Endpoint Protection

 View Only

  • 1.  Fix for fake Support Calls from Dell

    Posted Jan 09, 2015 05:06 PM

    Hello:

    I am looking for the solution to fix the suspected data security breach for my home PC. Dell Fake caller obtained control of my PC after verifying all my private Dell information; customer ID and Invoice detail. The fake Dell agent showed me how to obtain CLSID through cmd and verified his dell Id by matching the same over the phone then took control of my PC for 5 minutes, he showed me task manager. Pointed to Csrss.exe files and googled it to show that they are malicious and then did netstat to show foreign IP addresses established control of my PC. I never see him copying anything on desktop and after 5 minutes when he asked $400 I disconnected him realizing this is fake call by hanging up the phone. Now Please help me which Norton tool should I run? I already ran Mcafee, MS malware, Malwarebytes and Norton Deep advanced scan tool. Please help as I called D-link for help to set wifi camera and they told me that my network is infected and all devices attached are infected or vulnerable. Then I called Bell my ISP who ran the check and said there is nothing malicious all clean from their end to my network. I am confused and need expert advise please.



  • 2.  RE: Fix for fake Support Calls from Dell

    Posted Jan 09, 2015 05:11 PM
    How would they know all devices are infected? Did the fake caller install anything? You can use Norton power eraser. This is a fairly typical scam and all those files are legit they're just trying to scare you into giving up money. How did they get control? What remote tool did they use?


  • 3.  RE: Fix for fake Support Calls from Dell

    Posted Jan 12, 2015 06:39 AM

    Hi Rashfact,

    (What Symantec product and version do you have installed-?  Is anything appearing in its logs?)

    If you have not observed any odd behavior from your computer and nothing shows up in a scan, you are likely OK.  These con men attempt to trick you into believing your computer is infected when it is not.  (There are also cases where they sabotage the computer once they have control, and then refuse to fix it until they are paid.)  Here are a couple of articles about how these scans work:

     

    Technical Support Phone Scams
    https://www-secure.symantec.com/connect/blogs/technical-support-phone-scams

     

    When tech support scams meet Ransomlock
    https://www-secure.symantec.com/connect/blogs/when-tech-support-scams-meet-ransomlock

    If all is working OK and nothing shows up in AV scans, take measures to strengthen your defenses and treat the event as a learning experience.

    The Day After: Necessary Steps after a Virus Outbreak
    https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak 
     

     

    Please do update this thread with news! &: )

    Many thanks,

    Mick