owed money because did not activate windows, may or may not be new. Since WinXP was just officially phased out of support, they may take advantage of that as the reason to scam people as well.

These scammers could be organized criminals, likely from a foreign country, aiming to scam large sum of money. Or they could be individual hackers trying to gain access to computers and/or private information. Since your daughter is a school teacher, another possibility would be a mischievous student(s) trying to seek revenge of some sort.

Anyway, the most important thing to remember is Microsoft NEVER provide unsolicited support calls and ask people for credit card. First sign of that, you should already hang up. Anyone with a bit of IT background would know that. But unfortunately these criminals are taking advantage of people who don't know enough and are gullible.

Here are few links from Microsoft.
http://www.microsoft.com/security/online-privacy/scams.aspx
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
http://blogs.msdn.com/b/securitytipstalk/archive/2010/03/09/do...pport.aspx

Here's an old news article explaining tech support scams.
http://www.darkreading.com/risk-management/microsoft-tech-supp...d/1109925?

If you feel the need to report this and/or the person continue to bother your family, report it to Internet Crime Complaint Center (IC3) of the FBI.
http://www.ic3.gov/default.aspx

Dr. Peaceful May 09, 2014, 12:35pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: May 09, 2014, 12:46pm EDT

 
>> Re: Bogus Microsoft rep takes over computer
As for the repair of the PC, I would suggest 3 things.

1) Disconnect the PC from any network, whether it's wired or wireless. Until you're sure the computer's cleaned and fully restored, don't network.
2) If you're planning to reuse the hard drive, wipe it with secure wiping software. Don't just format it.
3) I would avoid WinXP, since officially it's no longer support by Microsoft. Get a OEM copy of Win7, and use that instead.

Bob Brockmann May 09, 2014, 01:36pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Bogus Microsoft rep takes over computer
I merely formatted the hard drive and that apparently wasn't enough because I'm having trouble trying to install McAfee internet security on it.
What an adventure this has been. Thanks to all.
Bob


Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.