Stranger Remote Access Phone Call Scam HELP!

[thedoors27]

Hey everyone I need some help.

Came home from work to find out my grandad had answered a call from someone claiming he had lots of viruses on his laptop. Things get a bit complicated from here as he's not sure who exactly happened next but I found out he had visited the team viewer website and the guy I believe has been allowed remote access to my grandads laptop.

We have a few a couple of computers and a ipad on our home wifi. Could the caller of been able to access all the pcs / iPads or just my grandads laptop?

Also I've ran a boot scan on the laptop but found nothing harmful but is there any sure way to make sure everything is ok to use?

Should we all change our passwords to stuff?

Sorry for the wall of text, any help / advice would be greatly appreciated!

 

[salvage-this]

Check your bank statements on a different computer. Make them aware to watch for unauthorized changes/charges. Be sure to get rid of teamvier. Hopefully one of the admins will be around soon to look deeper into the system for bad software

 

[thedoors27]

Hopefully one of the admins will be around soon to look deeper into the system for bad software

? It's just a home wifi network, pcs, iPads etc. Basically lets say if my cousins came round and used our wifi her ipad would be safe? Or there are there any sort of network viruses about?

 

[salvage-this]

Let me clear that up. There are a few admins here on CF that are really good at looking through logs from your PC to find any rouge software. Unfortunately I am not that good at it, so I'll let them do it.

I would think that other devices on the network are probably ok, The scam is usually all about credit card info.

 

[thedoors27]

Sorry Salavage. I've had a hard day at work and coming home to this has frazzled my brain a little!

 

[voyagerfan99]

The other devices on the network will be fine. Normally the remote users just poke around, try to point out "errors" and "virus'" but don't actually cause much damage. But to be sure, we can scan your system.

1.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.


2.


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[thedoors27]

Just incase I have done a reinstall of Windows on his laptop.

Hijack this log is just loading up a blank document file.

Malware bytes log looks like this,

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.30.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
David :: David-PC [administrator]

30/07/2013 21:52:23
mbam-log-2013-07-30 (21-52-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194043
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[voyagerfan99]

Well if you wiped and reloaded Windows then you have nothing to worry about.