I fell for remote PC repair scam... Am I in trouble now?

BarcaTheGreat · Nov 11, 2018

Never thought my first thread on this forum would be asking for help but here we are.

I am fairly tech literate so this is even more embarrassing but once I found out my router died during firmware update, I guess panic set in. I Googled Netgear (I have X6) support phone number and the first link with the phone number was an ad.. Which I clicked. Then it went straight away to a person who answered that he was the support person. I asked and he verified that it was the official Netgear support. I explained situation and he said he needed to try to update the firmware through their server side and told me to go to go assist or something in that nature and gave me an id which I punched in and the connected to my laptop (which I at that point connected laptop directly to my modem) through a software I downloaded from the go assist website (funny enough the website noted only give access to people you trust ) . He opened command prompt and looked at (I might not be remembering correctly) ipconfig, net use maybe, then something tree which kept on going through the screen as whole bunch of tables . At the end it showed on the command prompt screen and something as infectious ... At that point it finally hit me it's one of those case where I will be told to pay for a software to remove the virus.. As I was talking to the guy who was talking about transferring to to a support person I disconnected the seasons and turned off the computer.

My question is how screwed am I? I got a temp router I had at home and online back using it. That "infected machine" was a win 10 laptop which I had Ubuntu installed and now using the Ubuntu .. Scared of going back to the win 10 from my boot options. If I don't ever log into windows 10 it's fine but what kind of permanent damage did I do? He has my modem connection info from ipconfig and God knows what else. He won't have access to my router info as I didn't have the router working at the time at all . .. Yes I know I was a sucker but let's not laugh too much at my expense . . Appreciate all the help I am about to receive .

Bandini · Nov 11, 2018

just wipe the computer you were on and try not to be a dumbass in the future, you'll be ok

StarCreator · Nov 11, 2018

It sounds like you cut him off before he did too much damage, but yes, that Windows install is now suspect and should be nuked. He probably has a record of your public IP address, but that'll probably change if you can get your router working anyway.

principal · Nov 11, 2018

you're fine so far as if you only opened the gotomyPC software and didn't download or run anything else

Cocolina · Nov 11, 2018

I really don't get it. What's the evidence he installed a virus? He went through ipconfig and what came up as infectious? What number did you actually ring?

super-famicom · Nov 11, 2018

It would be best to format your hard drive and have a fresh start.

Lump · Nov 11, 2018

Take the L and perform a reformat.

FloatingDivider · Nov 11, 2018

That windows install is probably fucked but that's about it. Reinstall windows & call it a day. He most likely just installed one of those shitty "free" virus scanners that automatically pops up with a bunch of infections found to pressure tactic you into giving up some credit card numbers. Also never click the sponsored ad link on google or bing because 90% of the time it's a spoof website.

Fireblend · Nov 11, 2018

You should reinstall Windows to be safe. You don't know what the guy was doing while he had direct access to your computer, even if it only looked like he was executing netstat or ipconfig.

RedMercury · Nov 11, 2018

If you called the number on the router I doubt Netgear is referring people to spammers

Fiction · Nov 11, 2018

Usually these guys trick tech illiterate folks and you dont have the virus.

Did it look something like this?

Neece · Nov 11, 2018

Send me your information and I'll check it for you.

Akira86 · Nov 11, 2018

I'll let it slide. just this once, OP. Don't let it happen again.

RestEerie · Nov 11, 2018

BarcaTheGreat said:
He opened command prompt and looked at (I might not be remembering correctly) ipconfig, net use maybe, then something tree which kept on going through the screen as whole bunch of tables . At the end it showed on the command prompt screen and something as infectious ... At that point it finally hit me it's one of those case where I will be told to pay for a software to remove the virus.. As I was talking to the guy who was talking about transferring to to a support person I disconnected the seasons and turned off the computer.

Sorry OP, but you are not tech literate as you claimed.

as long you don't give him as personal info (credit card, social security, ID) it will be fine. Just wipe that windows partition.

