Hey Guys
The Call Center that connects with the name “web expert” with gotoassist instatly knows i’m using a virtualbox when i use win10 as client.
They don’t even sniff around in the virtual machine to find that out. They connect, do nothing on the virtual machine then there is a little loading symbol on the mouse curser and then they disconnect.
I modified the bios information so that msinfo32 don’t show vbox details in the system summary.
What other infomartion can they check out on their end to see that i’m using virtualbox?
its shows its a virtual machine in many other places. first, your task manager has traces and so does “show hidden icons” on the taskbar. another way is if you go to your hard drives it will show guest additions there (you have to right click and hit eject). in your device manager there are a lot of traces of vmware. and in dxdiag there are also many traces. to remove this you just need to change the registry by renaming all these things. for example this https://www.youtube.com/watch?v=6TM45vNI4Qc . that video covers a lot, but for dxdiag you will have to search up the registry values associated with what your seeing (for example it says “Oracle Corporation”) by doing ctrl + f in regedit and change the names. i have to do the regedit for dxdiag everytime i restart my virtual machine though, so i recommend just saving the machine state so you dont have to do that
Probably the BIOS which can be changed using regedit and must be changed after every reboot as it will revert back to vbox after a reboot. But like Bepis123 said, there are traces everywhere.
This is a list of places in the Registry I would change to remove traces of it being a VM, but there are more:
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0030
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{C619A1B3-B3BB-4932-A2D9-DF5FA8A97175}\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0030
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{C619A1B3-B3BB-4932-A2D9-DF5FA8A97175}\0000
HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{98bf5298-3cb8-db49-a8de-182c42c7226b}
HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current
BTW these “web expert” scammers are from Noida, India. The have a second call center in Dehradun, India.
Some their websites
technocare.technology
microsoftsupports.net
supportnumbers.net
samtechnology247.com
oylalainfotech.us
smartsupportconnect.com
computer-peripheral.com
usconnectsolutions.com
supportnumbers.net
(some are suspended)
Not sure about other peoples setup with their VM. But you’re right that with the “Default” settings windows 10 does show that:
I’ve noticed on my machine if I change the settings(in the Oracle VM VirtualBox Manager, Settings) to “None” in the picture as described:
It seems to hide the VM. I would be interested in knowing other peoples results. This is my screenshot of the performance tab after changing the option in the screenhot:
@Bepis123#50495
thank you but already done all of that!
@AussieScamBuster#50509
thank you but i think this are the same regedit entrys as in bepis list but i will check it out!
@Rajeshi_Gardner
pretty sure i chancked the bios info but i will check again
@AussieScamBuster#50597
THAnk you, i didn’t knew it shows in the task manager!
@flashloch#50601 Worst thing about hiding the VM in task manager is that you have to make changes while the VM is “Shutdown/Powered off”, which means after you restart you have to go back into regedit again and edit all the keys you just edited(like the BIOS, DxDiag). I’m pretty sure device manager and msinfo32 won’t need to be edited again after a restart.
@flashloch#50601 Forgot to add, I guess you can backup your registry, then “shutdown/power off”, then edit the “Paravirtualization Interface” to “None”, then after restart use the registry backup to hide your VM, will make it a bit easier.
@AussieScamBuster#50612
I already checked. it’s on none as default
I now know why they instantly know.
When they run a system diagnose Win10 outputs VBOX -1 as BIOS version
But on my win7 MAchine it outputs Dell -1 as BIOS Version
I modified both Machines the same way but it didn’t change the bios version on the win 10 machine
Can someone recommand a Tool for changing the BIOS version with a win10 client?
@flashloch#50614 I just checked on my windows 10 VM and I find by going into regedit on the VM and searching for each and every VBOX -1 and changing it to something else. Just remember after each reboot it will revert back to VBOX -1. I think there are 2 keys with VBOX -1 to be changed, but your system might be different. Just keep pressing F3 until they’re all changed. If necessary I can always connect to your VM and have a look.
@flashloch#50614 Edit: I actually edited 3 Reg Keys:
Computer\HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
Computer\HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{98bf5298-3cb8-db49-a8de-182c42c7226b}
Computer\HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current
@AussieScamBuster#50617
I just checked the registry
if i change the version in:
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
to something else it works till i restart the pc.
My Solution for that was to Export the registry entry and save it in for example “c:\temp\version.reg”
then i created a bat file with the command: regedit /s “c:\temp\version.reg”
then i opened the user und common startup folder
(user: Win+R –> shell:startup)
(common: Win+R –> shell:common startup)
and copyed the bat file in both of them.
Now everytime the system starts it changes it automaticly
Thanks AussieScamBuster and everyone else for your help!
@flashloch#50621 No Worries, glad you have it sorted. That one time fix will cost you $99.00 lol
Dxdiag Editor… Dropbox