Microsoft Scam Recovery Advice Needed

  Legslip 16:33 16 Oct 2014

My pal has just fallen foul of the Microsoft scam and given the caller access to his computer. Fortunately he did not pass over any credit card or bank details. However having given the caller access can anyone advise as to what action or actions to take to ensure his PC is totally secure? Any advice as always would be greatly appreciated.

  spuds 17:41 16 Oct 2014

If your friend as any malware or rootkit programmes installed on their computer, then run a few scans.

You might want to read this click here

  john bunyan 17:53 16 Oct 2014

I do not have a password access on my desktop, but do on a laptop. Perhaps a password might be worth using. Double check firewall settings to ensure no access changes.

  onthelimit1 18:43 16 Oct 2014

Make sure Remote Access is turned off. For W7, Control Panel, System, Remote Settings and untick Allow Remote Access.

  Legslip 10:01 17 Oct 2014

Thanks all for the useful tips. I was thinking of doing a full system virus scan together with full scans with Superantispyware and Malewarebytes after doing a System Restore to date before the call. Is this enough?

  spuds 10:25 17 Oct 2014


That should probably be enough, but to be sure, I would suggest a download and use of Malwarebytes Rootkit Beta, which is an addition to MWB in its present form. I have used this, and was surprised what it found after using MWB, SAS and ADW Cleaner.

Safe link to MWB Rootkit click here

  Legslip 20:14 17 Oct 2014

Thanks Spuds!

  BillSers 08:52 18 Oct 2014

I would also suggest to make sure he's turned off remote access and to change all his passwords on sites especially banks etc.

  Jollyjohn 17:42 18 Oct 2014

In my experience, and I have allowed one of these scammers access to a sacrificial box, just to see what they, there will be a remote access program installed. It used to be LogMeIn or Ammyy & occasionally Teamviewer. None of the companies that produce these programs are involved in the scam. Teamviewer and LogMeIn were very grateful for the details I provided from the calls.

So - Disconnect from internet before next boot and then look in Add / Remove programs and remove any programs installed on the date of the call. Reboot and reconnect - this will have got rid of any remote access software.

  Legslip 15:25 20 Oct 2014

Thanks one and all for some useful advice. JollyJohn, I think a system restore to a date before the scam call should remove any remote login software.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei MateBook X Pro (2019) review

Inside the redesign of the world's largest computer games platform, Steam

Apple TV Plus streaming service launch, release date and price

Apple TV+ : date de sortie, prix et catalogue