Who you gonna call?

This is a tale of woe we want to share with you because it’s interesting – and it’s a great example of ‘buyer beware’. It’s technical, so read on at your own risk.

Like everyone else (almost) on the planet, we believed we had to have a third party anti-virus system on our computers. We’ve had a few over the years – Macafee, Norton, AVG. A few years ago we switched to Avast’s freebie, then I decided to upgrade to a paid plan because it countered risks like malware. We had the Premium package, and have run that for a couple of years. Last November, I splurged on the $80 secureline option which was supposed to secure my internet connection.

In the last few weeks, around Christmas time, Avast started coming up with error messages informing Pete, whose machine is connected to the router, that such and such network had been changed from private to public.  At first, we didn’t take much notice, but as it became more common, we paid attention. We didn’t even recognise some of the network names. We couldn’t find out anything much about the message, so we contacted what we thought was Avast’s Australian online support. This was conducted via a chat interface.

Peter explained the issue and asked if the network switching from private to public was something to worry about. Yes, was the answer. We were transferred to someone else, who put us in contact with technical support. The tech’s name was (apparently) Jones. He asked for permission to take over the machine so he could check the status of the firewall and settings. Since we were connected to Avast we granted permission, and the conversation proceeded. Here’s a transcript.

11:36 AM Connecting…

11:37 AM Connected. A support representative will be with you shortly.

11:37 AM Support session established with Jones.

11:37 AM Jones restarting application as Windows system service

11:37 AM Connecting…

11:37 AM Application running as Windows system service

11:37 AM Connected. A support representative will be with you shortly.

11:38 AM Support session established with Jones.

11:38 AM You have granted full permission to Jones. To revoke, click the red X on the toolbar or press Pause/Break on the keyboard.

11:38 AM Remote Control started by Jones.

11:39 AM Jones: Hi, May I have your full name and your email address please?

11:39 AM Customer: Gret Johanna van der Rol [email protected]

11:39 AM Customer: Greta

11:40 AM Jones: Thank you, May I chck your fire wall settings?

11:40 AM Customer: Please do

11:41 AM Jones: Thank you, please dont move your mouse while I check

11:47 AM Jones: do you see those errors?

11:47 AM Customer: Yes, windows update failure

11:48 AM Jones: Most of the services were got effected. It seems already the security layer of your computer might have severely got effected  that may allow others to access your computer without any authorization anytime.

11:49 AM Jones: Did you download anything from internet recently?

11:49 AM Jones: From a non reliable resource

11:49 AM Customer: Free books from Instafreebie?

11:50 AM Jones: Okay, Let me check one more thing

11:50 AM Jones: Please wait

11:51 AM Jones: Do you see that, windows has stop defending itself

11:51 AM Jones: The defender is not working anymore

11:52 AM Customer: Yes. Can you turn it back on?

11:52 AM Jones: Sure, Even If I turn it on the onfection on your computer might turn it off soon

11:52 AM Jones: Let me show you something important

11:54 AM Jones: I hope you cane see the number of infections

11:55 AM Customer: Yes. What should I do?

11:55 AM Jones: We need to get rid of all these values fast, they could alter the functionality of software on your computer and may finally crash it. Eventually when the other programs are executed, even more programs may get “infected” with these self-replicating infected files.

11:56 AM Customer: Sure. How do we do that

11:56 AM Jones: Not to worry, We will do that for you. we found the exact locations to fix it. Today we will do a complete clean-up of your PC, fix your email issue, secure all the Pc and email ports, reconfigure all infected programming files, so that this issues is fixed and your computer would be safe without any data loss and computer crashes.

11:56 AM Customer: Excellent

11:57 AM Jones: Now for me to perform this task, we have few fix options for you. Let me give you a brief about the options. May I?

11:57 AM Customer: Yes please

11:58 AM Jones: 1. One time fix [Manual Clean-up + Today”s Fix] : $179.99

2. Unlimited Tech support & Protection Plan for 1 Year : $299.99 (Includes today’s fix)
3. Unlimited Tech support & Protection Plan for 2 Years : $399.99 (Includes today’s fix)
4. Unlimited Tech support & Protection Plan for 3 Years : $499.99 (Includes today’s fix)

* The Unlimited plan also includes today’s fix.

* We will also install a calling card on your computer wherein you can reach our technicians automatically just by one click at any time.

Benefits of Unlimited Tech Plan : (Best value for money)

1. Help to protect your privacy, data and online identity.
2. Support for all kinds of Software related issues.
3. Security against hackers programs, Viruses, spywares.
4. Complete manual check-up periodically
5. Cleanup of Registry & infected files.
6. On Demand System Security Check.
7. Fixing will be done in no time.
8. We are just click away, no hold time to reach us.

