LinkBack URL
About LinkBacksHi,
Bit of a general question to be honest but there are a lot of places offering to remove viruses remotely, does anyone know exactly how they remove them remotely and what programs they may use?
Thanks
Hi,
Bit of a general question to be honest but there are a lot of places offering to remove viruses remotely, does anyone know exactly how they remove them remotely and what programs they may use?
Thanks
Jon
Either they connect to a remote desktop session & run an antivirus app as normal, or get you to use a web-based antivirus app
Jonj1611 (21-05-2015)
Or they are scam artists that talk you through how to give them remote access so that they can steal passwords and infect your machine.
Proper scanning involves taking the disk out and plugging it into another machine.
Right, so no actual programs that do the work for techs? Just remote terminal and run as normal? Fair enough, thought it would have been something more technical than that.
Yes your right Danceswithunix, thats the way I have done it when removing viruses normally if other methods have failed.
Reason I asked is my sister recently had someone remove a virus remotely from her machine, obviously she forgot about me! But still and after paying I think £40 to do so I wanted to know how's it done, any special programs other than remote login etc. She is a couple of hundred miles away so I couldn't pop round and do it myself.
Jon
In my experience (I used to work for Sophos), only a minority of viruses can be safely removed from a running system or even a powered off one, as they tend to burrow quite deeply into the OS. To be sure you need to reformat, and restore your data from backups.Originally Posted by DanceswithUnix
Jonj1611 (21-05-2015)
There is a massive scam being run from India where they phone your landline and ask for you by name. They then tell you they have spotted your machine spamming viruses and ask for money to fix it.
I am guessing your sister may have got stung by them.
I actually play along with them when they call (although they haven't for a while) and they even get you to go to C:\Windows\Inf and tell you all the .INF files are infections....then ask for remote access and a credit card. I ask them to hold while I get my credit card and go and watch some TV/play some games and go back an hour later to see if they are still holding
Main PC: Asus Rampage IV Extreme / 3960X@4.5GHz / Antec H1200 Pro / 32GB DDR3-1866 Quad Channel / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD (RAID 10) / Windows 10 Pro, Yosemite & Ubuntu
HTPC: AsRock Z77 Pro 4 / 3770K@4.2GHz / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
Laptop: Dell Precision 5510 Printer: HP CP1515n || Phone: Huawei P30 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM14 / Playstation 4 + G29 + 2TB Hybrid drive
Jonj1611 (21-05-2015)
Yeah I used to enjoy the phone calls from those people too but haven't had any myself for a while. No it wasn't that scam in this instance, it was a local company, well I say local, twenty miles away or so, one of her kids downloaded something and she couldn't get it off.
Just that I see a lot of people advertising to remove viruses remotely and I was wondering if there was anything special involved, corporate anti virus programs, anything that a "normal" user wouldnt have.
Jon
40 quid isn't their usual price range. They aim for mid 3 figures on a subscription basisThere is a massive scam being run from India where they phone your landline and ask for you by name. They then tell you they have spotted your machine spamming viruses and ask for money to fix it.
I am guessing your sister may have got stung by them.
I actually play along with them when they call (although they haven't for a while
Jonj1611 (21-05-2015)
If I have to do remote fixing then its teamviewer mainly to gain access remotely and then use the usual applications such as CCcleaner, malware bytes, kaspersky live CD and also a bit of registry editting to ensure removal.
Jonj1611 (21-05-2015)
+1 with Teamviewer, fantastic app for remote use.
Just to add ADWCleaner(1st step use before others), Malwarebytes, SuperAntiSpyware, Combofix(for the seriously pesky ones that won't go away), HitManPro.
Sometimes require more than 1 or 2 scans to completely remove everything.
mikerr (11-06-2015)
Hi,
Many thanks, I was aware of all those programs.
As I said initially I was looking into how they did it, ie any special programs that were used, of which there are none, just the usual teamviewer etc. Thanks anyway.
Jon
Just in case someone who has a compromised PC is tuning in to this thread and their PC is too messed up to install something like Teamviewer, you can always create an anti virus bootable CD or USB key, which might get a way in to finish off cleaning up.
These are not bootable AV tools - if a PC can still use the internet, I usually use adwcleaner and junkware removal tool - I download from bleepingcomputer.com - unfortunately as you try and use these tools there are tricksy tick boxes that would result in installing adware, so not really for people who weren't careful enough when they invited the problem(s) in in the first place
Last edited by snedger; 11-06-2015 at 08:58 AM.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
