holy frijoles.

tell your friend to reach down to where the computer is plugged into the wall, and pull out the cord.

then get on the phone with the credit card companies and cancel all their cards

then go to a public library or friend's house, sign in to paypal, and change the password. If it's not too late & the attacker hasn't already changed it. I wouldn't expect to find any money left in the balance, but paypal can also throw charges into a linked bank account. that's something you may be able to do on their behalf from your non-infected computer.

act fast

oh yeah - then call the police and get in touch with their fraud people. They do like to know about illegal things

Besides unplugging from the Internet, also tell him to immediately shutdown the computer.

Tech support companies can charge anywhere from US$50-$200/hour and up. Factor in that to figure out what your time is worth, build in any discounts because he's a good client, etc., and then tell him the rate for you to get involved past this point.

Unless you have experience with this kind of stuff and have time to spend, I would suggest recommending your client a company that specializes in it.

>> pull out the cord

yeah, I meant the power cord too. Shut it completely off. And don't turn it back on again until it's been thoroughly cleansed by a pro...

Thanks all.

Managed to cancel the card, unplug him, disable remote control, change paypal passwords and stop a bunch of services.

We Googled and found its known scam called the Microsoft technical support phone scam and the police in the UK are well aware of it.

Rebuilt XP using the system recovery option and installed AVG & Zone alarm - Interesting default XP buuild allow remote access!

Changed all passwords to strong ones and logged a complaint to Paypal as we have his paypal name and email for another transaction he did via paypal.

The XP rebuild option seems OK, first time I'v used it, all back in under 2hrs. I was thinking it may have to be a Format c:/, load DOS CD ROM Drivers and rebulild from actual disks...

I would re-install Linux Ubuntu. Then he won't have this problem and no need for antivirus software. :-)

But if he must remain on XP try installing Defender. It is a free Microsoft security program.

>>then call the police and get in touch with their fraud people. They do like to know about illegal things

actually no they don't, crimes they can't solve go to making their stats worse

You are no longer allowed to report credit card fraud to the police in the UK, it all has to be handled by the CC company who can report it to the police, but they never do.

You are no longer allowed to report credit card fraud to the police in the UK, it all has to be handled by the CC company who can report it to the police, but they never do.

This makes my glad I live in the United States. I had one credit card compromised - we think it happened during one of my hospital stays.

The issuing bank told me to file a police report and the officer atually came to my house to file the complaint.

I told him what I did and he ended up asking me questions about merchant accounts, etc, since there was a business in the county that was stealing people's money (by not sending out the products). By the time the provider found out, the merchant has closed the checking out, leaving the merchant provider out of a lot money.

Its a very strange one, it was in the small print of the 2006 Fraud Act and sneaked in as law without proper consultation as usual. It came into effect April fools day 2007!

Interesting. In Canada, the local police dept has an online crime division. They follow up on scams and have people specialized in childpron and such.

I'd call them and report it anyways. if they're not interested, I'm sure they'll tell you so.

If they're not stopped, they'll just keep hitting people with this one... what a dirty scam

"Interesting default XP buuild allow remote access!"

I had major problems on my last computer because of remote access (and file sharing) on by default with XP. Something got in and I was never able to fully remove it or even figure out exactly what it was, even though I tried several different antivirus programs to remove it and endless hours of research. Only using Opera stopped it. Periodically I would find that remote access had been enabled again. It might be worth checking it now and then to see if it is still not enabled.

Thanks for the heads up aspdaddy.
This morning I had a similar call though the caller didn't claim to be from MS in fact he didn't even bother to introduce himself nor his "company".

Transcript :

He : Hello, my name, you are having problems with your computer, your computer is running slow
Me : Haaaa .... you are a scam artist, your company is a scam, we know all about you
He : you M**F**er
and he slammed the phone down

I had to laugh but it's unlikely that he did.

If I had not read your post the caller would have had some serious explaining to do about how he came by the findings he claimed and I still would not have taken the bait. I may have been born at night but not last night ;o)

This whole experience has made me very paranoid about all the cheap used PCs I see advertised- the ones where they leave XP & Office already installed for the home user who doesn’t understand you cant transfer licence rights....what else are leaving installed. I wonder how many come with free clicking agents and keyloggers too :)