[Albert Lionheart]

UK Scam "Virtual PC Doctor" reappears
Heads up if you have not come across this before:
I run a small IT support company in middle England and today one of my clients received a call from someone with a strong Asian accent calling himself Aran Smith. As she was widowed 10 days ago she is not at her best, and she told Mr Smith of her circumstances hoping that he might go away. Far from it; seeing a victim on her own he pressed her to allow him to have remote access to her PC.
He installed Logmein and also a piece of software called Advanced Windows Care V2 Personal. It also modifies msconfig to make these programmes run at boot, logging the PC onto Mr Smith's system, It downloads and runs 000-AWC.exe.
Fortunately my client smelt a rat and phoned me on her mobile, leaving Mr Smioth on her landline. I told her to turn off the router to close the connection - whereupon our Mr Smith went slightly beserk and told that she had done ultold damage to her machine. On the pretext of promising to call back she managed to get his details and phone number in London.
My thoughts are that this is a highly professional scam; to the extnent that it has even written posts on various forums assuring that their software is safe.
The company is called ammyy, has a nice credidble website at Ammyy Admin - Free Remote Desktop and Remote Control software and Aran Smith is on 02030263982. This is a London number.
I eventually had a look at the machine and cleared everything installed by Mr Smith. I have no idea if he had time to extract any private information.
I have also left a message for the local police but they are rather busy at the moment with other work so I don't expect to hear back from them.

[Joshuashawharvey]

Interesting read.

I've also encountered one of these particular scams. The victim was one of our clients.

These scammers ran through similar processes to gain remote access to our customer's PC. Their English was broken, and they had informed that they were a Microsoft certified company. They used a few sly methods to convincingly prove their point. Fortunately he also smelt a rat and gave us a call to explain the situation.

I'd not experienced an attack like this in the past so this was new to me too. We explained that this was a fraudulent attempt at repairing the PC, and informed that they should turn the PC and internet off immediately and end the call.

I then remoted onto the customer's PC to see the damage. I found that the scammers had used GoToAssist to gain remote access to the PC, and I also found files that appeared to be malware in the Downloads folder.

Fortunately the customer had ended the remote session and call before the scammers could install any malicious software or do any real damage. I ran multiple malware scans and fortunately found nothing. I looked at MSCONFIG, HiJackThis, checked the services, installed applications, and all of the other usual checks. I also checked the integrity of the customer's data, however everything seemed to be intact and our customer appeared to have had a lucky escape.

The number that was used to call our customer originated from India, and a quick search of the number found this.

These people somehow convince the vulnerable, uninformed user that they are Microsoft certified, or a part of Microsoft. They use a professional method of gaining remote access, and then charge ludicrous amounts of money to "repair" their PC.

Our customer was informed of such dangers, and how they could possibly originate. We informed that they should keep a close eye on their emails for potential spam, fraudulent phone calls like the one experienced, to change their passwords and keep an eye on their personal information for possible modification or hacking attempts.

I fail to understand the logic of this. For all of the effort these guys put into doing this sort of thing, they could set up a legitimate business and run it properly. However the lengths these guys will go to will never cease to amaze me.