McAfee "Lifesave" failed to save my computer!

[Mando]

  On 08/03/2018 at 17:58, Howard Davis said:

Thank you for the offer. What would you charge for the service?

Given what I have already done (outlined in my last post, above), I think it safe to assume the computer is now secure - at least enough so, given that I do not do online banking and have changed my passwords. Your last sentence above recommends work I would not feel comfortable doing, as it is a bit beyond my level of expertise. 

Expand  

I wish for nothing at all for it mate  think of it as a goodwill gesture from an mvc on behalf of the Neowin community  obviously im in the UK so we would need to organise some kind of remote access, probably anydesk, once we are done you simply uninstall it.

 

A random act of kindness if you will

 

im sure with the right pointers you would be perfectly fine building and running the AV title via linux on a live disk/usb stick. Especially if we are talking Dell.

 

Ill knock up a short guide for the one i selected, it may be of use for others on the forum also, ill try and get the time this evening.

 

 

[DrunknMunky Veteran]

I really think too much has happened to be 100% confident that this PC is safe and that any passwords you changed weren't possibly already logged before you fully cleaned up, if it is even clean at all. Going by Malwarebyte reports is putting a lot of faith into one app. I'm sure Mando would do a great job for you but I'd wipe the PC ASAP if it were me, esp as you still seem to be experiencing issues with it. That niggling feeling in the back of your mind is always going to have you doubting if it's a genuine technical issue or something the scammer is doing/did.

[Mando]

  On 08/03/2018 at 18:26, Andrew said:

I really think too much has happened to be 100% confident that this PC is safe and that any passwords you changed weren't possibly already logged before you fully cleaned up, if it is even clean at all. Going by Malwarebyte reports is putting a lot of faith into one app. I'm sure Mando would do a great job for you but I'd wipe the PC ASAP if it were me, esp as you still seem to be experiencing issues with it. That niggling feeling in the back of your mind is always going to have you doubting if it's a genuine technical issue or something the scammer is doing/did.

Expand  

Thanks Andrew, and yep i would clean install personally if it was myself, including deleting all disk partitions in the setup routine and creating new ones, infact id force them GPT, that way no bootblock malware can be hosted.

 

tbh a setup of W10 from a fresh usb media toolkit build takes minutes.

[goretsky Supervisor]

Hello,

 

Private message sent.

 

Regards,

 

Aryeh Goretsky

 

[dipsylalapo Supervisor]

@Howard DavisI would go with the advice given on this forum. If you're able to have someone (either that you know or Mando) re-install the OS. I would do that. It's better to be safe than sorry. 

 

In future, just a bit of advice, regardless of how much anyone that phones you seems to know about you, tell them respectively, that this seems suspicious. After that, go online to the respective companies website and call their support number and tell them what's happened. This way you'll know that you're speaking to someone who is legitimate. I've done this a number of times (where sometimes it was a scam and sometimes not). If the person on the other end is a genuine employee of company X, they should have no issue with you doing that  

[Nick H. Supervisor]

Oh wow. I've only just seen the updates on this situation.

 

@Howard Davis I would completely reinstall the machine. At the very least take @Mandoup on his offer to take a look at your computer for you. He's a long time member and has provided help time and time again to our community, hence having the M.V.C. (Most Valuable Contributor) badge.

 

Also, take this key point away with you: no one will ever, ever phone you for something like this. They will never phone you to tell you they have noticed suspicious activity on your computer. Full stop.

 

I can't believe these guys are still able to get away with this. Myself and others here have dealt with scammers so many times that we can see those glaring red flags in the story, but it truly saddens me to see that more isn't being done to educate the general population about what to look out for.

[+BudMan MVC]

  On 09/03/2018 at 16:22, Nick H. said:

more isn't being done to educate the general population about what to look out for.

Expand  

And what do you propose exactly?

 

You have training in your company about what to look for in spotting spam/phishing/virus sort of emails... A few days after a massive training, with examples and tests you send out "test" emails to see who clicks on them.. What percentage of users do you think follow links of just clearly utter nonsense..

 

George Carlin got it right with his saying

“Think of how stupid the average person is, and realize half of them are stupider than that.”

 

I mean really.. A Itunes gift card for payment to dell... Really?? Come on!  Sorry if I didn't know that this ###### really happens, I would think this whole thread was just a troll..

 

 

[Nick H. Supervisor]

  On 09/03/2018 at 17:47, BudMan said:

And what do you propose exactly?

 

You have training in your company about what to look for in spotting spam/phishing/virus sort of emails... A few days after a massive training, with examples and tests you send out "test" emails to see who clicks on them.. What percentage of users do you think follow links of just clearly utter nonsense..

Expand  

I could tell you some horror stories from within our own IT department, but you would possibly blow a blood vessel.

