Missing RAM after a call from a "Microsoft" tech

Automatic Washer - The world's coolest Washing Machines, Dryers and Dishwashers

Help Support :

joeekaitis

joeekaitis

Well-known member
Platinum Member
Joined
Dec 22, 2001
Messages
1,683
Location
Rialto, California, USA
An acquaintance from church asked me to perform my computer tuneup on his HP Pavilion laptop after he realized the heavily accented caller on the phone wasn't really from Microsoft. The caller had maneuvered him into installing GoToAssist which includes unattended remote access. I took off GoToAssist, ran Adwcleaner and Junkware Removal Tool (both available from bleepingcomputer.com). Adwcleaner rightly reported PCKeeper as a PUP (potentially unwanted program) which I removed.

The computer was still agonizingly slow, so I checked Task Manager for rogue services and processes but found none. Instead, the Memory tab reported less than 1GB of RAM. The computer Properties reported 6GB of installed RAM but the same paltry amount of usable RAM.

A boot into Safe Mode (what a pain on Windows 8) reported the same numbers. I shut down the laptop, opened the back and pulled and reseated the RAM.

And there it was, all 6GB installed minus the 128MB for the Intel integrated graphics.

And now, for the $64,000 grand prize:

Can a fake PC tech plant code that stays in RAM as long as the RAM sticks are in their slots or was this just a hardware fluke?

What say you, world?
 
It had to be a user fluke. I don't know of any RAM that will hold memory after power to it is removed. If the user of the laptop never shut down all the way (I see a lot of users just put the system to sleep instead of actually powering down and rebooting) then the memory will be held and so will any programs resident there.
 
 It would not surprise me considering these new super virus Stuxnet,Duqu,and that is just the beginning  that the U.S./Britain/Israel .

With Cloud Computing everywhere there is no man in the middle anymore and Scams are everywhere.

  

   There is a Scam going on now because they tried it with me..My Phone would ring and it would be a collect call from a prison.I told them I don't know 

anybody in prison.It's a computer in a cloud at Amazon or something.After that first call I was getting 8 a day.Then the other computer calls me saying that

there Verizon and there is something suspicious on my account and they need to verify me.They asked me to confirm my Social ## and my Credit Card..

They also told me that the prison was a scam artist and to bloke the number but they are the true thieves.They drive you nuts calling and calling from different lines and then they have a fake Verizon agent call me..  I cussed them out and called Verizon myself,I know there are people that have fell for that big time...
 
And you wouldn't believe the number of people who get the "This is Microsoft and you have a virus on your computer, go to your computer and enter these commands..." then remote control access software is put on your machine. You then are asked to pay a fee for them to remove it.

I have known at least 12 people who fell for that. Usually older people or people who just don't understand how to use a computer. The only one that got what they deserved was the one that called my crazy sister. She knew it was a scam and she went after them with language that would make a sailor blush, then she kept calling them back over and over again to call them even more bad names. And that was a day where she was in a good mood.

One person who fell for it said that the phone number that showed up on their caller ID display was their own!

I figure if they ever call me, I'll play along. But drive them crazy in the meantime. Things like "No, I don't see that? An IP address? What does that do? Then demand a long winded explantion. Then finally bombard them with "I don't think you know what you are doing!" until they hang up.
 
Ugh...

I wouldn't be running, "adwcleaner"... or some "junkware" removal tool. That may very well, catch stuff that came preinstalled on the laptop. However, you've got to remember, there's a <span style="text-decoration: underline;">REASON</span> these people called and I highly doubt they were interested in installing something to protect/optimize the pc. 

 

What... I'm seeing happening, is their targeting the elderly and attempting to install Malware designed to capture Financial Information, needed to drain/empty a checking or retirement account. Many of the Victims, are.. people who know very little about operating a PC, besides turning one on.. and simply believe what's being told them over the phone.  

 

Where I work... we're seeing Targeted attacks, utilizing email(s) and social engineering over the phone, to attempt to install Malware on computers with the ability to process Wire Transfers and perform Account Processing. Unfortunately many people are easily tricked, or conned into installing malware by these hackers... and we're only finding out, when we notice the Viruses making their round throughout the network. 

 

<hr />
 

 

As for the OP - I've noticed that Upatre (a form of a Trojan Horse that installs malware) can alter Computer Specs (including the Memory & HD Space) in the My Computer settings. It'll also change/alter networking preferences, and the like. 

 

You're not going to find ANYTHING, in task manager, if that PC is infected. The code will be injected into another process and completely invisible to the end user. Honestly, these days you'd have to monitor TCP/HTTP commands from a Network Log & browse through the Windows Registry (which is very cumbersome, and shouldn't be touched unless you're an actual expert) to find a infection. 

