1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

E-Pro Solutions...Who are they?

Discussion in 'General Chat' started by Crazyfool, Mar 21, 2011.

  1. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    My wife has received a call from these guys Contact Information and stupidly allowed them remote access to our computer.

    Apparently our machine has been sending out unlawful messages (or something like this) and the government has requested that this company sorts it out. I think she has been had, but now apart from wiping my machine and rebuilding it from scratch I am not sure what to do. I guess the first thing is to contact the bank!

    Unless someone thinks this is legit!
    #1
  2. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,147
    Likes Received:
    102
    Ring your bank straight away, and level the machine. This is one of the nastier dodgy scams doing the rounds at the moment.

    Rob.
    #2
  3. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    Just got off the phone to the wife. The call is from India; they have completed a check of the computer and downloaded spyware onto the machine. They have advised that the machine is now clean, but in order to maintain it they want £90 up front for a 'life time service'!! Buggers
    #3
  4. DaveA3
    Offline

    DaveA3 Audi A-Trizzle!

    Joined:
    Feb 25, 2010
    Messages:
    2,374
    Likes Received:
    14
    send them a nice virus. restart your router etc. u could also ask ur ISP for a new IP
    #4
  5. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,147
    Likes Received:
    102
    OK, I'll spare you the technical nonsense unless you're really interested, but although it's clearly well-meaning, none of the above will help.

    Again, levelling the machine is step 1. Don't use Windows restore or any other ****, stick the disc in, delete the partition in setup and start again (of course back-up irreplaceable data first (non-executable files only)).

    If you want a step 2; ring the bank and get new cards/details - if:

    a) You've got card/account details saved locally on the machine
    b) You've typed any card/account details since the phone call (a key-logger is a likely component of whatever they've installed)
    c) You'd prefer peace of mind - even if the bank opt to do nothing, get it on file, so if the **** hits the fan later - it's their fault.

    But again, don't worry about your router or the DHCP-assigned IP address you're almost certainly using, and get the software off the machine.

    Rob.
    #5
  6. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    I have disconnected the computer from the internet and contacted my bank earlier today. The annoying thing is that I put the Win7 disc somewhere safe and now haven't got a clue where it is. What's really annoying is that my wide works in IT. I know I shouldn't generalise because there are various specialisms, but:banghead:

    I guess it I will be using the net via my iPhone until I can find this damn disc.
    #6
  7. DaveA3
    Offline

    DaveA3 Audi A-Trizzle!

    Joined:
    Feb 25, 2010
    Messages:
    2,374
    Likes Received:
    14
    whats to stop them connecting again though? obviously now he has turned the net off but they could just reconnect and do it all again. Changing IP would prevent that as long as its not in the same range hence the call to the ISP. I dunno what software they used to connect but its easily configured to not even ask permission to connect as im sure u know mate.

    granted a fresh install would be the best option anyway which would nuke any software scripts etc in order for the above to take place
    #7
  8. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,147
    Likes Received:
    102
    First of all, I'd be prepared to stake all the cash in my pocket that the connection isn't initiated inbound; it's just too much of a headache to get through a Network Address Translation layer when it's far easier and more reliable to get someone to hit an URL which will download a component to initiate remote access from the client side - that negates the need for any NAT traversal as the first packet outbound will have the MAC address of the adapter on the LAN at the other end (this is exactly the same way TeamViewer, Skype and later versions of MSN work). It makes sense to do it that way because whatever the remote-access session is used to install will be making outbound connections to send your bank details / the offset of your wheels / your mrs' vital statistics (/whatever data they want to collect).

    That being the case, changing your IP won't do a blind bit of good because when whatever malware they've installed is able to reconnect to the net, the folks who put it there will get a packet with your internet IP and the MAC of the machine they're interested in.

    So, wiping the machine from the partition upwards will remove the malware; meaning there'll be nothing there making outbound connections, let alone sending data - and of course it won't matter whether you're using the same IP address or not given that there'll be nothing in the machine to handshake a connection.

    As regards phoning your ISP for a new IP address, that's only ever really any use if you've got a static IP address - but folks using them will generally know that because a) they'll know they're paying for one (or more), b) they'll generally want one for a reason, and c) they'll be awfully upset about the prospect of changing it (because of (b)). If you're using an IP address which is assigned by Dynamic Host Configuration Protocol, getting a new IP is as easy as turning your machine/router off long enough for either a) the lease on your IP to expire, making it likely to be re-issued, b) peak demand to mean that leases on currently-unused IPs are ignored and the address is reassigned due to a shortage in the pool. If you rang your 'mainstream' ISP and asked the banana bin on the phone to give you a new IP they'd probably have no concept you're on about, and I'd doubt you'd ever get through to someone with enough access (and inclination) to find your DHCP lease and release it.

