I had a MS Technician fix a Windows update glitch however he downloaded a virus/malware.


Userlevel 5
Badge +12
I had a MS Tech online chat fix a windows update glitch however during the process I saw a malware warning pop up from Spysweeper recommending don't continue. He X it out and continued and fixed the problem. Right afterwards when the session was over I scanned the computer and I had 6 malwares.  On my scan the W32.adware.gen  Launcher.exe. 
 
It is a legit website.
 
I did an analysis/optimization with Spysweeper and it said I had a possible Launcher leak.  I also have 98 IE something. I forgot but can get it by doing the opt again.
 
Am I safe? I scanned a couple more times and Secure Anywhere says computer is clean.
 
Thanks

20 replies

Userlevel 7
Hello baitnhooklure,
 
You mentioned "Spysweeper". This program has been discontinued almost 5 years ago. The best thing to do is put in a Support Ticket because Webroot Support will probably want your logs from your computer.
 
Please submit a Support Ticket or Contact Webroot Support to sort this problem. This service is FREE with a Paid Subscription.
Support Ticket System is Open 24/7
 
HTH,
Dave. 😉
Userlevel 5
Badge +12
now i see in my email i have enrolled in mercer.com.  help
Userlevel 7
Webroot Support will take good care of you in sorting all your problems. Please Submit a Ticket As Soon As Possible.
 
Thank you,
Dave. 😉
Userlevel 5
Badge +12
my webroot password was changed and not by me!
Userlevel 5
Badge +12
I can't support a ticket because my password isn't taking! I said i forgot and it sent me a different password. The webiste is not legit. I got an email from a yahoo.com posing as MS.
Userlevel 7
Badge +56
SCAM!
 
Please call Webroot Support but you will have to wait till Monday: https://www.webroot.com/us/en/support/contact
 
Call 1-866-612-4227
M-F 7am?6pm MT
Userlevel 5
Badge +12
I restored my computer back to two days ago. I hope this helps. Since I can't submit a support ticket I will have to call the support help line on Monday. I will tryl the support ticket again. thanks
Userlevel 5
Badge +12
My password is ok. The password was for another ticket.
 
I should have known it was a bogus website because there was no lock in the upper right hand corner. Just an symbol. This is my stupidity.
 
Since I restore my computer to two days ago I should be okay?
 
I think I will change my email password.
 
 
I still will call the help desk on Monday.
Userlevel 7
Badge +56
@ wrote:
My password is ok. The password was for another ticket.
 
I should have known it was a bogus website because there was no lock in the upper right hand corner. Just an symbol. This is my stupidity.
 
Since I restore my computer to two days ago I should be okay?
 
I think I will change my email password.
 
 
I still will call the help desk on Monday.
Can you post the link to the Website please?
 
Thanks,
 
Daniel 😉
Userlevel 5
Badge +12
The first link is what I clicked on. The second link is the email reply I got afterwards. 1. https://support.microsoft.com/en-us/contactus/?os=windows-8.1 2. CS3TS.GNRL.WW.00.EN.SUT.KSP.TS.1FL.ADK.SG.CH@css.one.microsoft.com I allowed this person who I thought was with MS access to my computer and the next thing I know he/she downloaded malware. I saw him/her click allow right after Webroot popped up and said don't allow. I immediately got rid of this person however some things were done behind the scenes during the interim. Now he/she used my email that was open at the time and signed up for services at Mercer.com. My bank website was not open and I had cleared my cookies, I did contact them about this for t he record. I ran my Webroot Secure anywhere and it cleaned my computer of 6 malwares. I also restored my computer back to two days ago so that if this person change my registry, etc. my restored date is back the way it was before anything was done. The website that I am getting notice from is below: I replied to this email stating I was hacked and to delete this request. Customer.service@mercer.com Oct 1 at 8:10 AM To - my email address, Congratulations! Your enrollment form has been automatically submitted. Your request for coverage will be reviewed. You will be notified by U.S. mail if we need additional information and when your coverage begins. Once the coverage becomes effective, you may view your coverage information by clicking the My Account button anytime. This mercer.com is overseas in the UK. I sent 4 emails back to Mercer.com to remove me/delete this request because I got hacked. I got a reply email said it would answer in 3 days!! Anything else I can do? I made a huge mistake by not going to Microsoft.com and seeing the lock in the upper left hand corner. $&*!@ Don't do what I did. And allow someone access to your computer unless you know for sure it is a legit webiste. Don't google and allow because these fake websites look like the real thing. I keep getting a Windows update error because Windows 10.0 Feature update to Windows 10, version 1607 Failed to install. I keep getting this error message and was trying to contact MS Support on what to do. Any advice or suggestions is greatly appreciated.
Userlevel 7
Good morning baitnhooklure,
 
