Jump to content

Infected Win 7 through showmypc attack


2ndDan13

Recommended Posts

A week ago I installed Windows 7 and a day later downloaded Office 2013, after establishing a Microsoft account. The following day I received a call alleging to be Microsoft engineers stating they noticed significant infections on my desktop PC. They used showmypc to lead me around my computer and show me alleged virus evidence. I consider myself to be reasonably intelligent and pretty familiar with PCs, but the timing was right for the perps and I'm embarrased to say I fell hook, line and almost sinker. When the dust settled and I stopped just short of commiting my credit card for a $180 "license renewal", I disconnected from the call and tried to remove/uninstall showmypc. Unable to do this, I eventuially attempted a clean install with the Windows 7 disk. It allowed me to remove the existing two partitions and install Windows 7 on a new single partition. When the splash screen appeared, there was a small white icon in the lower left that was obviously not Microsoft generated, containing 4 or 5 "fishy" applet links and a very poor computerized voice describing them. I tried installing drivers from my Msi driver disk, which worked perfectly the first time, but this time got a error box stating the files couldn't be found. Rebooted the Win 7 disk and tried the repair option only to receive a message stating the repairs couldn't be accomplished. Used Trend Micro Titanium Anti-Virus and Windows Security Essentials but they found no virus or spyware. Thinking there might be a bug in the boot sector or MBR, launched bootrec.exe and tried to use FixMbr and FixBoot, but neither one was allowed to function.There are sites that chronicle similar incidences dating back a couple years, but nothing that I could find with a solution to my particular problem. Would appreciate any incite and suggestion that anyone might be able to provide. By the way, on a normal install of Windows 7, is there more than one partition created?

Thanks.

Link to comment
Share on other sites


No. :(

Meaning that if you do a clean install, from the original MS DVD, it is "clean".

What is possible (though I have difficulties in believing it :w00t:, in the sense that it would be "hooked/started" by sheer magic :ph34r:) is that the malware wrote *something* *somewhere* that *somehow* you failed to wipe/overwrite when you re-installed.

Can you describe the actual Windows 7 disc that you used (i.e. is it retail, OEM or what)?

You mention "downloading" the Office 2013 from MS.

Did you restore the "download" after having reinstalled the Windows?

I mean is it possible that what was infected was - besides the actual partition(s) - some data that you archived on external media and that you re-deployed or restored after the new install?

BTW a "real" clean (default) install of Windows 7 has 2 partitions, a 100 Mb "boot" one and another one the rest of the disk, if you have just one partition now it means that the new install was not "default" (and possibly also not "clean". :unsure:

jaclaz

Link to comment
Share on other sites

...When the splash screen appeared, there was a small white icon in the lower left that was obviously not Microsoft generated, containing 4 or 5 "fishy" applet links and a very poor computerized voice describing them...

What you saw/heard is Windows' "Ease of Access" feature, completely legit.

Link to comment
Share on other sites

Thanks for the responses. Curious about "Ease of Access"....didn't appear on the splash screen on the initial install. Curious computeerized voice they used to introduce it.

As far as the Win 7 disk, it's retail and a gift from a trusted, tech/computer savvy friend. The initial issue was the inability to uninstall showmypc. Couldn't

remove it from Program Files. Win 7 reinstalled without a hitch, but just when I thought I was out of the woods, I tried installing drivers from my Msi disk but was prevented from doing so. The crazy thing is that after using two anti-virus apps. and a anti-malware disk to scan the drive, it comes back clean.

I did not attempt to restore the download of Office 2013, since I wasn't able to load necessary drivers or connect to the inet, so there's no chance that could be a source of infection. Thanks also for the info on the partitions. A good buddy of mine with both knowledge and tools to repair and diagnose computer problems currently has the drive and found the drive to be clean through several scans. We'll pop it back into my PC, boot it and see what we see. I'll post the results.

Thanks again.

Link to comment
Share on other sites

Good :)

Then most probably it was just a "false alarm".

JFYI, the "showmypc" in itself is a "legitimate" software, nothing but one among the n "remote administration" tools for Windows, but since you were tricked into the scam, it is well possible that it was used as "vector" for some malware.

jaclaz

Link to comment
Share on other sites

Thanks for the responses. Curious about "Ease of Access"....didn't appear on the splash screen on the initial install. Curious computeerized voice they used to introduce it.

The Narrator is disabled by default, but can be enabled by using a key combination. I've done it accidently before.

