Helping people with computers... one answer at a time.
Several current scams center around gaining remote access, often in the guise of fixing problems on your machine. Be it for money or other reasons, one thing is clear: it's a trap!
About a year ago, I took out a lifetime subscription to SUPERAntiSpyware and I have used it without any problems until the last ten days or so. Now, I find that I am unable to activate the scan feature; I click on it just I have done for the past year, but nothing happens. I called the phone number listed on my receipt, but there was no answer and I wonder if you know whether or not they have gone out of business.
I am not particularly worried about this as there are other applications that I can download. However I thought I would let you know what happened when I went to their website.
I called a number that I thought was the support center and was immediately connected with a technician who skillfully asked my permission to allow him access to my computer so that he could diagnose the problem and I agreed. After he informed me that I had over a thousand errors that needed to be erased and that he could do this for me for only $250.00 I realized that this was some kind of scam and I promptly ended the call. What kind of risk have I exposed myself to?
I have windows Vista and my computer is about six years old. Thank you for all you do and keep the answers coming.
First, good on you for terminating that call. While it may have obviously been a scam to you and me, I'm sure that many people are falling for it.
To the best of my knowledge, SUPERAntiSpyware is alive and well. However, the approach you took to contact them is worth reviewing. Sometimes, finding appropriate contact information can be confusing and in some situations, it can lead to questionable territory, as you've seen.
But the big question is ... you let a stranger with clearly malicious intent use your machine remotely. Just how worried do you now need to be?
The bad news is that there's no clear answer.
I've never used SUPERAntiSpyware, but I've heard it mentioned from time to time and it appears to have a good reputation.
The website – http://www.superantispyware.com/ – is most certainly up. Their blog is woefully out of date, but I do see current posts by "SAS Customer Service" in their support forum, which I take as a good sign of life.
But that leads us to the approach best taken to find support.
You started with the phone number on your receipt. That's typically not what I would start with for a couple of reasons.
A phone number on a purchase receipt is typically completely unrelated to product support. More often, it's a number specifically about billing questions or questions relating to the actual process of purchasing the product, not using it.
It's extremely common that the actual sale of the product is handled by a completely different company than the company that manufactures it. This is particularly true of software downloads. The phone number listed may not even be for the company that you really want to talk to. And of course, if the payment processor changes or goes out of business, old phone numbers can sometimes lead to new and less than appropriate places.
My approach to finding support comes at it from a completely different angle.
First, understand that telephone support is rare, even for many paid products. The problem is very simple: it's extremely expensive – even when outsourced. Products would need to be significantly more expensive than they are to be able to cover the costs and in general, the market isn't willing to pay that price. Bottom line: I don't even bother looking for phone numbers and I recommend that you not waste your time on that either.
The official product's website is always the first place to start. I head there first.
I typically look for a "knowledgebase". Like Ask Leo! articles, these are often collections of answers to common questions written by the product's own support or development staff. Most of the time, the most accurate answers are to be found here.
Next, I look for a discussion forum or "community" link. Peer-to-peer support (users helping other users) are often the next best thing to official support and can be a great source of information. Some companies actually will task their support staff with participating in these forums, so you may very well find official answers to common and current questions. (It appears that SUPERAntiSpyware falls into this category.)
Something that says "contact us" is next on my list. Once again, it's not likely to be a phone number, but a form that you would fill out describing your issue and submitting it to the support staff. Eventually, you would get an answer via email.
The quality of support varies widely from company to company and doesn't always correlate with the quality of the actual product. In my opinion, understanding your support options should be an important part of the process of deciding what software to use and install – perhaps even more important than the latest whizzy features a product might offer.
Regardless of how we got here, you've allowed someone with clearly malicious intent access to your machine.
What to do?
There's no simple answer.
For the paranoid and for those with super-sensitive information, there's really only one choice: assume that the machine has been compromised and backup, reformat, and reinstall from scratch. That's the only absolute way to know that your machine is really your machine and not under the control of some remote hacker.
That's also very extreme, often highly impractical and in all honesty, probably not necessary.
The problem is that there's no way to really turn that "probably not necessary" to "definitely not necessary.
So, we basically end up playing the odds.
This is perhaps the most likely scenario.
The technician was probably only after your money in the form of your purchasing his "services" to clean your machine. It's possible, and in my opinion likely, that this was the extent of the scam. By not falling for it and disconnecting, nothing was done.
The reason I say this is likely is that from the scammer's point of view it's the easiest and the safest from their perspective. Beyond commonly available remote access software, no additional hacking tools are required.
As long as enough people fall for the scam and hand over money or additional personal information, the scam is a success without anything else being needed.
Most remote access utilities actually allow you to see what the remote user is doing to your machine.
Surprisingly, it's my understanding that it's these common tools that the scammers are using – in part so that they can "show you" all the errors in your machine, usually by exploiting the mess that is the event viewer's log. But that also means that you would be seeing whatever else they were doing.
So, if the technician downloaded or transfered software onto your machine, you'd probably see it being done.
If they ran a program, you'd probably see it.
If they ran a setup, you'd probably see it.
Now, of course, you'd have to understand (or at least have a rough idea of) what it is you're seeing as it happened, and of course, they would be relying on most people not being able to do that.
If they downloaded and installed anything, then you need to assume that what they installed was malware of some sort.
Here's where it gets difficult.
It is certainly plausible that the remote connection set up by the scammer included connections that you would not see.
Perhaps a quick sleight-of-hand move while they're confusing you with the Event Viewer allowed them to run a program to set up a back-door connection. Perhaps the type of remote connection they've set up allowed them to bypass your firewall. Perhaps, perhaps, perhaps...
Perhaps the entire time they had you on the line, they were quietly and surreptitiously loading your machine up with all sorts of malware.
Possible. Plausible. Not common, from what I've heard, but ... it could happen.
The safest thing for you to do, of course, is assume your machine is infected.
Just how drastic the steps you need to take next depend on what you experienced, what we find, and your own level of security and/or paranoia.
As I said, the extreme is to assume the worst and reformat/reinstall, backing up first so as to be certain not to lose anything.
That's not would I would do. At least not initially.
Instead, I would:
Immediately run full anti-spyware and anti-virus scans, first making sure that their databases were up-to-date.
Run a full scan of the free version of Malwarebytes Anti-malware
Seriously consider running a full scan using Windows Defender Offline – particularly if you're having problems with either of the first two steps.
Keep a close eye out from then on for anything that looks the least bit like suspicious or incorrect – or most importantly new behavior by the computer.
If that all comes up clean, then it's probably enough.
But I can only say "probably."
If you do encounter problems, then stronger measures might be called for.