 

I do know what you mean, though. It's a "horse to water" thing, you can tell them over and over again but it's useless if they aren't going to take the advice on-board. We can't even propose that you have to take an exam before being allowed a computer like you would a car, since as we've seen that situation isn't exactly fool-proof.

 

And since we're doing idioms and quotes, "Experience is a hard teacher because she gives the test first, the lesson afterward." - Vernon Law (apparently). Here's hoping the OP learns from the experience.

[Howard Davis]

My screen going black appears to be the work of the scammer/hacker! He called me earlier today trying to gain access to my computer, but I told him where to go. Today I had a few black screens, and the last time I got an icon for "SPLASHTOP STREAMER" on the screen. The mouse pointer moved on its own, as by external control! I immediately killed power to the computer. When getting back on, I searched for Splashtop - found it and deleted it, and emptied it from my recycle bin as well. HOW did he get this into my computer?

 

Malwarebytes is not working due to the expiration of the trial period, and it had flaws all along - the real-time checking always had to be turned on manually, and their support gave me a newer build that didn't help the problem. 

 

Can't do a system restore. There is no restore point available previous to the time the scammer got hold of the computer.

 

I will accept the assistance of those on this forum that have offered it. Thank you so much!

[Brandon H Supervisor]

as i was thinking the screen flashing / losing connectivity was likely the scammer trying to remote in or send remote commands to your PC.

 

there's a file hidden good somewhere so a format and reinstall is really your only 'for sure' option at this point

 

I'd actually suggest going as far and reaching out to your ISP to request a new IP be assigned to your router under the pretense of you believe your current external IP address may have been compromised.

whether the ISP has you DHCP leasing an external address or the ISP sets it statically they should change it immediately upon a request like this without much if any hassle  

[Mando]

  On 09/03/2018 at 19:09, Howard Davis said:

My screen going black appears to be the work of the scammer/hacker! He called me earlier today trying to gain access to my computer, but I told him where to go. Today I had a few black screens, and the last time I got an icon for "SPLASHTOP STREAMER" on the screen. The mouse pointer moved on its own, as by external control! I immediately killed power to the computer. When getting back on, I searched for Splashtop - found it and deleted it, and emptied it from my recycle bin as well. HOW did he get this into my computer?

 

Malwarebytes is not working due to the expiration of the trial period, and it had flaws all along - the real-time checking always had to be turned on manually, and their support gave me a newer build that didn't help the problem. 

 

Can't do a system restore. There is no restore point available previous to the time the scammer got hold of the computer.

 

I will accept the assistance of those on this forum that have offered it. Thank you so much!

Expand  

right this is whats happening Howard.

 

Before we kick this off, do you by any chance have a second computer or a method to access the internet?

 

the steps are going to be the following.

 

1) We are going to download your windows 10 create a setup disk (ideally on another computer) and nuke the infected PC, we will build a simple guide to follow to get you back up and going with all traces of anything of this scammer crap gone.

2) the guide will show each step of reinstalling.

3) You buy a good reputable antivirus solution. 

4) You change every password you have, ideally different ones for different things and keep them in a secure password manager app from now on.

5) You chalk the scam down to experience, they may have fleeced you once, they aint getting to twice.

 

My working day is over, so now at home, ill go prepare the guide meantime mate.

 

  On 09/03/2018 at 19:13, Brandon H said:

as i was thinking the screen flashing / losing connectivity was likely the scammer trying to remote in or send remote commands to your PC.

 

there's a file hidden good somewhere so a format and reinstall is really your only 'for sure' option at this point

 

I'd actually suggest going as far and reaching out to your ISP to request a new IP be assigned to your router under the pretense of you believe your current external IP address may have been compromised.

whether the ISP has you DHCP leasing an external address or the ISP sets it statically they should change it immediately upon a request like this without much if any hassle  

Expand  

better still report the scam attempt to them and get them to obtain the scammers IP thats remoting in through the router.

[Mando]

  On 09/03/2018 at 17:47, BudMan said:

George Carlin got it right with his saying

“Think of how stupid the average person is, and realize half of them are stupider than that.”

 

Expand  

The man was a genius and a hero of mine, RIP good sir.

 

[nekrosoft13]

  On 09/03/2018 at 19:09, Howard Davis said:

My screen going black appears to be the work of the scammer/hacker! He called me earlier today trying to gain access to my computer, but I told him where to go. Today I had a few black screens, and the last time I got an icon for "SPLASHTOP STREAMER" on the screen. The mouse pointer moved on its own, as by external control! I immediately killed power to the computer. When getting back on, I searched for Splashtop - found it and deleted it, and emptied it from my recycle bin as well. HOW did he get this into my computer?

 

Malwarebytes is not working due to the expiration of the trial period, and it had flaws all along - the real-time checking always had to be turned on manually, and their support gave me a newer build that didn't help the problem. 