Link to comment
Share on other sites

A week ago I installed Windows 7 and a day later downloaded Office 2013, after establishing a Microsoft account. The following day I received a call alleging to be Microsoft engineers stating they noticed significant infections on my desktop PC. They used showmypc to lead me around my computer and show me alleged virus evidence. I consider myself to be reasonably intelligent and pretty familiar with PCs, but the timing was right for the perps and I'm embarrased to say I fell hook, line and almost sinker. When the dust settled and I stopped just short of commiting my credit card for a $180 "license renewal", I disconnected from the call and tried to remove/uninstall showmypc. Unable to do this, I eventuially attempted a clean install with the Windows 7 disk. It allowed me to remove the existing two partitions and install Windows 7 on a new single partition. When the splash screen appeared, there was a small white icon in the lower left that was obviously not Microsoft generated, containing 4 or 5 "fishy" applet links and a very poor computerized voice describing them. I tried installing drivers from my Msi driver disk, which worked perfectly the first time, but this time got a error box stating the files couldn't be found. Rebooted the Win 7 disk and tried the repair option only to receive a message stating the repairs couldn't be accomplished. Used Trend Micro Titanium Anti-Virus and Windows Security Essentials but they found no virus or spyware. Thinking there might be a bug in the boot sector or MBR, launched bootrec.exe and tried to use FixMbr and FixBoot, but neither one was allowed to function.There are sites that chronicle similar incidences dating back a couple years, but nothing that I could find with a solution to my particular problem. Would appreciate any incite and suggestion that anyone might be able to provide. By the way, on a normal install of Windows 7, is there more than one partition created?

Thanks.

wow

I remember when someone tried the same with me

they called prending to be from microsoft, this is what was said

Him

- you have a virus on your computer, i am connected to your PC and can see it

Me

- hi can you tell me what my IP address is ?

Him

- no

Me

- well how do you even know if i have a PC, i didnt say i had one and im not going to tell you if i have, your not geniune as you should know you need to know my IP address in order to see whats on my computer ( if i had one )

anyway the moral of the story was, from the start i already knew he was fake, i was playign with his head, i put the phone down on him 5 minutes later lol

Link to comment
Share on other sites

Yes, I learned the lesson the hard way...and I should have known better is what's so aggravating! Caught me by surprise just after a major MS download, requiring me to open a MS account. The good news is, thanks to a good buddy who has the tools to fix things, I gained a clean drive and have successfully re-installed Win 7, downloaded Office 2013 and have my dual boot reestablished with PC Linux. The more I see it and with what MS is planning, I think Linux is a much better option. In any event, thank you all for your interest, tips and sharing your experiences.

Link to comment
Share on other sites

Just in case anyone else should need the info,

The following day I received a call alleging to be Microsoft engineers [..]

Micro$oft won't ever call.. :)

By the way, on a normal install of Windows 7, is there more than one partition created?

Yes, the "System Reserved" partition (typically 100 MB, for the bootloader and such) and it can be seen through Disk Management; there are ways to avoid it being created, just using the setup DVD (& no other tools), btw. Semi-complicated way here, although it can be done just through the setup GUI (going to advanced/manual and then deleting/merging the 2 partitions as they're created by the installer).

Also btw., any Linux Live-CD/DVD that has gparted can manipulate partitions. What's important is, if there's data that needs to be preserved on the HDD, usually the *best* way of doing that - is using a partition manager from within Windows, to insure there will be no loss (however this isn't always possible, if Windows isn't fully functional; it just gets more complicated from here)

=)

Edited by nimd4
Link to comment
Share on other sites

Format the Drive and start again, It's the only answer.

Sorry but before you give an answer like that, please, read the (now old) thread. To what question is your answer anyway?

Link to comment
Share on other sites

I only answer the phone if it's my parents or sister's number, everybody else trying to call me is a lying sack of crap. My experiences with human beings have driven me to this :-)

wow

I remember when someone tried the same with me

they called prending to be from microsoft, this is what was said

Back when I used to answer my phone, used to get these types of things all the time. Only it was usually credit card companies, mortgage companies, phone companies, insurance companies, etc.. pretending that I actually do business with them. They try to startle you into thinking you owe them money, and if you sign up for their plan this or that, you will be better off.

The last one I remember was some phone company calling me telling me that I'm paying too much for long distance calls and that if I switch to their plan, they can save me money. Hello? (1) You don't know jack about my long distance calls. (2) If you did know jack about my long distance calls, you'd know I never make any. But these liars have their scripts to read over the phone. Scripts that are designed to sound vague, scary, ambiguous and upsetting, and generic. They think if they throw enough crap against the wall, call up enough people, that somebody will eventually believe their LIES they're telling unsuspecting people answering their phones.

And really, you shouldn't need to use the phone for doing any important business. It's not necessary. If you're doing anything that's important it should be done person to person, at a bank, or an office or whatever. You don't give out information (social security numbers, any account numbers, credit card numbers) over the telephone. It's all scams!!!

Edited by LostInSpace2012
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...