Orb · Nov 11, 2018

Consider your OS a lost cause. It's possible it's really not that big a deal, but you will never know for sure. Wipe it to the fullest extent you can and re-install Windows. Your network itself is probably not compromised, these people usually aren't that savvy.

Simon Belmont · Nov 11, 2018

Check with your bank.

TheOMan · Nov 11, 2018

Neece said:
Send me your information and I'll check it for you.

LOL, that's mean.

Planx · Nov 11, 2018

those scammers know less about tech than you do. They follow a script and don't deviate at all. The "infected" bit you saw was something they manually typed out while the really long bit with the tables printed out. Your PC is most likely fine, just uninstall the tool they had you download and run Malwarebytes. They usually use a generic remote-assist program that doesn't come bundled with viruses or anything else. The scam is really cut and dry and they don't waste time on revenge or things like that because it takes time away from scamming money from other people

BarcaTheGreat · Nov 11, 2018

Cocolina said:
I really don't get it. What's the evidence he installed a virus? He went through ipconfig and what came up as infectious? What number did you actually ring?

He ran something tree from command prompt which kept showing flowcharts type stuff for many seconds Maybe he just copy and pasted the infection line at the end of the run...hoping for that since it means nothing was changed...

GLHFGodbless · Nov 11, 2018

90% chance you're windows is fine and they just wanted you to buy some bogus software from them. Unless you saw them open your browser and go to some shady site and download something, you're fine.

BarcaTheGreat said:
He ran something tree from command prompt which kept showing flowcharts type stuff for many seconds Maybe he just copy and pasted the infection line at the end of the run...hoping for that since it means nothing was changed...

This is most likely all that happened. had you stayed on the line, they would of just tried to sell you some shit. No one ids going to install a virus on your computer from the command prompt.

Arkaign · Nov 11, 2018

Run ADWCleaner. By far the best quick system flush in the current landscape. Far better than Malwarebytes (I find all kinds of nasty things on PCs that are running MWB!!)

Laughing Banana · Nov 11, 2018

Sheesh Google doesn't give a shit, putting ad for scam companies like that after a search query.

NeonBlack · Nov 11, 2018

What phone number did you call? Googling netgear customers service gives you their phone number immediately.

BarcaTheGreat · Nov 11, 2018

Fiction said:
Usually these guys trick tech illiterate folks and you dont have the virus.

Did it look something like this?

Ok, that gotoassist website is the exactly the same one he got me to use.. but it wasn't fast support, it was just go to assist directly.. and then it had me install the same file as the video... I am watching the rest of it now but let's see what he says happened at the end.

Firestar · Nov 11, 2018

Kitboga's twitch streams show this scam example exactly. They just type the virus thing at the end, you're fine. It's very unsophisticated and they just try to get you to give them your credit card details to remove the "virus"

V23 · Nov 11, 2018

From your description it sounds like he didn't really get a chance to do anything too malicious. For peace of mind you should reformat your PC though. Better to be safe than sorry.

BarcaTheGreat · Nov 11, 2018

Yes, the whole time he was in dos (command prompt). I fear is that he could've triggered a download of something through command prompt (like Ubuntu).. but basically all he did was made something keep running through screen and at the end it showed infection found.. more I am thinking about it after you guys noted the same thing: he just ran stuff to scare me and dos infection found would never be there.. unless I am running something from the boot that would scan something. Feeling much better now (aside from being a momentary idiot)

Firestar · Nov 11, 2018

BarcaTheGreat said:
Yes, the whole time he was in dos (command prompt). I fear is that he could've triggered a download of something through command prompt (like Ubuntu).. but basically all he did was made something keep running through screen and at the end it showed infection found.. more I am thinking about it after you guys noted the same thing: he just ran stuff to scare me and dos infection found would never be there.. unless I am running something from the boot that would scan something. Feeling much better now (aside from being a momentary idiot)

Highly unlikely there was any download, these things go off an extremely similar script every time. It's exactly like you typed above. He runs the "tree" command, and then types up a generic virus found message to trick you into thinking he ran some sort of scan (which they did not). If you want to see how the rest of the scam would have gone, just look through some of Kitboga's vods. They then just try to sell you packages on removing the "virus". As far as I know even the remote desktop software they use is legit, so you have nothing to worry about if you didn't give them any of your information.