 

I'm going to repeat myself. <span style="text-decoration: underline;">None of you guys should ever open or touch the Windows Registry.</span> If you delete, or modify just one key, you can corrupt and ruin your entire computer. In a isolated incident... I heard one person modified the wrong registry key proceeding to overheat a laptop battery, causing it to burst into flames. 

 

In any case, everyone should be running a weekly scan with an Antivirus Product, such as Mcafee or NOD32. And you should all be extremely cautious opening emails, and surfing the web. That... and Reviewing your Online Banking regularly, looking for anything out of the ordinary. 

 

OP - You should run a Antivirus Scan on that Computer. And make sure Windows Update is running normally. 
 
This kinda stuff... strikes a personal string for me.

Recently offered to take a look at Personal Laptop, for a fellow employee who recently had her Identity Stolen. 

 

Do you think, her information was captured over the phone, or from a Mailbox? Nope. 

 

She had AVG installed, and assumed she was protected. Well. In Theory she was... Her AntiVirus was well updated, and she was performing weekly scans. Yet... nothing was Detected, it said her computer was Clean. 

 

 

 

 
 
I'm coming into this a little late in the game...

You don't know what the "Tech" did to the machine. Thereby, you can't trust it.

The solution is to back up any important data on the machine, wipe the machine using Darik's boot and nuke and then completely reinstall the operating system from scratch.

Cleaning it is a good start so that you can at least get the data off of the machine, but Mich drives home a good point that you can't be assured if there isn't hidden malware on the machine.

Consider this a lesson learned for this user and be assured they won't fall for this again.
 
I know some of you...

Probably think of me as a Jerk. Throwing in my opinion, but these things strike a personal string for me. I see a lot of you... making recommendations for Free Antivirus that I know doesn't adequately protect you Online, and it deeply troubles me. I also see... some say, just using a Mac, will make you safe online. When that simply isn't true. 

 

Recently (and this is a really good reminder..) I was asked to take a second look at a Personal Laptop from a Co-Worker. 

 

She had recently had her Identity Stolen. And.. was concerned that perhaps something had been on her Computer. 

 

The first thing I noticed, was she had Avast Installed. It was Updated & Running, and it wasn't detecting anything whatsoever.<span style="text-decoration: underline;"> She had been doing every single thing right. </span>She had a AntiVirus software installed, and she was updating it, and running scans every week. 

 

Unfortunately, sometime serville months ago she opened a link on Facebook loading a form of Malware called Drye, onto her computer. 

 

Believe it or not, it took me a whole two hours, just to find a small piece of the puzzle, indicating her computer even had a infection. 

 

I noticed a file, called "GoogleUpdater" which sounds like a agent to install & update new copies of Chrome or Google Toolbar on your PC. However, the problem was... she didn't have Picasa or Chrome or Toolbar installed on her machine. So... that was suspicious. 

 

And I noticed... it was programmed to run every single time the machine started up Windows. And while connected to a Isolated Network, it attempted to ping/communicate home to IP Addresses all throughout the world... none of which were registered or belonging to Google. 

 

So.. It was obvious, her machine was infected. However, the malware had been programmed so well. I'd say probably most IT Personale probably wouldn't notice it. Most People wouldn't notice, or give it a second thought. But Yeah. It was running, and the coding was Crypted with a special mutex making it undetectable to her antivirus engine.

 

In the end. I decided to completely wipe the Computer clean, reinstalling the operating system. Which, in a experts opinion, is the best way to completely wipe out a computer virus infection. I wanted to make sure, there was no chance anything could be missed, and allowing the infection to reinstall itself. 

 

I will say however, it's my personal belief that if she had a antivirus installed with a Heurstic Engine. I don't think the Malware would have been able to install itself. I believe.. it would have noticed what was going on, and blocked it.

 

Now... she's cleaning up the mess of having a fraudulent tax return filed in her name, and closing fraudulently opened Credit Card accounts. And... I think all of the headache could have been prevented, unfortunately :(

 

I care a lot about you guys. And.. I just don't want to see more repeats of this story. So.. I think to myself.. if I can just save one person, I've done my job. I've made a real difference. 

 

 

 

 

 

 
 
I had one of those "Microsoft techs" call here the other day, and I really gave him the run around until he got so pissed off that he told me I didn't know what I was doing, and that I wasn't serious about fixing my pc.  It finally got to the point where he finally told me I was wasting his time and he hung up on me. lol  I had a great laugh after I got off the phone with him.
 