    So... IP has very little effect on the problem; and the ONLY real course of action is to level the machine. Now, by my reckoning you need to come and hold this mahoosive quatrro gearbox for Byzan A4 because I've been writing ^that^ ;)

    All the best,

    Rob.
    #8
  9. NHN
    Offline

    NHN Modmetractor

    Joined:
    Jan 14, 2008
    Messages:
    27,226
    Likes Received:
    1,220
    I concur with Rob, all of the above, no other way forward, 1st port of call would be banks & any online systems that saved login info even if encrypted, change passwords immediately just as precaution.
    #9
  10. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    I got in touch with the bank who has advised me that I should download their protection software. The other lucky thing is that my password is the same, but there is also a requirement for a random numbering system which changes everytime I logon.
    #10
  11. NHN
    Offline

    NHN Modmetractor

    Joined:
    Jan 14, 2008
    Messages:
    27,226
    Likes Received:
    1,220
    #11
  12. DaveA3
    Offline

    DaveA3 Audi A-Trizzle!

    Joined:
    Feb 25, 2010
    Messages:
    2,374
    Likes Received:
    14
    Rob

    thats why ur the boss. i didnt think about that to be honest. Just assumed it would be some sort of inbound attack.
    #12
  13. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,147
    Likes Received:
    102
    (FAIRLY IMPORTANT) BUMP:

    Well, I've just had the call myself...

    Landline rang, loads of zeros on the caller display; I answered, and a far eastern accent started to talk about Microsoft, my computer having a virus, and them needing to fix it. It was almost nonsense, and as soon as I asked questions it became apparent the caller wasn't making sense of a word I was saying.

    That was until I said "Are you suggesting you need to gain access to my computer to remove a virus from it? <pause> In that case I need to call the Police" - and the caller hung up.

    Be on your guard folks, they're probably not all as sloppy as that; and they're DEFINITELY still out there...

    Rob.
    #13
  14. jojo
    Offline

    jojo S3 Drift King! Staff Member Moderator

    Joined:
    Sep 4, 2003
    Messages:
    25,972
    Likes Received:
    1,576
    I would have said, ok, you've been on the phone long enough for the police to track where you are, goodluck, mwuhahahahaha! :laugh:
    #14
  15. mikeyg
    Offline

    mikeyg Member

    Joined:
    Jan 4, 2011
    Messages:
    835
    Likes Received:
    3
    I doubt the phone call would have even got to that with me,if anyone phones me at home from a company i dont recognise i normally just hang up, or sometimes leave them on the phone talking and just put the phone on the side and see how long they will continue to talk to themselves for.
    #15
  16. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    I'm starting to get annoyed now. I still can't find my Windows 7 disc, so still doing everything via my iPhone. When I get a chance, I will pull our office apart to see if I can find it. Such a pain.

    HSBC recommended downloading Rapport, but I won't be installing it.
    #16
  17. DaveA3
    Offline

    DaveA3 Audi A-Trizzle!

    Joined:
    Feb 25, 2010
    Messages:
    2,374
    Likes Received:
    14
    cheers rob better tell the parents..

    thought it would be a one off thing
    #17
  18. Gti Jazz Blue
    Offline

    Gti Jazz Blue Active Member

    Joined:
    Feb 26, 2007
    Messages:
    1,655
    Likes Received:
    6
    I've spread the word to the olds and my collegues.

    Paul
    #18
  19. scbduke
    Offline

    scbduke Member

    Joined:
    Aug 1, 2005
    Messages:
    55
    Likes Received:
    0
    I've had a couple of similar calls in the past along the lines of "We've noticed that your windows system is running slowly .........." to which I reply "Could be a bit difficult as we're a Macintosh only household"
    When they continue to rattle on I've either just hung up or asked them if they know the difference between a Windows system and a MAC - that normally ends the call. And yes, every time I've had a call it's come from India.
    #19
  20. Crazyfool
    Offline

    Crazyfool Lead boot

    Joined:
    Feb 15, 2007
    Messages:
    638
    Likes Received:
    26
    Definately not. My father has had a couple of calls and a friend said he was caught hook, line and sinker
    #20
  21. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,147
    Likes Received:
    102
    Rapport's not all that bad in fairness. I eventually installed it, its main component is a browser plugin which apparently prevents you getting scammed by url masking / iframes etc; I'm not sure how much defence it is against keyloggers and the like; but it at least ensure you're only opening sockets to where you intend to when using banking/ecommerce.

    There's a toggle for it too (I think it puts it in a programs group on the start menu), so you can 'unload' it if you're worried about overall privacy, and just use it when you do your banking/commerce - I figured it's probably better to be able to answer "yes" if you're ever in the unlucky position that someone from HSBC is asking "so had you installed the rapport security software we recommened before that cheeky scamp cleared out your bank account*?" (* = /overdraft!).

    Rob.
    #21

Share This Page