One of the customers had a problem with a new HP wireless printer that they bought. That story aside, As theywent to HP for support and was redirected to Remote computer tech support. which initially claimed to be certified support for HP. The tech offered to fix his computer remotely. The customer agreed, and this is where all the trouble started...
Step One: They take your money
The tech offered my customer “Unlimited One Year Support Access @ $199.99” which claims the following...
"This plan protects your digital investment (computer, software, peripheral, router, etc.), irrespective of brand make or model and warranty status, against hardware and software issues. The featured services include: Setup and installation of computer, peripheral and router, Repair and maintenance of computer, peripheral and router, Software and driver diagnostic update and upgrade, PC health-check-up and removal of viruses and malware, Optimization of computer and resources, All in all, this has been designed to meet all your technical needs at one-flat-rate."
My customer agreed to all of this and happily charged his bank card before they continued.
Step Two: They take control of your computer
Giving initial instructions to my customer, the tech installed remote access software. This software starts on every boot of the machine, and once you're connected to the internet, it grants Remote computer support people unlimited remote access to all of the information in your computer. A while after the software was installed the customer could no longer browse the internet, however file transfers and remote access were still working, and this is how the techs left his computer configured!
The customer called them on the phone again, and the techs promised that they would call him back about this, but they never did. The customer called them back to try and resolve the situation, but they wouldn't, so in turn the customer had to contact his bank and have the fraudulent charge removed, and his account numbers and bank cards changed, etc. The customer called me at Techvedic and I told him to leave the computer off.
initial inspection
After the system was powered up software was loaded on boot-up and immediately connected to the internet after the WiFi connected to the customer's router. Once connected, the software immediately activated the connection for remote techs to log into the computer, without any ability to approve/disapprove their access or to monitor what they were up to in the background. I immediately hit the Quit button but some related processes were still running in the background which I had to ast the customer to manually terminate. After termination, I was able to successfully remove the remote software from the computer, however I still could not browse the internet, so I had to dig deeper
Step Three: Redirecting all internet traffic
Upon deeper investigation I discovered that the remote software had force-installed DNS redirects into customer's computer, which redirected all of his internet traffic through two manually-programmed DNS servers at IPs 216.146.35.240 and 216.146.36.240. I back-traced these servers to Dynamic Network Services in Manchester NH. Manually removing the set DNS servers was not enough, I had to perform more scans to remove the forced-DNS settings from being automatically re-added to Windows' Hosts file!
To top this off, further investigation revealed to me that also reprogrammed the customer's WiFi router, manually setting the DNS servers in the router to the above IP addresses, and they did this in customer's DSL modem as well! Being that the DNS redirect was programmed in three places it was impossible for the customer to totally remove the redirects with the usual scanning methods, so in turn I had to request the customer to manually reset both the router and the modem to factory defaults and reprogram them from scratch with new passwords, etc!
Finishing up with success!
explained to the customer that said DNS redirects and remote software allowed Remote access to everything in his computer whenever it was on, but disallowed him access to the internet so that he could not find any resolution to these issues. After Remote access software was removed the customer was able to once again surf freely on the web.
So request you all " Beware Remote computer access scams "
Issued in the interest of customers safety.
Techvedic tech support