 

Can't do a system restore. There is no restore point available previous to the time the scammer got hold of the computer.

 

I will accept the assistance of those on this forum that have offered it. Thank you so much!

Expand  

Malwarebyles would not help you removing Splashtop Streamer, because its not malware, its remote access application

 

its no different if someone would install VNC, Anydesk or teamviewer on your PC.

[+Warwagon MVC]

  On 09/03/2018 at 19:54, nekrosoft13 said:

Malwarebyles would not help you removing Splashtop Streamer, because its not malware, its remote access application

 

its no different if someone would install VNC, Anydesk or teamviewer on your PC.

Expand  

Yep, I would look in programs and features for splashtop and if it's not there I would in the task manager and right click the splashtop exe and open file location. It's probably sitting in a strange folder under appdata\local. I'd kill it from memory and then delete  it.

 

Or to find the file you could look under the task manager under "startup" and if you see Splashtop, right click and open file location, though you would still have to kill it from memory if it was running.

 

 

[Mando]

@Howard Davis, sent you a pm mate, can you pm me your Dell asset tag, so i can check out the specs and get you a link for the restore media & drivers.

[GTR707]

McAfee did not fail to protect your pc. You yourself failed to backup your pc and make a system image. Everyone knows that no antivirus is 100% effective. As a pc owner you are directly responsible for keeping your pc safe. Blaming McAfee or any other antivirus for your malware issues is like blaming a drug dealer for your ODing or heroin. 99% of malware is self inflicted. it is virtually impossible to get infected if you safe surf. If you kept a system image handy stored on an external hard drive you could have mounted that image and been up and running like nothing ever happened. 

[+BudMan MVC]

  On 09/03/2018 at 20:31, GTR707 said:

it is virtually impossible to get infected if you safe surf. 

Expand  

While I some what agree with this... There are many drive by sorts of infections that if proper care is not taken your typical user could get infected by just visiting a normal typical website...  Major players websites have been infected with such stuff where your typical user could go to nbc.com and get infected if they had not done some preventive measures.

 

http://money.cnn.com/2013/02/22/technology/security/nbc-com-hacked-malware/index.html

 

The whole idea of these AD companies is just bad news... You pay $ and get your code put on 1000's of websites, and they do not validate the code, etc.. Bad news for sure...

 

There is one thing if site xyz.com gets hacked and they put bad code on it.. There is another when I can pay a few bucks and have my code seen by million of users that could be malicious, etc. And some of these AD companies just don't give 2 ######... They just want their $ and don't care what sort of nonsense you put in your AD...

 

Big problem is you have users that are using tech they do not understand at all, that can interact with their hardware.. So yeah bad ###### is going to happen... Click here you won a new car.. Oh wait why are all my files encrypted and you want what $1000 to decrypt them..

 

There really should be some sort of license you have to pass a test before your allowed to use anything other than say a paywalled device like an ipad.. Where its locked down and you can not just run whatever code you want on it, etc.  It is very sad, but face it your average user doesn't get it..

 

 

[GTR707]

  On 09/03/2018 at 20:41, BudMan said:

While I some what agree with this... There are many drive by sorts of infections that if proper care is not taken your typical user could get infected by just visiting a normal typical website...  Major players websites have been infected with such stuff where your typical user could go to nbc.com and get infected if they had not done some preventive measures.

 

http://money.cnn.com/2013/02/22/technology/security/nbc-com-hacked-malware/index.html

 

The whole idea of these AD companies is just bad news... You pay $ and get your code put on 1000's of websites, and they do not validate the code, etc.. Bad news for sure...

 

There is one thing if site xyz.com gets hacked and they put bad code on it.. There is another when I can pay a few bucks and have my code seen by million of users that could be malicious, etc. And some of these AD companies just don't give 2 ######... They just want their $ and don't care what sort of nonsense you put in your AD...

 

Big problem is you have users that are using tech they do not understand at all, that can interact with their hardware.. So yeah bad ###### is going to happen... Click here you won a new car.. Oh wait why are all my files encrypted and you want what $1000 to decrypt them..

 

There really should be some sort of license you have to pass a test before your allowed to use anything other than say a paywalled device like an ipad.. Where its locked down and you can not just run whatever code you want on it, etc.  It is very sad, but face it your average user doesn't get it..

 

 

Expand  

Been surfing the internet for well over 19 years now. Never been infected and I visit all sites. I always keep a clean and up to date system image handy. If you check your email, shop, bank, check the news and go on social media sites it is virtually impossible to get infected. I actually went a full year as a test with NO antivirus protection. And guess what........I still never got infected. I clean out malwaew on a daily basis and everyone is the same. "Oh I clicked on something'. Mostly 'I have no idea what happend". I just clicked and bam. Hence self inflicted. 

