E-Pro Solutions...Who are they?

Crazyfool

Crazyfool

Lead boot
Joined
Feb 15, 2007
Messages
1,438
Reaction score
1,057
Points
113
Location
South
My wife has received a call from these guys Contact Information and stupidly allowed them remote access to our computer.

Apparently our machine has been sending out unlawful messages (or something like this) and the government has requested that this company sorts it out. I think she has been had, but now apart from wiping my machine and rebuilding it from scratch I am not sure what to do. I guess the first thing is to contact the bank!

Unless someone thinks this is legit!
 
Ring your bank straight away, and level the machine. This is one of the nastier dodgy scams doing the rounds at the moment.

Rob.
 
Just got off the phone to the wife. The call is from India; they have completed a check of the computer and downloaded spyware onto the machine. They have advised that the machine is now clean, but in order to maintain it they want £90 up front for a 'life time service'!! Buggers
 
send them a nice virus. restart your router etc. u could also ask ur ISP for a new IP
 
OK, I'll spare you the technical nonsense unless you're really interested, but although it's clearly well-meaning, none of the above will help.

Again, levelling the machine is step 1. Don't use Windows restore or any other ****, stick the disc in, delete the partition in setup and start again (of course back-up irreplaceable data first (non-executable files only)).

If you want a step 2; ring the bank and get new cards/details - if:

a) You've got card/account details saved locally on the machine
b) You've typed any card/account details since the phone call (a key-logger is a likely component of whatever they've installed)
c) You'd prefer peace of mind - even if the bank opt to do nothing, get it on file, so if the **** hits the fan later - it's their fault.

But again, don't worry about your router or the DHCP-assigned IP address you're almost certainly using, and get the software off the machine.

Rob.
 
I have disconnected the computer from the internet and contacted my bank earlier today. The annoying thing is that I put the Win7 disc somewhere safe and now haven't got a clue where it is. What's really annoying is that my wide works in IT. I know I shouldn't generalise because there are various specialisms, but:banghead:

I guess it I will be using the net via my iPhone until I can find this damn disc.
 
FactionOne said:
OK, I'll spare you the technical nonsense unless you're really interested, but although it's clearly well-meaning, none of the above will help.

Again, levelling the machine is step 1. Don't use Windows restore or any other ****, stick the disc in, delete the partition in setup and start again (of course back-up irreplaceable data first (non-executable files only)).

If you want a step 2; ring the bank and get new cards/details - if:

a) You've got card/account details saved locally on the machine
b) You've typed any card/account details since the phone call (a key-logger is a likely component of whatever they've installed)
c) You'd prefer peace of mind - even if the bank opt to do nothing, get it on file, so if the **** hits the fan later - it's their fault.

But again, don't worry about your router or the DHCP-assigned IP address you're almost certainly using, and get the software off the machine.

Rob.
Click to expand...

whats to stop them connecting again though? obviously now he has turned the net off but they could just reconnect and do it all again. Changing IP would prevent that as long as its not in the same range hence the call to the ISP. I dunno what software they used to connect but its easily configured to not even ask permission to connect as im sure u know mate.

granted a fresh install would be the best option anyway which would nuke any software scripts etc in order for the above to take place
 
DaveA3 said:
whats to stop them connecting again though? obviously now he has turned the net off but they could just reconnect and do it all again. Changing IP would prevent that as long as its not in the same range hence the call to the ISP. I dunno what software they used to connect but its easily configured to not even ask permission to connect as im sure u know mate.

granted a fresh install would be the best option anyway which would nuke any software scripts etc in order for the above to take place
Click to expand...

First of all, I'd be prepared to stake all the cash in my pocket that the connection isn't initiated inbound; it's just too much of a headache to get through a Network Address Translation layer when it's far easier and more reliable to get someone to hit an URL which will download a component to initiate remote access from the client side - that negates the need for any NAT traversal as the first packet outbound will have the MAC address of the adapter on the LAN at the other end (this is exactly the same way TeamViewer, Skype and later versions of MSN work). It makes sense to do it that way because whatever the remote-access session is used to install will be making outbound connections to send your bank details / the offset of your wheels / your mrs' vital statistics (/whatever data they want to collect).

That being the case, changing your IP won't do a blind bit of good because when whatever malware they've installed is able to reconnect to the net, the folks who put it there will get a packet with your internet IP and the MAC of the machine they're interested in.

So, wiping the machine from the partition upwards will remove the malware; meaning there'll be nothing there making outbound connections, let alone sending data - and of course it won't matter whether you're using the same IP address or not given that there'll be nothing in the machine to handshake a connection.

