I've been having some problems with my PC lately, so dutifully sent 'error reports' to Microsoft, as per the prompt screens. I have the AVG protection suite and RegCure to tidy things up. Today I had a call out of the blue from someone who said he was calling about the error reporting and would try to sort it out for me. To cut a long story short, he said that it was likely that my machine had been infected by a trojan and eventually transferred me to the Log4rescue site where, for an annual fee, this company would provide a clean-up and support service. I finished the call, and said I wanted to consider my options before paying up front.

I wondered if anyone here has any feedback or experience with this company? I went along with the call initially because I thought it was Microsoft getting in touch, but had my doubts when I ended up looking at log4rescue instead. Subsequently, I haven't been able to work out how he'd have known about the error reporting. My normal source of info on all things computing (husband) is out of the country for a few months, so would appreciate any advice.

Sounds dodgy.

Best download Malwarebytes or similar and let it check your system out.

You shouldn't have to pay for any of these services - there's plenty of good and free stuff about.

Malwarebytes.org (http://www.malwarebytes.org)

I've been having some problems with my PC lately

I think this intrusion is a result of the "problems". It looks like you picked up an infection, the purpose of which was to cause problems and pass your details to some outfit so you could subsequently be conned into parting with money to "repair" a problem that was caused for that purpose.

Or maybe I'm just cynical.

Your name, address and telephone number could have been obtained in several ways - and if "they" have that much information I would be wary of any online banking etc..

Assuming an infection, he most secure way of dealing with this is a complete deletion and re-install of OS (after backing up data and user settings). You can also try running a good anti-malware program (e.g. Malwarebytes), but you need to be confident about what you are doing. See the recent http://www.pprune.org/computer-internet-issues-troubleshooting/403171-computer-shutdown.html thread for example.

SD

I would be very wary of log4rescue. Google shows 4 hits for them - two from their own website, one from this thread, and one totally unconnected with the firm.

Their website mentions lots of growth and about 800 employees.
While that's possible, I can't imagine a growing web company with 800 employees and only three relevant Google hits.

They may be totally legit, but...
Their domain was registered on 17 Nov 2009, so they aren't long-standing, and their registered location is Calcutta.

Did the caller say how they got your details? Did he/she have more information about you than you'd send to MS?

Saab's answer may be a tad drastic, but it will fix it.
I'd be inclined to run Malwarebytes and see what it finds. Some of us on here may be able to "talk you through" the disinfection process. I've done a fair few (mostly not in my own PCs), and some are real experts!

Many thanks for the replies. I ran the Malwarebytes which picked up the usual cookies, and what looks like a nasty:

c:/sccfg.sys

showing as a hidden file and identified as a rootkit. I have tried to remove it, but I guess the clue's in the 'hidden file' bit and it steadfastly refuses to budge. Grateful for any further advice.

Incidentally, log4rescue rang back this morning and I told them I'd fixed the problem with anti-malware. End of conversation. I suppose I should have asked where they got my details from, but I just wanted them off my back at that stage. :uhoh:

R b G - have you tired Malwarebytes in safe mode? If that does not work, try something that will do a 'boot' scan - Avast has performed well in that respect.

I have tried to remove the hidden file via AVG's anti-rootkit function, but it's back whenever a new scan is run. Does anyone know whether c: \sccfg.sys is something awful? Being a complete computer numpty, it occurred to me today that it might not be malign, although I wonder why it's hidden if that's the case.

Micro soft tends to hide all operating sys files so that they cant be accidentally erased. If the path is as you say then, from the command line type C:ccfg.sys -r -a -s -h and then try removing it.

sccfg.sys seems to be associated with an application called Folder Lock - do you have that installed on your system?

SD

SD, Just had a look. Folder Lock is there. No idea what it does, so perhaps I'm better off leaving it alone. Thanks for your help. :ok:

Folder Lock seems horribly familiar.

If it's the one I think it is, there have been lots of folk complaining that the trial version held them to ransom if they ever wanted to see their files again.

Yes you can download it as a trial, presumably when the trial runs out you're stuffed unless you buy the full version, if you don't remember to unlock the files before then.

You lot are all fakes and you're banned:

Sir,
This is to bring to your kind attention that some of the people registered in your website are using the forum as a weapon to affect our companys' reputation in the market.In the last 4 days several comments have been posted in your website by the rivals in order to influence our customers as a result of our customers are charging us back and losing trust on us.Our comapny is log4rescue and if you see all the post have been done by the same IP address from kolkata and not by any resident of any country which the posted with different usernames and address.As per your terms and conditions any personal attack to any person or company is voilating your laws.
i kindly request you to go through the matter and take necessay actions against it and remove this forum and the post against our website for which we would be very thankful.
thanking you
josh paker

Rob,

Many thanks for sharing that gem from your postbag with us!

:ok: :D

SD

What a relief:
There was little me thinking that the board moderator and other experienced and regular posters had actually been banned!

P.P.

Oh dear!

Google now shows only two hits for log4rescue - their own website, and PPRuNe.

Perhaps I'm being dense but who are fake and got banned? Surely not the original posters to this thread?????

