No, you are not a Microsoft employee, no I don’t have a virus and by the way, you are definitely talking to the wrong people

Ironically I’ve seen warnings from other techs like Dawn, Mickey and more of my IT peers about fake Microsoft calls. Today, I got the pleasure of speaking with one.

When these people call you, they will identify themselves as a Microsoft employee or some other prominent company.   Microsoft will not call you to tell you that your computer is running slow or that it is infected with malware/virus.

Within one minute of talking with this individual, he wanted to take control of my computer.  Knowing what was taking place, we have virtual computers in controlled labs that would be perfect for this caller.  With the help of Pat and Nathan, we fired up a virtual computer and kept talking to the individual.

Note:  The virtual computer was in a controlled environment.   The computer had Windows 10 Technical Preview installed and had no viruses or malware.  The virtual machine had 2 gigabytes of RAM, 2 processors and the virtual hard drive was only 30 gigabytes .

Giving the individual a name (he got it wrong twice) and a 555-5554-555532 phone number, I was asked to go to a website that allowed remote control of my computer. I in turn asked for his name again and he gave me another name that was not the original one from the start of the call. I also asked for his Microsoft badge number and he said bb65tr9 (fake of course).

Prior to going to the website, I started the problem step recorder so I could record him navigating through Windows.

Navigating to the website, I downloaded a software that allowed remote control.  The individual kept insisting that my computer had viruses and that he would have to get an engineer to fix them if he couldn’t.

Once he gave me the whole spill on how bad my computer was, he opened up the services tab and insisted that ALL of the services should be running.  He then showed me CSRSS.exe in the running processes and insisted it was a virus that was stopping the services from running.

Knowing that CSRSS.exe (What is CSRSS?) is a Microsoft  program, I asked the students to be at the ready to pull the plug when needed.

2

After showing me the “virus”,  the individual entered a link that lead directly to a software setup that would install another program on the computer (above).  I asked what it was and he said it would scan my computer for performance.  Instantly hundreds of errors appeared along with other visually terrifying effects.   Microsoft’s Gold Partner was on the software (fake) and another company which I am sure is also fake.

I had one of the students unplug the RJ45 cable and pretended to lose the connection.  The individual said that would not be a problem, he could always log into my computer with the remote program I had downloaded at any time.  He also stated that they would have to charge me for removal of the virus.

After more than 25 minutes online of listening to this person tell me how bad my computer was, I hung up.   I had what I needed-a great lesson for the students, files to analyze and information about the location of this individual.

Knowing that this was a fraudulent call, it gave the students a first hand view of what is going on in the world of computers and security.

Never give remote control to anyone you don’t know.  

Below is the program that has been somewhat obscured so that people won’t search for it online.  Note that he said I had hundreds of registry problems yet the screenshot shows a green check that the registry is ok.

3

We saved the PSR file and the programs on a secure flash drive and deleted the virtual computer.  We will analyze the files later and will be analyzing the firewall to see the IP address and location of the individual.

List of rogue software.  (This list is changing often)

http://en.wikipedia.org/wiki/List_of_rogue_security_software

PC cleaning apps scams

http://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/

Clean Windows with Clean Master

If your computer is running slow and you need to do a little house keeping, use a program we found at What’s On My PC. Clean Windows thoroughly with Clean Master.   Clean Master, is usually a program used on Android devices.   The new app for Windows does a thorough job of cleaning cache, log files and more from your home computer.  Thanks Rick!

1 clean master clean master after

Don’t forget to run cleanup on Windows 10 Technical Preview once you upgrade

Make sure that if you download the latest Technical Preview update on the first Windows 10 Technical Preview, run cleanup to get rid of the older installation.
Cleanup

Second Release of Windows 10 Technical Preview Available

The second Windows 10 Technical Preview is available…open the Charms bar by hitting Windows + C on your current preview build . Click on Settings , Change PC Settings, Update and Recovery, Preview Builds and Download Now

One  Twofour

upgradeGet ReadyappyingFew more thingssetting upappsUpdatedSlow

Do NOT install this on a production computer.  As you can see above, we installed this on a VM to test the Technical Preview.   You should always select slow on upgrading your previews.   Windows 10 Technical Preview so far has been excellent!

Don’t forget to clean up!

Make sure that if you download the latest Technical Preview update on the first Windows 10 Technical Preview, run cleanup to get rid of the older installation.
Cleanup

Create a temporary drive map with PushD

Create a temporary drive map with PushD.   PushD allows a temporary drive map that can be used in a script to copy, delete or modify files or folders.   When using PushD, the drive mapping will start at Z drive.  You must have permission to use the folder of course.

PUSHD

The example above uses the itmanager folder that is shared in a computer named server.

2 PushD Change

Use PopD to disconnect

3 PopD

Add GeGeek Toolkit to Hiren’s CD/DVD for the ultimate troubleshooting tool

One of the best sites on the web is GeGeek.  GeGeek has over 300 tools (freeware) that you can download for troubleshooting any computer.   How can it possibly get more powerful?

Use Rufus USB to create a bootable ISO of Hiren’s CD/DVD’s ISO.  See our other article – link.  Once you create the bootable flash drive, copy the GEGeek folder to

Now when booting to your USB drive, you can boot into Windows XP mini and navigate to the flash drive.  Navigate further into the Prorams folder and then into the GEgeek folder.  You can now use any tool you need to troubleshoot or diagnose your computer.

GEGeek Toolkit