Please Call Webroot Support early tomorrow morning. They are the Professionals that can tell what the person did on your computer. I would keep an eye on ALL Your Accounts to see if there is any foul play happening with them. If you have been hacked you will have to change ALL your Passwords on ALL your Accounts to be safe. Please let us know what Webroot Support's conclusion.
 
Thank you,
Dave. 😉
Userlevel 5
Badge +12
When I tried to submit an online support ticket it pulled up a previous one and said the passcode was already mailed to me. I was trying to submit a NEW ticket. I will call Webroot Secure help tomorrow 866-612-4227.
 
Crazy thing is after I restored my computer to a few days ago I still get the MS Windows update error Feature update to Windows 10, version 1607 Failed to install  *@#$*!
 
I have to get this mercer.com company to remove the request from this person who was posing as me using my email. Argg!
 
Glad I got Webroot Secure Anywhere and this community support group!
 
Appreciate the support.
Userlevel 7
Badge +56
Hello,
 
Well this is a legitimate Microsoft Support link so I wonder how mercer.com came into it? https://support.microsoft.com/en-us/contactus/?os=windows-8.1
 
Thanks,
 
Daniel :@
 
Also read this info about Scams:
 
 


 
THIS IS A SCAM!!  Neither Microsoft nor any other company sends emails, pop ups, or phone calls of any kind advising that you may have a problem.
 
If you clicked on any links, allowed them to remote into your computer, or went to any websites please Submit a Support Ticket ASAP.  (Now would be a good idea....)
 
If you would like more information, read on (After submitting that Trouble Ticket.....)
 
NEWS ARTICLE: Tech Support Scams are on the rise.
 
 
Microsoft never issues this type of warning or email or anything of a sort!  Please see the following link for Microsoft's official word on this:
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
 
"Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
 
Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
 
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable."
 
Also see Avoid scams that use the Microsoft name fraudulently
http://www.microsoft.com/security/online-privacy/msname.aspx 
 
 
For more information here's what the United States Federal Trade Commission has to say on the subject::
http://www.consumer.ftc.gov/articles/0346-tech-support-scams
 
"In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they've detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don't need.
 
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it's important to install security software. But the purpose behind their elaborate scheme isn't to protect your computer; it's to make money."
 
This scam is common and has been around for quite a while.  Here is a good Webroot Blog article from April 2013 by Threat Researcher Roy Tobin.
http://www.webroot.com/blog/2013/04/30/fake-microsoft-security-scam/
 
Also add a good free Ad Blocker like the ones suggested below:
 
For Internet Explorer Ad Block Plus: https://adblockplus.org/
 
For Firefox uBlock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=ss or Privacy Badger: https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/

 
Google Chrome uBlock Origin: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
Userlevel 7
Badge +56
So is this email address:@css.one.microsoft.com
http://answers.microsoft.com/en-us/outlook_com/forum/osecurity-oother/is-cssonemicrosoftcom-a-legitimate-microsoft/5bb0dbc9-cd0d-4a11-81e0-1eeedbbb6796
 
Very odd indeed and I assume they tried one of there Diagnostic tools and WSA detected it as malware and could be a FP.
 
Daniel 😠
Userlevel 5
Badge +12
I did submit a ticket just now. It is an ongoing ticket link so I used the password sent and provided all of this information. So the ticket is in. Can it be worked now or do I have to wait until tomorrow Monday morning? Thanks!
Userlevel 7
Support usually takes about 24 hours for an answer. I have seen it take 10 minutes for an answer also. All depends how busy they are. If you don't get a reply by morning, give them a call. 😉
Userlevel 5
Badge +12
Will do and Thanks!  I did look at some prior tickets and info from Webroot Secure and one of the answers had a link to click to run a log which I did and now you will have a log check of my system. 
 