I long ago walked away from Windows for daily use, but I have to keep one computer on Win7 due some programs only operating on windows. Just too many issues and too convoluted to track issues down. If the few programs I use that need windows could be ported to Linux I'd be very happy.

I resisted Linux for years but took the plunge a while back and while I still have a lot to learn I'm getting more comfortable digging in and doing more complex things. For the average user they would be hard pressed to see any difference running Mint or Ubuntu vs. win 7.
 
What gets me is that everyone is so opinionated when it comes to Anti-Virus software. It can actually start fights between people. For example, a person gets a virus and calls a computer tech to fix it. The tech removes the virus and installs AVG free and tells the end user that "This is the best on the market". The customer believes that they now have the best. The computer tech is chuckling as he leaves because he knows that AVG free is not the best, but he'll be back again soon making more money on a service call. The customer is totally oblivious to what is happening.

Or someone has told the tech AVG free is the best and he believes it. So that's the only anti-virus he uses and tells his customers it's the best. Which is far from the truth.

Do any of these techs or customers ever read reviews of these anti-virus programs?
There are plenty of them online. I just had a phone call this morning from a woman customer of mine that said a friend of hers is sending out all kind of junk mail to her. She called the woman and told her this is happening. The response? Well, I have Fury anti-virus and I paid a lot of money for it because MY computer guy said it's the best on the market! So it must be YOUR computer that has the problem! She got really indignant about it. In reality, she knows how to use a computer, but nothing more. She couldn't maintain it if her life depended on it.

And you have your computer techs and then you have your computer techs. Some of these techs are just "the kid down the street that knows something about computers." and then you have your techs with more formal education, maybe they are a tech for a major corporation during the daytime and their employer has sent them to all the proper training schools? There is a big difference between the two.

And when it comes to end user computing problems, people will always call "the 12 year old kid down the street who knows something about computers" first. Why? They know they can give the kid $20.00 and he may fix it. But in reality a lot of them mess the system up more and then call a normal computer tech in to repair it all.
It just makes the job that much harder because they have to fix what the 12 year old computer wonder did as well as the original problem. Most techs will just reformat & reload rather than messing with it. And of course their bill is more than $20! And when you ask some of these customers for their latest backup, they'll ask you "what's that?"
 
>They know they can give the kid $20.00 and he may fix it.

Not only that, but I think some people think: "The kids know this stuff because they've grown up with it!"

Not necessarily. Some of the people most gifted with computer skills I know are people who are easily old enough to remember before computers were everywhere.

Or put it another way: we all should be able to fix anything that goes wrong on our cars. After all, we all grew up with the automobile.
 
For what it's worth...

I am employed by a Financial Institution, working within the IT Helpdesk. And our biggest struggle is currently Malware attacks. 

 

I'm not trying to be critical of "higher education" but... alas, almost everything being taught is for a old market, old landscape of computer viruses, mostly during the dot com era. There is no active discussion about current threats.. or motive by sohpectisated online criminals trying to do harm to large scale companies, or individuals.

 

I'm not saying... Higher Education is useless. I just don't think it covers Today's real threats. And... without that knowledge we're seeing the side effects of improperly secured networks (a la) Staples & Home Depot. 

 

<hr />
 

I don't believe in anything "Free" in life. I truly think you get what you pay for. But beyond that... I think all AntiVirus software is very much ineffective. None is going to completely protect you, however with that said... Some are much much better than others. 

 

I have my favorites, because, I know for a fact, First Hand... they do a better job at securing computers. I do not believe in reading other peoples reviews or opinions on security products or solutions. 

 

I instead prefer to look & research into third-party defense testing. Such as trends in Malware... and case studies. I think that gives you a more accurate portrayal of what's going on, and what does what.  

 

I also want to make a point in saying, everyone's computer is different. And some solutions work better than others. It's certainly not a one size fits all sorta deal. 

 

<hr />
 

 

@ Alan. I'd guess that she fell for a phishing email. I know some hackers, are using phished logins to send out massive waves of spam. 

 
 
Practicing safe computing and seeing what is going around only lets you know what may be coming your way. But what do you do when it arrives? And people don't want to spend their time reading about what may come their way, they want to use their computers for what they use them for.

All this may be fine if you are a Security Administrator for a large company, but the end user at home has very little to do with networks, except for the little one they may have in their home. I would even go as far as saying that most end users wouldn't know what a network is even if it bit them on the you know what!

And don't let me forget to mention the users who do actually buy anti-virus software, install it and then do nothing with it. They never update it, scan their system with it, it just sits there. Why? They think that once it's installed its all automatic, no action on their part is required. Nothing could be further from the truth! Anti-Virus software is just a tool to be used.
 