FloatingDivider · Nov 11, 2018

Fiction said:
Usually these guys trick tech illiterate folks and you dont have the virus.

Did it look something like this?

OMG lmao cmd dir/s proceeds to manually type in Zeus virus found '' network fireawall is turn off!!

Nevermind op just uninstall the remote desktop app and call it a day, unless the remote desktop app was bundled with malware you should be fine. If you still have the .exe submit it to virustotal to be sure.

BarcaTheGreat · Nov 11, 2018

FloatingDivider said:
OMG lmao cmd dir/s proceeds to manually type in Zeus virus found '' network fireawall is turn off!!

Nevermind op just uninstall the remote desktop app and call it a day, unless the remote desktop app was bundled with malware you should be fine. If you still have the .exe submit it to virustotal to be sure.

Thanks, I think I dodged a bullet there. Already uninstalled remote app but it appears to be a legit one anyways (the one from video above). And like I said I use it mostly as Ubuntu machine so rarely would I even go to win 10 ok it

Starviper · Nov 11, 2018

BarcaTheGreat said:
Never thought my first thread on this forum would be asking for help but here we are.

I am fairly tech literate so this is even more embarrassing but once I found out my router died during firmware update, I guess panic set in. I Googled Netgear (I have X6) support phone number and the first link with the phone number was an ad.. Which I clicked. Then it went straight away to a person who answered that he was the support person. I asked and he verified that it was the official Netgear support. I explained situation and he said he needed to try to update the firmware through their server side and told me to go to go assist or something in that nature and gave me an id which I punched in and the connected to my laptop (which I at that point connected laptop directly to my modem) through a software I downloaded from the go assist website (funny enough the website noted only give access to people you trust ) . He opened command prompt and looked at (I might not be remembering correctly) ipconfig, net use maybe, then something tree which kept on going through the screen as whole bunch of tables . At the end it showed on the command prompt screen and something as infectious ... At that point it finally hit me it's one of those case where I will be told to pay for a software to remove the virus.. As I was talking to the guy who was talking about transferring to to a support person I disconnected the seasons and turned off the computer.

My question is how screwed am I? I got a temp router I had at home and online back using it. That "infected machine" was a win 10 laptop which I had Ubuntu installed and now using the Ubuntu .. Scared of going back to the win 10 from my boot options. If I don't ever log into windows 10 it's fine but what kind of permanent damage did I do? He has my modem connection info from ipconfig and God knows what else. He won't have access to my router info as I didn't have the router working at the time at all . .. Yes I know I was a sucker but let's not laugh too much at my expense . . Appreciate all the help I am about to receive .

Kitboga on Twitch // YouTube deals with these guys all the time in hilarious ways to help inform people of these sorts of scams. From what i've seen, there was probably no damage actually done to your computer but in some cases if you don't disconnect the guy they might try and delete files or something else malicious like that.

Check em' out: https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw

Terra Firma · Nov 12, 2018

Fiction said:
Usually these guys trick tech illiterate folks and you dont have the virus.

Did it look something like this?

LOLLLLLLLLLLL

Did that scammer just run dir /s and then MANUALLY TYPE a virus warning???

Fiction · Nov 12, 2018

Terra Firma said:
LOLLLLLLLLLLL

Did that scammer just run dir /s and then MANUALLY TYPE a virus warning???

Yep.

Even didn't do it fast enough and got seen typing. Usually they type that when the command is running so it just shows up at the end. It's almost always in broken English too.

The end goal is to get you to buy shitty antivirus software that might actually contain viruses. They charge anywhere from 500 to 5000 for the service, and then discount when you balk.

l2iv6 · Nov 12, 2018

wtf @ google having the top search result as a scam ad

I fell for remote PC repair scam... Am I in trouble now?

Attempted to circumvent ban with alt account

One Winged Slayer

Blue Venus

Fanthropologist

Fanthropologist

Teyvat Traveler