Is VSupport LLC legit?


by yungman
Tags: legit, ligit, vsupport
yungman
yungman is offline
#1
Sep26-13, 12:07 PM
P: 3,844
My wife called VSsupport LLC to help and took over the computer and did a lot of things......while I was asleep!!!! They claimed I have trojen stuff and all. When I woke up, I quickly disconnect the phone call and everything else.

They claimed a lot of the system drivers are disabled. My question is

1)Is VSupport ligit?

2)They claimed the trogen house can infect the DSL MODEM and wireless connection. That the Norton anti virus cannot even protect. Is this true?

3)My wife they them took over the computer, what potential damage can they do?

4) We have electronics bank accounts on the computer, any danger for them to hack into our account? We called the bank, they said it's not easy to get into the account.

5) What should I do. I am using an old computer right now, I don't even dare to turn on all the new computers!!

Thanks
Phys.Org News Partner Science news on Phys.org
SensaBubble: It's a bubble, but not as we know it (w/ video)
The hemihelix: Scientists discover a new shape using rubber bands (w/ video)
Microbes provide insights into evolution of human language
Psinter
Psinter is offline
#2
Sep26-13, 12:47 PM
Psinter's Avatar
P: 72
1) I don't know. I dare not say they are not legit, but I dare not say they are legit either. First time I hear about them.

2) Its called a troyan horse not house. It's weird how they know that Norton cannot protect against it, I don't know how they detected it despite the fact that a well known industrial antivirus couldn't. Smells fishy. If they scanned your computer they have remote access to it. Try to undo that. Try to uninstall whatever program they used to remotely access your PC and scan it.

3) If they were able to scan it, they have access to every single file in your PC. Though, I don't say it so you get alarmed. Just so you know the truth.

4) I believe there are ways a person can fake an bank account transfer although I myself don't know how it works. I just once read over the lines a method scammers in remote countries use to do so. (I don't even know why I'm telling you this, I hope you are not getting worried cause that is not my intention). Everything depends on how easy or hard would the bank go before authorizing a transfer.

5) I would suggest trying to install a free antivirus and scanning your PC. Download it from another PC and without connecting to the internet on the infected one, install it (on the one that is infected). Be careful when googling. Some free antiviruses are not antiviruses at all but troyans or a virus themselves. I use none of the following, but you can try safely what many others are using: Avast, AVG, or Comodo (the free version). (That's great, now I'm doing non-paid advertising, lol). Note, if the supposed to be infected computer has Windows XP, don't use Avast. As of 2013, it will render it useless (previous self experience).

Or you could just google and learn how to clean your pc free of viruses yourself, or ask a friend who knows.
yungman
yungman is offline
#3
Sep26-13, 01:08 PM
P: 3,844
Thanks for the detail reply. I since contact Norton, they said it is not possible to infect the DSL modem and the wireless connection. Is that true. Should I can the Att provider?

They suggested and I am running the Norton Power Eraser on the other computer.

So I should go onto Control Panel, then Add/Delete programs to look for what is installed today and uninstall that?

Again, thanks for the quick reply.

Psinter
Psinter is offline
#4
Sep26-13, 04:49 PM
Psinter's Avatar
P: 72

Is VSupport LLC legit?


Oh, I forgot about the modem. Yes, you can connect the modem again and use the internet on other computers, but don't connect the infected one to the internet yet. And yes, you should go to Control Panel and remove any suspicious programs installed today. If you want to know how I would proceed on to clean the PC you can go to the "Steps" part of this post.

Norton is right and not right at the same time when they say it is not possible to infect the DSL modem and/or wireless connections. It's not impossible, it just requires a real whole lot of work because the malware running from the computer would have to identify the software running on the modem before trying to infect it and have a piece of software that can run under the found modem's architecture.

As you can see, it is very unlikely (but not impossible) for that to happen for there exist so many modems running different kinds of software. It would be one hell of a malware to infect a modem, if it would I would personally get on a plane, go to your home and get a sample of that malware to study it.

But jokes aside, a more possible scenario is that the malware scans your local area network for vulnerable computers and try to infect the other computers if it finds an opening. But lets not worry about that because we are about to kick out whatever malware has been bothering you before they have a chance to do anything big.

[Steps]
First, do run Norton Power Eraser. Let it find and remove whatever it detects as malware. You will probably have to restart the computer before everything is done. Finish this before going to "Second".