Well...

If you know what's coming your way... generally you know the initial signs, and will be able to pick up on it early. 

 

And while... most people won't admit it. If you're connected to the Internet... you're on a network, and a very large network at that. Before Windows XP, most people didn't even have a firewall or an antivirus loaded on their machine. 

 

Which is the reason... we saw infections like the "I-love-you" & "Melissa" virus spread like wildfire. Today however... most people are secured from internet worms and the like thanks to advancements in Firewalls, implemented in early 2000's. 

 

<hr />
 

Quite frankly though. If you have a Antivirus Program installed, and it is auto-updating... you are protected to a decent degree by real-time scanning. Which constantly scans files you open and use, along with programs running in the background. 

 

However, with that said... It always makes since to run system scans... as that's always going to pick up on more, than real time scanning alone. 

<hr />
 

 

Personally. I don't regard "safe computing" as really changing your life. I just see it as, exercising caution and common sense. Being careful opening suspicious attachments & links, and... not opening email's you weren't expecting. 

 

Just doing those little things alone, can make a big difference. :-)

 

 
 
I don't think its fair to solely blame a malware infection an the Avast! antivirus software. Avast! does use a heuristics scanning engine, but one does have to engage it manually, since it does incur a performance penalty when it is used.

Computer magazines everywhere have tested, compared and *recommended* free and payware antivirus offerings (in their own testing routines, in addition to "infection removal" guides). There isn't a whole heap of difference between them, in the end. Each of them has their pitfalls and plusses, which the user should be aware of when they install the software.
The free offerings offer the no frills package - and its usually somewhat difficult to download them from the official webpage for these companies, as they'd obviously prefer to sell you a complete security suite as opposed to a download. Third-party advertising on their pages, and on Google, would clearly allow them to recuperate their costs. They wouldn't offer free software if it wasn't worth their while in the end!

Using one antivirus software, whether its a complete suite of tools for some subscription fee or not is a somewhat misguided sense of "security." One has to use a variety of different tools, whatever you prefer, to ensure optimum security. Unfortunately, most people don't understand that, and then even the best paid-for options won't be enough to protect you. "I've got the Platinum Edition of XYZ Complete, Total Security, I don't need anything more."
When the person gets infected, and is asked why they didn't scan the computer, they'll question the software, not their own practices.

A very good friend of mine, studying computer forensics with the U.S. Air Force uses a commercial grade of McAffee on his network. Excluding my own personal opinions, it keeps him and his family (connected to his network via VPN) safe.
When he has to disinfect computers for friends, or his own, on the off chance it happens, he uses free tools, in conjunction with McAffee and doesn't get re-infections, unless the person responsible doesn't cease their browsing habits...
This guy, as part of his studies, uses software that can decompile viruses to see what their method of operation is. So I'm pretty sure his method is equally valid to other people's.
 
He must be talking...

About Mcafee Endpoint Protection or <span style="font-size: 12pt;">VirusScan Enterprise</span><span style="font-size: 12pt;">. I have a lot of experience working with it, and honestly.. I'd say it's a watered down, no frills copy of Mcafee Security Center. The same software & protection, offered to home users, just... not as feature filled. </span>

 

<span style="font-size: 12pt;">The Interface is no delight. It's really designed for experienced users, and I could see a lot of people having trouble navigating it. That being said...</span>

 

<span style="font-size: 12pt;">Mcafee makes a big stink about that software only being used in <span style="text-decoration: underline;">Commercial & Institutional Environments</span>.</span>

 

<span style="font-size: 12pt;"> And I was told... that they have revoked license keys when they've noticed copies being installed and not properly licensed. Your friend really needs to be careful with that license, as I imagine he could get in a LOT of trouble if he's not careful.</span>

 

I will say however... it's interesting to hear they were using Mcafee in the Air Force. As, we seemed to be phasing it out, when I was interning at the DOD. We were pretty much using a mixture of two products, Symantec (Norton) & NOD32 for AntiVirus. 

 

 

<hr />
 

I could write a whole four page article on debugging and decompiling malware & computer viruses. But.. I think I'll save you guys the boredom ;) 

 

Mich
 
Actually, since my friend is running an Active-Directory at home, which connects to his parents network (which is actually a home business), he'd be running enterprise-level stuff. From my own experience, the software for home/family use cannot be installed onto Server OS' (such as Server 2012) - as it would breach the licensing agreement.

As for what they're using in the DOD... Who knows. Its probably a more proprietary-type stuff, but I'm not exactly an expert on Government security (LOL).
 

Latest posts

Back
Top