0

I don't know if it is the right place to ask this question but I am in a desperate situation. If this is not the place please let me know where I can get advice.

I was going to download something and a message saying that I should call Microsoft and that if I don't, the computer would get blocked within 5 minutes came up. So I called them and they remotely accessed my computer and installed some antivirus software and the problem was resolved. But, then when I checked online for this issue it seems like a scam as several posts such as this were there and here (when I called them I didn't have access to internet, so I couldn't check their legitimacy and most of all I panicked). They installed F-secure anti virus and included Adguard Adblocker, Malwarebytes and AdBlock Plus and some network guard (That's what I know that they did). But, since this was like a scam, I already canceled my bank card.

And they provide me service for one year and I am concerned now whether they can access my computer from today onward. What should I do? Should I tell them I don't want their one year plan and try and get rid of them?
Is there a way that I can know if they have installed anything on my computer that they can get details of what's happening in my computer. I now realise what I did was utterly stupid, but hen that message came up I panicked and called them. I have back up copy of windows. Should I reset the PC? Should I change the email passwords? If I keep away from making any online payments from this laptop would I be safe? Should I take this laptop to an expert?
I would extremely value your suggestions as I am scared as to what dangerous outcomes can happen

schroeder
  • 125,553
  • 55
  • 289
  • 326
clarkson
  • 109
  • 3

1 Answers1

4

This is a scam, you have done the right thing to cancel your debit card, if you have given them any other bank details, tell your bank.

The only safe assumption is that your machine is compromised, it possibly has a remote access tool installed they can take advantage of in future and may have keyloggers installed.

You should wipe and reinstall your machine. Although most of these scams just want the cash, you can't be sure what they have done and should err on the side of caution.

I would advise you to change any password you have entered on your computer since the call and enable two factor authentication on any account you can.

J.A.K.
  • 4,783
  • 13
  • 30
iainpb
  • 4,162
  • 2
  • 17
  • 35
  • They installed citrix and I uninstalled it from my programs. In my programs I don't have any other software showing that was installed today apart from the above mentioned. At the moment would system restore suffice. – clarkson Mar 18 '17 at 17:01
  • 1
    Any of the applications they installed could have been compromised and may have loaded malware on to your machine. Although often they just take you through some harmless security theatre and just want the payment, you can't ever be sure. – iainpb Mar 18 '17 at 17:05
  • As long as they were just trying to get the payment and not harm the computer, that wood be good. This is a new laptop so I don't have any data on it. Should I do a system restore? – clarkson Mar 18 '17 at 17:12
  • 1
    It's the only way to have piece of mind, for a few hours work restoring your system it's worth it. If in a few weeks they used your machine to compromise your back account you'll be in for a much worse time. – iainpb Mar 18 '17 at 17:21
  • In the task bar there's a tab with Run. I think that is what I get if I press Windows+R. It is the one that says "type the name of a program, folder,document, or internet resource and windows will open it for you. Now Its written there IEXPLORE. I think I was asked to do this when they accessed the computer. Is this something that I should be concerned of – clarkson Mar 18 '17 at 17:23
  • IExplore is the Internet Explorer Web browser, they probably directed you to download whatever software they did through that. If you need any help with your restore head over to the Super User stack exchange site and someone there will be able to help you – iainpb Mar 18 '17 at 17:30
  • Sorry to bother you and thank you very much for answering. But you said that "they used your machine to compromise your back account you'll be in for a much worse time". I have already stopped the card and asked for a new one. My card details are the only ones that they have access to. So, still could they harm the bank details – clarkson Mar 18 '17 at 17:33
  • 1
    If they retain remote access to your machine they could further compromise any account you login to from this machine. If you wipe and restore, you'll remove anything they installed and reduce your risk – iainpb Mar 18 '17 at 17:48
  • 1
    I tried to a factory reset and had an issue with it so the manufacturer is going to take it to their repair place and do a full factory reset. Once this is done will I be safe. They are aware of the issue so they​ will consider it when doing factory reset. I changed the password on all my emails from my android and i have disconnected the bank card. What else should I do – clarkson Mar 19 '17 at 15:50