Trying to provide as much pertinent information as possible.
 
Below are the steps to gather this data:

1. Download Webroot's log-gathering utility from the following link:

http://download.webroot.com/wsalogs.exe

2. Save the file to your Desktop (or the preferred Download folder of your web browser).

3. Once it has finished downloading, double-click the wsalogs.exe file on your Desktop to run it.

4. In the box labeled "Email:", enter the same email address you used for this support site.

5. Click the "Go!" button to begin the log gathering process.

Expect the utility to take between 1 to 10 minutes to gather the necessary information. The run time depends on various factors on your computer, including the size of the Webroot software logs and the compression speed of the computer. This utility is designed to gather extended logs from the Webroot software and basic system information.

Your privacy is very important to us. All information gathered is in accordance with Webroot's Privacy Policy and will only be used to expedite the identification and resolution of the issue reported. You can view our Privacy Policy here: www.webroot.com/privacy.

The utility will gather the necessary information and will attempt to return it automatically via a secure dropbox connection (please allow PSCP.exe through your firewall, if asked). A copy of the logs will also be present on your Desktop, named in the following fashion "wsalogs_email@you.set_date-time.7z". The utility will then attempt to return you to this web page; please leave a message letting us know you have sent the requested logs.
Userlevel 7
Badge +56
@ wrote:
Will do and Thanks!  I did look at some prior tickets and info from Webroot Secure and one of the answers had a link to click to run a log which I did and now you will have a log check of my system. 
 
Trying to provide as much pertinent information as possible.
 
Below are the steps to gather this data:

1. Download Webroot's log-gathering utility from the following link:

http://download.webroot.com/wsalogs.exe

2. Save the file to your Desktop (or the preferred Download folder of your web browser).

3. Once it has finished downloading, double-click the wsalogs.exe file on your Desktop to run it.

4. In the box labeled "Email:", enter the same email address you used for this support site.

5. Click the "Go!" button to begin the log gathering process.

Expect the utility to take between 1 to 10 minutes to gather the necessary information. The run time depends on various factors on your computer, including the size of the Webroot software logs and the compression speed of the computer. This utility is designed to gather extended logs from the Webroot software and basic system information.

Your privacy is very important to us. All information gathered is in accordance with Webroot's Privacy Policy and will only be used to expedite the identification and resolution of the issue reported. You can view our Privacy Policy here: www.webroot.com/privacy.

The utility will gather the necessary information and will attempt to return it automatically via a secure dropbox connection (please allow PSCP.exe through your firewall, if asked). A copy of the logs will also be present on your Desktop, named in the following fashion "wsalogs_email@you.set_date-time.7z". The utility will then attempt to return you to this web page; please leave a message letting us know you have sent the requested logs.
Yes and when you run that tool put the same email address you used to contact support so they know who it's from! Also reply to the same ticket saying that wsalogs have been uploaded when it's done!
 
?
 
 
Userlevel 5
Badge +12
Yes, this is what I saw and input my email address and go. I did reply to the ticket that I did this, too! Glad I saved the prior support tickets so I have a head start on all of this. Now the log is on my desktop. 
 
What a mess I got myself into however with Webroot support things will be good again.
 
My main concern now is this Mercer.com website that this person posing as me using my email address what did he/she do?
 
I should have closed all of my browsers and cleared the cookies to be on the safe side and never allow someone on your computer that you are not sure about and if there is no LOCK picture in the upper left hand corner of the URL.  There was an exclamation and not a Lock image.  ARGGG.
Userlevel 7
Badge +56
@ wrote:
Yes, this is what I saw and input my email address and go. I did reply to the ticket that I did this, too! Glad I saved the prior support tickets so I have a head start on all of this. Now the log is on my desktop. 
 
What a mess I got myself into however with Webroot support things will be good again.
 
My main concern now is this Mercer.com website that this person posing as me using my email address what did he/she do?
 
I should have closed all of my browsers and cleared the cookies to be on the safe side and never allow someone on your computer that you are not sure about and if there is no LOCK picture in the upper left hand corner of the URL.  There was an exclamation and not a Lock image.  ARGGG.
Yes keep the ticket going even if you have issues later so they can look back at your history! They will get you sorted!!
 
Thanks,
 
Daniel 😉

Reply