Rather be Gardening

I've been having some problems with my PC lately, so dutifully sent 'error reports' to Microsoft, as per the prompt screens. I have the AVG protection suite and RegCure to tidy things up. Today I had a call out of the blue from someone who said he was calling about the error reporting and would try to sort it out for me. To cut a long story short, he said that it was likely that my machine had been infected by a trojan and eventually transferred me to the Log4rescue site where, for an annual fee, this company would provide a clean-up and support service. I finished the call, and said I wanted to consider my options before paying up front.

I wondered if anyone here has any feedback or experience with this company? I went along with the call initially because I thought it was Microsoft getting in touch, but had my doubts when I ended up looking at log4rescue instead. Subsequently, I haven't been able to work out how he'd have known about the error reporting. My normal source of info on all things computing (husband) is out of the country for a few months, so would appreciate any advice.

frostbite

Sounds dodgy.

Best download Malwarebytes or similar and let it check your system out.

You shouldn't have to pay for any of these services - there's plenty of good and free stuff about.

Malwarebytes.org

Saab Dastard

I think this intrusion is a result of the "problems". It looks like you picked up an infection, the purpose of which was to cause problems and pass your details to some outfit so you could subsequently be conned into parting with money to "repair" a problem that was caused for that purpose.

Or maybe I'm just cynical.

Your name, address and telephone number could have been obtained in several ways - and if "they" have that much information I would be wary of any online banking etc..

Assuming an infection, he most secure way of dealing with this is a complete deletion and re-install of OS (after backing up data and user settings). You can also try running a good anti-malware program (e.g. Malwarebytes), but you need to be confident about what you are doing. See the recent http://www.pprune.org/computer-inter...-shutdown.html thread for example.

SD

Keef

I would be very wary of log4rescue. Google shows 4 hits for them - two from their own website, one from this thread, and one totally unconnected with the firm.

Their website mentions lots of growth and about 800 employees.
While that's possible, I can't imagine a growing web company with 800 employees and only three relevant Google hits.

They may be totally legit, but...
Their domain was registered on 17 Nov 2009, so they aren't long-standing, and their registered location is Calcutta.

Did the caller say how they got your details? Did he/she have more information about you than you'd send to MS?

Saab's answer may be a tad drastic, but it will fix it.
I'd be inclined to run Malwarebytes and see what it finds. Some of us on here may be able to "talk you through" the disinfection process. I've done a fair few (mostly not in my own PCs), and some are real experts!

Rather be Gardening

Many thanks for the replies. I ran the Malwarebytes which picked up the usual cookies, and what looks like a nasty:

c:/sccfg.sys

showing as a hidden file and identified as a rootkit. I have tried to remove it, but I guess the clue's in the 'hidden file' bit and it steadfastly refuses to budge. Grateful for any further advice.

Incidentally, log4rescue rang back this morning and I told them I'd fixed the problem with anti-malware. End of conversation. I suppose I should have asked where they got my details from, but I just wanted them off my back at that stage.

BOAC

R b G - have you tired Malwarebytes in safe mode? If that does not work, try something that will do a 'boot' scan - Avast has performed well in that respect.

Rather be Gardening

I have tried to remove the hidden file via AVG's anti-rootkit function, but it's back whenever a new scan is run. Does anyone know whether c: \sccfg.sys is something awful? Being a complete computer numpty, it occurred to me today that it might not be malign, although I wonder why it's hidden if that's the case.

green granite

Micro soft tends to hide all operating sys files so that they cant be accidentally erased. If the path is as you say then, from the command line type C:ccfg.sys -r -a -s -h and then try removing it.

Saab Dastard

sccfg.sys seems to be associated with an application called Folder Lock - do you have that installed on your system?

SD

Rather be Gardening

SD, Just had a look. Folder Lock is there. No idea what it does, so perhaps I'm better off leaving it alone. Thanks for your help.

frostbite

Folder Lock seems horribly familiar.

If it's the one I think it is, there have been lots of folk complaining that the trial version held them to ransom if they ever wanted to see their files again.

green granite

Yes you can download it as a trial, presumably when the trial runs out you're stuffed unless you buy the full version, if you don't remember to unlock the files before then.

PPRuNe Towers

You lot are all fakes and you're banned:

Saab Dastard

Rob,

Many thanks for sharing that gem from your postbag with us!



SD

P.Pilcher

What a relief:
There was little me thinking that the board moderator and other experienced and regular posters had actually been banned!

P.P.

Keef

Oh dear!

Google now shows only two hits for log4rescue - their own website, and PPRuNe.

rgbrock1

Perhaps I'm being dense but who are fake and got banned? Surely not the original posters to this thread?????

green granite

No-one. Just PPRuNe Towers being TIC.

rgbrock1

Oh. I see. Must be that British sense of humor (humour) no?!!!!

Blues&twos

Fantastic. Log4rescue ironically (and unwittingly) confirming the type of outfit they are....