Microsoft Scam Recovery Advice Needed

  Legslip 16:33 16 Oct 14

My pal has just fallen foul of the Microsoft scam and given the caller access to his computer. Fortunately he did not pass over any credit card or bank details. However having given the caller access can anyone advise as to what action or actions to take to ensure his PC is totally secure? Any advice as always would be greatly appreciated.

  spuds 17:41 16 Oct 14

If your friend as any malware or rootkit programmes installed on their computer, then run a few scans.

You might want to read this click here

  john bunyan 17:53 16 Oct 14

I do not have a password access on my desktop, but do on a laptop. Perhaps a password might be worth using. Double check firewall settings to ensure no access changes.

  onthelimit1 18:43 16 Oct 14

Make sure Remote Access is turned off. For W7, Control Panel, System, Remote Settings and untick Allow Remote Access.

  Legslip 10:01 17 Oct 14

Thanks all for the useful tips. I was thinking of doing a full system virus scan together with full scans with Superantispyware and Malewarebytes after doing a System Restore to date before the call. Is this enough?

  spuds 10:25 17 Oct 14


That should probably be enough, but to be sure, I would suggest a download and use of Malwarebytes Rootkit Beta, which is an addition to MWB in its present form. I have used this, and was surprised what it found after using MWB, SAS and ADW Cleaner.

Safe link to MWB Rootkit click here

  Legslip 20:14 17 Oct 14

Thanks Spuds!

  BillSers 08:52 18 Oct 14

I would also suggest to make sure he's turned off remote access and to change all his passwords on sites especially banks etc.

  rdave13 11:59 18 Oct 14

I'd have a read here, Ask Leo.

  Jollyjohn 17:42 18 Oct 14

In my experience, and I have allowed one of these scammers access to a sacrificial box, just to see what they, there will be a remote access program installed. It used to be LogMeIn or Ammyy & occasionally Teamviewer. None of the companies that produce these programs are involved in the scam. Teamviewer and LogMeIn were very grateful for the details I provided from the calls.

So - Disconnect from internet before next boot and then look in Add / Remove programs and remove any programs installed on the date of the call. Reboot and reconnect - this will have got rid of any remote access software.

  Legslip 15:25 20 Oct 14

Thanks one and all for some useful advice. JollyJohn, I think a system restore to a date before the scam call should remove any remote login software.

This thread is now locked and can not be replied to.

Huawei P10 review

1995-2015: How technology has changed the world in 20 years

An overview: What leading creative agencies are doing to improve diversity

New iPad, iPhone SE & Red iPhone 7 on sale now