Topic: Scammed

[Garth Bock]

A couple of days ago I helped a friend update his Elks Lodge laptop from XP to Windows 10. The reason was his antivirus no longer supported WinXP. He had downloaded the free upgrade but didn't know that he couldn't directly update from XP without a wipe and reload. While I was taking care of it he mentioned about his personal laptop which had a virus on it. (Prepare for head shaking or facepalming). He said the virus popped up with a screen that said it would shutdown his computer and he needed to call a 1-800 phone number at Microsoft to get it removed. He said not long after that he got a phone call from Microsoft that they had detected a virus on his laptop. (At this point I froze because I knew what he had done.) He said he called the Microsoft number and the foreign guy had remoted in and installed software to remove the virus. He said he had to buy the software and paid for a 1 year license. I asked him did he use a credit or debit card and he said he used a credit card. I told him to call the CC company and immediately put a block on any transactions and then get a new card. He told me that 'Microsoft' called him back to check on his laptop to see if it was working ok. I had him run home and get his other laptop. I just finished wiping it and reloading it. Oh and the reason he got virused ? He had a free trial version of McAfee and it had expired a year ago and he had been closing the upgrade message. I charged him double for the reload.....

[Jáchym]

My opinion:
Anti-virus is close to useless these days, or rather - beginning Windows 7, the built-in defender is totally sufficient.
However, you need to make sure you use a good anti-malware, you have correctly set Firewall and most importantly ! you dont click and open everything you see - in such case even the best AV or FW will not help you.
The problem with AV is that most are not very reliable anyway (or rather I should say not much better than the built-in one) and they are probably the most slowing down SW you can install on your PC.

The other issue is that some people even install more AV on one PC 

What also makes this dangerous is that they then assume - "oh, no problems, Im totally protected, I can do anything, if it is a virus, I will be told" - which obviously is wrong.

Oh... and btw..... half a yr ago I saved our company.... I was at work, Friday late afternoon when I suddenly noticed very strange things going on on our network drives. Because I do lot of IT stuff in my company too I have admin rights on my PC and I installed some additional security SW, in addition to the one we all have to use.
I quickly realized what happened - someone's personal laptop got infected, they connected the laptop to our network to access some files, the virus (ransomware...) "jumped" to the network drives and started encrypting everything, every network shared drive and jumped to all PCs that were currently online (I was there by myself it was late on Friday, but many people leave their PCs on over weekend because they do all sorts of calculations and so they wont even notice the slow behavior!)

I immediately called our IT manager, he was there within an hour, we completely disconnected everything (even the forecast servers ). We then had to find the computer that was spreading this. Then going through all offices, checking all PCs that were on... when I went home at 3.30AM we managed to stop it from spreading. Next morning and on Sunday I fortunately found a SW that could decrypt it, but not everything, it only worked for about 80% of the files, rest was lost.

We did have a backup of all this, but it is only made once every month because it is too big. I dont even want to think what would happen if I didnt notice and the thing was spreading and slowly encrypting everything the whole weekend...

[weatherc]

I quickly realized what happened - someone's personal laptop got infected, they connected the laptop to our network to access some files, the virus (ransomware...) "jumped" to the network drives and started encrypting everything, every network shared drive and jumped to all PCs that were currently online

Just for curisioty, how did it came into the company network in the first place?
That just showed a typical case of non-enough AV-security, "we have enough of protection", yep...

[Jáchym]

They made changes after this, it was absolutely not well secured, that person had a laptop they used at home as well as in the office. They needed to get some data from the network drive so they brought it to their office and connected to local network. After this they made some major changes with respect to bringing in own laptops (though my point was also the fact our standard up-to-date commerical AV did not have a chance... it was only because I had other SW that I spotted it and I saw the encrypted files being created on the drive as such