[bikeman25]

I only got infected really badly once due to my own actions,  i'm much safer now, keep system image handy,  Avast Free up to date, Malwarebytes scans weekly, so far so good, and I do everything on systems from online shopping, banking, news, social media.    And if I see on phone caller ID a number I do not know, I just don't answer or Microsoft support also don't answer saves potential of scam issue happening

 

[+BudMan MVC]

  On 09/03/2018 at 20:57, GTR707 said:

Hence self inflicted. 

Expand  

I agree with you   Been on the internet since before there was internet   Dial up BBS's on 2400 baud modems, etc..  Shoot I remember 300 baud connections..

 

All that means is your not an idiot to be honest.. Have never been infected with anything..  Other than a pup form some software that just plain lied, etc.. opencandy and winscp is the one I recall.  You learn to trust something and then they go and do ###### like that..

 

But it is "possible" for typical user to not actually do anything and get infected.. You seem like you take precautions, block ads, keep your OS and browser updated, etc.  Your like a IT Uber geek god compared to your typical user - sorry but its true...

 

Your typical user is just plain stupid when it comes to anything related to security.. But boy do they follow the leader off the cliff (lemmings) when they get a hint of the word of VPN... Where do I sign up.... How much do I have to pay you to send you all my data so my isp can't see that I go to neowin.net...  I mean you wouldn't be selling my info would you... I mean I route all everything through you - but hey you said you don't log, and I gave you 19.95 for a life time connection

 

So we all agree - users are stupid...

 

Oh my gawd - I am the million visitor to this website and I won!!!!  But oh ###### my dns is leaking <rolleyes>

[Mando]

tbh i find a reputable AV with web filtration and non dependant solely on signatures, help a long way with non tech users. I let defender periodically scan for a second opinion as well as a 3rd party vendor to great effect, no drivebys for me or my parents.

 

Webroot Secure anywhere i use with my parents and its been flawless, manage it remotely via the webui, never let me down yet. Same with at home, I am the only user but i still run it.

 

Sophos home free AV solution is a good free, alternative and has components of their XNG firewall suite implemented also, but it is a heavier beast on the system, with webroot you dont notice its there, its that lightweight.

[Mando]

@Howard Davis

 

Its a work in progress until I get your dell asset tag mate.

 

https://docs.google.com/document/d/1cpCmiU35h-XE4614O1CIEZPZyXUmguEa7FCnHvKwXrU/edit?usp=sharing

 

 

[Howard Davis]

  On 09/03/2018 at 22:10, Mando said:

@Howard Davis

 

Its a work in progress until I get your dell asset tag mate.

 

https://docs.google.com/document/d/1cpCmiU35h-XE4614O1CIEZPZyXUmguEa7FCnHvKwXrU/edit?usp=sharing

 

Thanks Mando - I have not as yet gone to the above link.

 

This is one malicious scammer-hacker, and he's out to get me - possibly because I told him to f**k off. Though I deleted Splashtop Streamer and emptied the recycle bin, he is somehow still able to use it anytime I'm online to seize control of the computer. The only thing I can do then is kill the power. Malwarebytes does not work - the trial period expired, and when try to bring it up I'm told it is "unable to load the anti-rootkit DDA driver". If I am to work with you to reinstall Win 7 or otherwise clean out the remaining malware it will have to be done at a time I am not normally online, as he knows when I usually am. This has me a bit freaked out, and I'm willing to pay for your help. I've backed up my important files on a USB Sandisk, and if possible I do not want to lose the programs I now have installed when the work is done.

Expand  

What is the "Dell asset tag", and how do I find it?

 

I have Acronis True Image with the data stored on an external HD, but it probably contains the malware along with everything else. I've never used it to restore a HD, and lacking experience I am reluctant to try, especially given that it may also be corrupted.

  Quote

 

Please email me at << removed email >>

 

Expand  

 

Edited March 10, 2018 by Steven P.
I removed the email address, this is a public forum

[Howard Davis]

  On 09/03/2018 at 20:31, GTR707 said:

McAfee did not fail to protect your pc. You yourself failed to backup your pc and make a system image. Everyone knows that no antivirus is 100% effective. As a pc owner you are directly responsible for keeping your pc safe. Blaming McAfee or any other antivirus for your malware issues is like blaming a drug dealer for your ODing or heroin. 99% of malware is self inflicted. it is virtually impossible to get infected if you safe surf. If you kept a system image handy stored on an external hard drive you could have mounted that image and been up and running like nothing ever happened. 

Expand  

I DO have Acronis True Image and an external HD for the data. The problem is that the malware is probably now in those backups going back for over a month! 

[Mando]

  On 10/03/2018 at 03:32, Howard Davis said:

I DO have Acronis True Image and an external HD for the data. The problem is that the malware is probably now in those backups going back for over a month! 

Expand  

we can check True image post clean up, you may be lucky. Sent you an email mate,