Jump to content
Sign in to follow this  
Windsurf48

866-583-6929 is not tech support

Recommended Posts

I was installing a Netgear Wireless Range Extender yesterday and it did not connect to the router when I tried either of the two methods in the manual, so I entered "Netgear Tech Support" in Google and clicked on the first hit, which at that time took me to a website which looked like a company tech support page. When I called 866-583-6929 and explained the problem, the person who'd answered told me he had to use Teamviewer to access my PC to determine what the problem was. I was skeptical but have a laptop which has no personal or financial information on it and is only connected to the router, so I let him. He opened a CMD window and ran something which produced a stream of names. The last ones were files in the winsxs folder, but it was not any DOS file display format I recognized, and at the end was the phrase "Rookit Found". He said that this was the problem and he had to escalate the case to level four support.

 

I asked the level four person how a rootkit on a laptop not connected to the range extender could impact its connection to the router, and he insisted that the rootkit had spread from the laptop to everything else, including the range extender (which had never successfully connected to anything). I wondered how many rootkits can inflect both a Windows 7 laptop and a router which is presumably running Linux or something similar, but he insisted, somewhat abrasively and condescendingly, that my whole system was on the verge of collapse and needed to be fixed immediately.

 

Next, he asked me how recently I'd check the Windows Event Logs. I'd actually looked at them last week and said so, but again in hindsight I doubt that the average user knows that they exist or that anyone looks at them regularly to check for errors, especially since they always have various errors which don't mean anything. He found something that he claimed showed that my PC had become infected at a time shortly before I'd called him.

 

He then brought up Services and showed me that all the services were stopping, which supposedly was more of the rootkit's activity. At the time, I assumed he had adjusted the window size because the Services window was not in the same location as it has been when I've accessed it, and in hindsight I'm not sure that it was the real Services at all. He brought up Task Manager and pointed out csrss.exe as the problem. Then entered "csrss.exe" in Google and selected a page which stated that it was a known rootkit. I pointed out that the next paragraph stated that it also could be a normal part of the Windows operating system, and he insisted that that was upper case CSRSS.EXE and this was lower case. I was pretty sure that I remembered seeing it in lower case in Task Manager on all my PCs long before the date of he claimed that the rootkit had infected the PC.He also showed that it could not be terminated in Task Manager, which I assume is true of all essential operating system programs, and insisted that only viruses could not be terminated.

 

All along, he was becoming more agitated and condescending at my questions about what he was showing me, and I was increasing skeptical. I finally remembered that neither man had asked for the model or serial number of the range extender and just hung up the phone.

 

I immediately ran CCleaner and BleachBit and rebooted. Then I ran full scans using MalwareBytes Anti-Malware, SUPERAntiSpyWare, Defender, and Malicious Software Removal Tool. I did not expect to find a rootkit, especially after seeing that all services were running normally and the Services window was back to normal, but I was concerned that the two men had left something on the PC like a key logger. So far, I haven't found anything or seen any new program folders in Program Files and Program Files(x86) or in the Control Panel Programs. Secunia PSI and Belarc Adviser also did not show anything new and there was nothing new running in Task Manager.

 

When I scanned on the phone number, I found a thread in a Norton forum by someone who had paid $400 to have his PC fixed when the number turned up in a search for Norton Tech Support, so hopefully all these people were trying to do was to get me to a point at which they could charge me for removing a non-existent rootkit. I reported the incident to Netgear when I finally reached their legitimate tech support who talked me through a missing step in the process of connecting the router and range extender, and the fake Netgear website seems to have disappeared sometime today, I did go back and checked carefully, and it was very similar to the real Netgear website, so being fooled by that doesn't seem to surprising, Not being asked for the model and serial number should have clued me in much sooner, although I'm a little surprised that the scammers didn't do that to make the whole thing look more legitimate.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...