I would suggest you to go for the long term as there are several issues on your PC and better value for your money.

12:00 PM Customer: Isn’t this what we’re paying Avast for, so this doesn’t happen?

12:00 PM Jones: the truth is no anti-virus is fool proof, so that’s the need of manual clean-up of any threats like Trojans, spywares at least once a month so that you can eliminate any threats immediately. This is where the human intervention is required.

12:01 PM Jones: Manual clean up is completly different from software clean up

12:03 PM Customer: I’ll do the option 1. Please make sure everything that should be turned on, is.

12:04 PM Jones: We will ensure that all the issues will be fixed

12:04 PM Jones: Shall I proceed with the one time fix

12:04 PM Customer: Yes please

12:06 PM Jones has sent a link: daskanini.com

12:08 PM Customer: Jonesy, we thought we were talking with Avast.  How did Log Me Rescuue get involved.

12:09 PM Jones: We do support for Avast products

12:09 PM Jones: Logmein rescue is the remote tool which is used to take the remote control

12:09 PM Jones: Thats a third party tool which everyone use

12:10 PM Customer: So who are you?

12:10 PM Jones: We are daskanini LLc

12:10 PM Jones: We support for Avast products

12:11 PM Customer: Well we’ll talk to Avast before we do anything.

12:11 PM Jones: Okay, I understand that, we gurantee 100 percent fix, if not you will get your money back

12:14 PM Customer: Send me your email address so we can get back to you, shortly.

12:18 PM Customer: You still there?

12:19 PM Customer: Email [email protected]

12:19 PM Customer: Thks

12:19 PM Customer has revoked all permissions.

12:19 PM Remote Control by Jones stopped.

12:20 PM You have denied full permission to Jones.

12:21 PM Jones has ended the session.

We started getting suspicious at the size of the fee, although we seemed to be trapped between a rock and a hard place. So we got an email address, and closed the call. Then we did some homework.

First , note this statement.

11:51 AM Jones: Do you see that, windows has stop defending itself

11:51 AM Jones: The defender is not working anymore

In fact, when a third-party product like Avast is installed, Windows Defender has to be turned off.

Next, here’s a screen shot of Event Viewer from my machine. This was what Jones was showing us when he says ‘do you see all those errors?’ (Remember, my machine was fine – we were working on Peter’s)

Note the error messages. Scary stuff, huh? Well, no, actually. Scammers use that technique to trick people into thinking there’s a problem.
https://www.howtogeek.com/123646/htg-explains-what-the-windows-event-viewer-is-and-how-you-can-use-it/

The next thing to do was make sure the system on Peter’s machine was clean of any malware. I followed the steps detailed in this PC World article. Make sure you download a malware program such as MalwareBytes before you reboot your machine in safe mode. We were not surprised to discover there was nothing wrong with the machine and made sure to get rid of logmein, the program the scammers used to take over the machine.

We were pretty incensed that the support person had put us through to a scammer, so we contacted the company via email. After some discussion, we learned that we had not been talking to Avast at all. If you google Avast support you’ll see a list of sites purporting to support Avast customers. A couple of them are Avast.antivirussupportaustralia.com and getavast.net/support. They’re all scammers. We should have gone to the Avast site (Avast.com/en-au/support.) There’s nothing Avast or any of the other companies hit by these people can do to stop the scammers. They buy a domain name that sounds right (antivirus support australia). That’s perfectly legal. If we’d looked more carefully at the site, we would have found a very badly written disclaimer in the footer, stating that the company had no affiliation with Avast. But we didn’t.

So, we’ve learned a lesson. However, at least we had the sense to back off and investigate.

Take care out there, people. There are unscrupulous people who want to take advantage of you.

*******************************************************************************

Oh, and by the way, I’ve good a new book out if you’re into SF romance. Not too much romance, lots of intrigue and planet-hopping.

When history professor Olivia Jhutta receives a distress call from her parents, she sets out into space with their business partner, her grandmother, and injured Confederacy Admiral Jak Prentiss to find them. But she’s not the only one interested in the Jhutta’s whereabouts. The Helicronians believe Olivia’s parents have found an ancient weapon which they can use to wage war on the Confederacy.

Jak goes on the trip to fill in time while he’s on enforced leave, helping Olivia follow cryptic clues in what he considers an interplanetary wild goose chase in search of a fairy story. But as the journey progresses and legend begins to merge with unsettling fact, Olivia and Jak must resolve their differences and work together if they are to survive. The two are poles apart… but it’s said opposites attract. If they can manage to stay alive.

Buy it now on Amazon  Google iBooks Nook Kobo  (I’ll add them as they go live)