No-one. Just PPRuNe Towers being TIC. :)

Oh. I see. Must be that British sense of humor (humour) no?!!!! :}

Fantastic. Log4rescue ironically (and unwittingly) confirming the type of outfit they are....

:ok:

Yep, any company that leaps straight in with threats like that rather than explaining and trying to quell our distrust of them needs to be treated accordingly.

... and was.

I saw a thread recently ('Support onclick'? - MoneySavingExpert.com Forums (http://forums.moneysavingexpert.com/showthread.html?t=1613667)) about this sort of thing.

Company was called Support On Click from India. Their phone operators were not keen to give their location and claimed to be UK based.

In a cold call, they would say that there was a problem with your PC (I suppose most homes have one these days) and then talk you through demonstrating the infection and setting up remote access to your PC. And charging monthly too.

One interesting snippet is that when challenged, calls were routed to a senior individual who tended to threaten and swear...

Vitesse, sounds like I had a narrow escape then! :ok:

Surely the correct response when they say that there is a problem with your PC, say to them " Since it's a criminal offence to access a computer without the owners permission how do you know that?" and see what their reaction is. :ok:

GG - I'd gone into 'rabbit in the headlights' mode by that stage (believing they were from Microsoft). How gullible can you (I) get?:uhoh:

I've just reported them to the Fraud Office. No doubt they'll just pop up in another guise shortly, unfortunately. Vitesse's linked thread makes very interesting reading.

I am embarrassed that I even listened to them in the first place. :(

Now you lot are really being troublesome. It's about time you grew up and did the 'needfull'

I dont know which person is your member for how many years and more..and i am least interested.All i know is that various comments have been posted in your website about my company and its affecting my sales.i really need to know whether you are going to remove these post or not.i am kindly requesting you to do the needfull.
regards
josh parker.

I dunno, Pprune has at least doubled (4) log4rescue's hits on Google, surely that's a net benefit? On the other hand, their satisfaction rate has dropped from 99% to 96%, which suggests Mr Rivets may have tried them out.

This lot registered to offer smooth assurances regarding their operations.

They took great care to distance themselves from Microsoft and claimed they had a team 'generating' leads.

Given the limited number of ways anyone could generate such leads and phone numbers I'm not having them on the site. Depending your own level of inherent paranoia you will no doubt come up with various routes to gaining such contact numbers.

Regards
Rob

I put on my sleuthing head, and Vitesse has stumbled across the truth: these guys are probably Supportonclick in disguise: semantic analysis suggests the web sites were done by the same person(s), plus more obvious hints through whois & Co. Lots of information out there about the activities of Supportonclick.

I see from Google that they have some more hits - moneysavingexpert.com and digitaltoast.co.uk both report Log4rescue as a scam. Sad for their 800 employees :(

All i know is that various comments have been posted in your website about my company and its affecting my sales

I guess that's what happens when you scam people.

Any one who cold calls your home should be put against a wall and dealt with.
This company deserves nothing but shutting down...
As for the Folder lock issue, at least that has nothing to do with the scam. Log4rescue probably got your phone number in the good old tried and tested method prevalent in India. From a call centre where someone sold on the stuff. :*

From what the OP said, it sounded to me that MS, or someone (unauthorised?) at MS passed on her details.

They probably just use that line to suck you in....They were lucky that this person actually reports faults to Microsoft...They were unlucky that she was intelligent and asked before jumping...Who in Microsoft would you give your home phone number to? I've never had occasion to do that.

From what the OP said, it sounded to me that MS, or someone (unauthorised?) at MS passed on her details.

I agree with call100 here - I certainly don't think that MS is passing anything on.

It is a high probability that anyone they cold-call has a home PC, and 95% or more of those will be running MS Windows (sorry Mac users) and will have clicked "send" when a program crashes. So even without any intervention by them, there's a very good chance indeed that they will make a plausible connection with the "mark". And if they hit a no-PC or Mac user - well so what?

As I wrote originally, it is entirely feasible that they plant malware to initiate a problem and send an alert back to their server alongside / instead of to the correct MS server - hosts file hijack is easy enough! But that's probably crediting them with too much intelligence. :p

SD

Link (http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam)

Log4rescue mentioned in the above site. Seems to imply that they are also known as supportonclick, systemrecure and logmein123.com running various scams. :=

Forewarned is forearmed :ok:

Logmein123 is itself a legitimate commercial product. The scammers are simply making use of it as their remote access tool.

Just wanted to say thanks for advice offered. Scam has been confirmed in the local press:

Dyfed-Powys Police are warning people not to fall victim to a telephone scam which is currently targeting people in the area. The force has had a number of complaints from people who have received phone calls from callers saying they are Microsoft Engineers. The caller states that there are viruses on the victim’s computer and the system is running slowly because of this. These can be fixed if the victim logs into the computer and follows the callers’ instructions. After identifying that the system is infected they ask for credit card details for payment for software and are very insistent.

Karen Burch E Crime Wales Business Officer said that the changes made could disable the anti virus security installed and result in files being deleted. "Our advice is simple," she said. "Do not give personal information to strange callers. "Microsoft employees do not ring their customers. Do not access your PC on the directions of a strange caller.”