As regards phoning your ISP for a new IP address, that's only ever really any use if you've got a static IP address - but folks using them will generally know that because a) they'll know they're paying for one (or more), b) they'll generally want one for a reason, and c) they'll be awfully upset about the prospect of changing it (because of (b)). If you're using an IP address which is assigned by Dynamic Host Configuration Protocol, getting a new IP is as easy as turning your machine/router off long enough for either a) the lease on your IP to expire, making it likely to be re-issued, b) peak demand to mean that leases on currently-unused IPs are ignored and the address is reassigned due to a shortage in the pool. If you rang your 'mainstream' ISP and asked the banana bin on the phone to give you a new IP they'd probably have no concept you're on about, and I'd doubt you'd ever get through to someone with enough access (and inclination) to find your DHCP lease and release it.

So... IP has very little effect on the problem; and the ONLY real course of action is to level the machine. Now, by my reckoning you need to come and hold this mahoosive quatrro gearbox for Byzan A4 because I've been writing ^that^ ;)

All the best,

Rob.
 
I concur with Rob, all of the above, no other way forward, 1st port of call would be banks & any online systems that saved login info even if encrypted, change passwords immediately just as precaution.
 
I got in touch with the bank who has advised me that I should download their protection software. The other lucky thing is that my password is the same, but there is also a requirement for a random numbering system which changes everytime I logon.
 
Rob

thats why ur the boss. i didnt think about that to be honest. Just assumed it would be some sort of inbound attack.
 
(FAIRLY IMPORTANT) BUMP:

Well, I've just had the call myself...

Landline rang, loads of zeros on the caller display; I answered, and a far eastern accent started to talk about Microsoft, my computer having a virus, and them needing to fix it. It was almost nonsense, and as soon as I asked questions it became apparent the caller wasn't making sense of a word I was saying.

That was until I said "Are you suggesting you need to gain access to my computer to remove a virus from it? <pause> In that case I need to call the Police" - and the caller hung up.

Be on your guard folks, they're probably not all as sloppy as that; and they're DEFINITELY still out there...

Rob.
 
I doubt the phone call would have even got to that with me,if anyone phones me at home from a company i dont recognise i normally just hang up, or sometimes leave them on the phone talking and just put the phone on the side and see how long they will continue to talk to themselves for.
 
I'm starting to get annoyed now. I still can't find my Windows 7 disc, so still doing everything via my iPhone. When I get a chance, I will pull our office apart to see if I can find it. Such a pain.

HSBC recommended downloading Rapport, but I won't be installing it.
 
cheers rob better tell the parents..

thought it would be a one off thing
 
I've had a couple of similar calls in the past along the lines of "We've noticed that your windows system is running slowly .........." to which I reply "Could be a bit difficult as we're a Macintosh only household"
When they continue to rattle on I've either just hung up or asked them if they know the difference between a Windows system and a MAC - that normally ends the call. And yes, every time I've had a call it's come from India.
 
Crazyfool said:
I'm starting to get annoyed now. I still can't find my Windows 7 disc, so still doing everything via my iPhone. When I get a chance, I will pull our office apart to see if I can find it. Such a pain.

HSBC recommended downloading Rapport, but I won't be installing it.
Click to expand...

Rapport's not all that bad in fairness. I eventually installed it, its main component is a browser plugin which apparently prevents you getting scammed by url masking / iframes etc; I'm not sure how much defence it is against keyloggers and the like; but it at least ensure you're only opening sockets to where you intend to when using banking/ecommerce.

There's a toggle for it too (I think it puts it in a programs group on the start menu), so you can 'unload' it if you're worried about overall privacy, and just use it when you do your banking/commerce - I figured it's probably better to be able to answer "yes" if you're ever in the unlucky position that someone from HSBC is asking "so had you installed the rapport security software we recommened before that cheeky scamp cleared out your bank account*?" (* = /overdraft!).

Rob.
 
You must log in or register to reply here.

Similar threads

O
Who the hell are.....
Replies
17
Views
1K
jesters3
jesters3
Booth_S4
How much are they worth...?
Replies
4
Views
1K
jojo
jojo
supanova
broadband? who are you with?
Replies
45
Views
4K
Archies
Archies
Dan_anthony
Pressed/gelled plates are they legal?
Replies
9
Views
888
Lavis89
L
G
Driving Gloves - are they ok?
Replies
10
Views
1K
scoss
scoss
Top
Back