Mom got scammed, need to make sure she isn’t compromised
Mom got a new printer from my Dad's office. She was having trouble setting it up, and went to search for HP support and came across this site:
www.hptechnicalhelpnumber.com
The chat window popped up, and she started talking to them, they got her to install GoToAssist and then ran a bunch of things on her computer. It does look to be legit sites that they went to and certainly went through the motions before trying to sell her on some security package. She didn't opt for the package, but they charged her for their support through PayPal, a total of $150.
It looks like they're a scam company that just tries to dupe the tech-unsavvy.
I told her to go to another device, change any passwords she may have accessed since contacting them, and to cancel the transaction in PayPal, and contact her bank and let them know of any suspicious transactions.
When she tried to cancel PayPal, the guy called back and said they put a bunch of files on the computer. They're batch files, and when I looked at them in notepad, it's just a bunch of jargon that looks like something to the layman, despite spelling errors:
@echo off
echo NETWORK SECURITY INSTALLING ........ Please wait
..........
ping 0.0.0.0 -n 10 > NUL
echo installation process start now
echo 2 Percent completed ..........
ping 0.0.0.0 -n 10 > NUL
cd\
cd windows
cd system32
tree
ping 0.0.0.0 -n 12 > NUL
echo 50 Percent completed ........
ping 0.0.0.0 -n 15 > NUL
tree
ping 0.0.0.0 -n 12 > NUL
echo 99 Percent completed .......
ping 0.0.0.0 -n 12 > NUL
cd \
echo Please wait for final installation ......
ping 0.0.0.0 -n 10 > NUL
echo NETWORK SECURITY IS INSTALLED !!
ping 0.0.0.0 -n 5 > NUL
echo THIS NETWORK IS PROTECTED AND SECURED NOW !!
ping 0.0.0.0 -n 5 > NUL
echo ===============================================
echo Press ENETR to exit SETUP
pause >nul
exit
The next Batch file just runs %VEVLOGCLR% on everything.