# Scammer claimed he was MS Support?



## HeidiZ (Apr 29, 2014)

Trying to help a friend out here....he got a phone call (# was a Level 3 Communications, Llc VoIP from Blackville, South Carolina and it was late at night) man said he was with Windows Support and that the licensing on the friend's laptop computer (which he purchased USED w/Win7 Home Premium pre-loaded) was about to expire. (WT? :nonono _STUPIDLY_, the friend believed what he was saying and *ALLOWED* him remote access to his system, so the man could then fix the issue with the licensing...as he watched this man working within his system, man was describing the "service" he was "selling", friend _got it_ (finally) and said "NO - No thanks! I don't need that!" To which the man replied "Oh, too late, sorry! Now you will need to pay $270.00 to gain access to your laptop!" Of course the friend said NO WAY & hung up on the guy & turned off his laptop. When he went to restart it, there is now a "STARTUP PASSWORD" field requiring him to enter this....He attempted Startup Repair (6 times)...the result was: Root cause found - Unspecified changes to system configuration might have caused the problem. # of root causes = 1. This is the point at which he asked me to help..I ran Startup Repair again, got same results....checked BIOS where there were DISABLED passwords for System and HDD...cannot run any program to get logs or dmpfiles or anything at all due to this password thing having control? No safe mode. Last thing I noticed is an AREY JONES System Recovery splash screen (behind the Startup password dialog) Apparently, his laptop was owned previously by a school or college that used Arey Jones Educational Solutions... 

What could this guy have DONE in his system to cause this? And, is there a solution? Hope I posted this in the correct section....any help will be greatly appreciated! 

Heidi

(p.s. he DOES NOT have installation cd or recovery disk for his system :facepalm: either)


----------



## JMPC (Jan 15, 2011)

Rather than running startup repair has the user tried to restore a previous recovery point? It's entirely possible they delete the recovery points as part of this process to keep users from doing just that but worth a shot.

I'm assuming Safe Mode is no different?

If you're still not able to recover from it you could boot with a Linux live CD, backup all of the users data and start over with a clean install.

Without knowing what else was done to the system a clean install or factory restore may be the best option.


----------



## Wand3r3r (Sep 17, 2010)

this is a well known scam.

Your ONLY option is to format the system and do a new install. Anything LESS and you will regret it since the hacker also placed back doors into your system.

Take it to a computer repair place and pay for the OS disk.

Good news is your friend doesn't have to cancel his credit card and get a new one.


----------



## Corday (Mar 3, 2010)

This is another thread on the same subject: http://www.techsupportforum.com/forums/f36/your-scam-experiences-804073.html


----------



## HeidiZ (Apr 29, 2014)

Thank you JMPC, Wand3r3r & Corday for your replies and suggestions!

Unable to get to System Restore....Startup Repair is only thing accessible with the Startup Password dialog....Can't even GET to Safe Mode! I like the Linux idea - I hear about how GREAT it is from my brother all the time...I could back up his data, but he has no disk to do a clean install with, if I did that. 

BTW-Is it TRUE that Linux DOESN'T GET VIRUSES? (This is always a selling point my brother uses when he knows I'm having issues with Windows, lol)

I'll give my friend the BAD NEWS (and the GOOD)....also, Corday? LOVE your "quote" HOW TRUE THAT IS!! I am going to print that up for my friend to REMIND him to NEVER do that again! :facepalm: (jeeeeezzzzz!!)

Thanks again all....glad I registered - will be back if I ever need help again! GREAT FORUM!! :thumb:


----------