Second, Go to Control Panel and try to find what programs were installed today by sorting them by date. Usually there is a column that says "Installed On" from which you can sort the installed programs by date. From those, try to identify anything suspicious. Anything suspicious would be something you have no memory of having installed yourself. Also, if you find something from VSupport installed, uninstall it (for you no longer need their support). If VSupport was legit, everything should proceed smoothly. Otherwise, either you will have trouble uninstalling it or it will appear to have been uninstalled, but it would still lurk hidden on your system.

Norton Power Eraser should do the whole trick and even remove anything from VSupport if it was actually unlegit and malware so no further action would be needed. However, if you really really want to take it a step further (I don't think it is necessary), you can proceed to "Third". "Third" is just a way to make sure you get everything from VSupport removed from your PC in the case Norton didn't detect it as a potential threat but as a legit set of programs or to have other hidden entries in your system that are hindrances removed from it.

[Optional]
Third, to identify any misbehaving programs that may still be hiding from you and Norton Power Eraser I suggest to try HijackThis. Free open source program I always use to manually get those pesky programs that like to misbehave. You can follow this tutorial on how to use it. Just until the part of How to restore items mistakenly deleted. To be on the safe side, create a system restore point before using HijackThis.

If HijackThis is too much of a bother, you can always use the free edition of the software Spybot which will make pretty much the same thing Norton Power Eraser did to have things nearly automatically done (you still have to choose what to remove and whatnot but in a more user friendly interface than that of HijackThis).

Sorry for the long post. I expect to have covered the best way of cleaning your PC from threats, but it is important to know that other people would use other methods. Also it is important to know that different kind of infections and different kinds of computer behaviours call for different methods. I personally would proceed like this in your case.
Evo
Evo is offline
#5
Sep26-13, 06:25 PM
Mentor
Evo's Avatar
P: 25,961
Quote Quote by yungman View Post
My wife called VSsupport LLC to help and took over the computer and did a lot of things......while I was asleep!!!! They claimed I have trojen stuff and all. When I woke up, I quickly disconnect the phone call and everything else.
May I ask why she contacted these people to begin with?
yungman
yungman is offline
#6
Sep26-13, 07:00 PM
P: 3,844
Quote Quote by Evo View Post
May I ask why she contacted these people to begin with?
i was sleeping!!! She was interested to learn Win 8.....too interested!!!
yungman
yungman is offline
#7
Sep26-13, 07:36 PM
P: 3,844
Quote Quote by Psinter View Post
Oh, I forgot about the modem. Yes, you can connect the modem again and use the internet on other computers, but don't connect the infected one to the internet yet. And yes, you should go to Control Panel and remove any suspicious programs installed today. If you want to know how I would proceed on to clean the PC you can go to the "Steps" part of this post.

Norton is right and not right at the same time when they say it is not possible to infect the DSL modem and/or wireless connections. It's not impossible, it just requires a real whole lot of work because the malware running from the computer would have to identify the software running on the modem before trying to infect it and have a piece of software that can run under the found modem's architecture.

As you can see, it is very unlikely (but not impossible) for that to happen for there exist so many modems running different kinds of software. It would be one hell of a malware to infect a modem, if it would I would personally get on a plane, go to your home and get a sample of that malware to study it.

But jokes aside, a more possible scenario is that the malware scans your local area network for vulnerable computers and try to infect the other computers if it finds an opening. But lets not worry about that because we are about to kick out whatever malware has been bothering you before they have a chance to do anything big.

[Steps]
First, do run Norton Power Eraser. Let it find and remove whatever it detects as malware. You will probably have to restart the computer before everything is done. Finish this before going to "Second".

Second, Go to Control Panel and try to find what programs were installed today by sorting them by date. Usually there is a column that says "Installed On" from which you can sort the installed programs by date. From those, try to identify anything suspicious. Anything suspicious would be something you have no memory of having installed yourself. Also, if you find something from VSupport installed, uninstall it (for you no longer need their support). If VSupport was legit, everything should proceed smoothly. Otherwise, either you will have trouble uninstalling it or it will appear to have been uninstalled, but it would still lurk hidden on your system.

Norton Power Eraser should do the whole trick and even remove anything from VSupport if it was actually unlegit and malware so no further action would be needed. However, if you really really want to take it a step further (I don't think it is necessary), you can proceed to "Third". "Third" is just a way to make sure you get everything from VSupport removed from your PC in the case Norton didn't detect it as a potential threat but as a legit set of programs or to have other hidden entries in your system that are hindrances removed from it.

[Optional]
Third, to identify any misbehaving programs that may still be hiding from you and Norton Power Eraser I suggest to try HijackThis. Free open source program I always use to manually get those pesky programs that like to misbehave. You can follow this tutorial on how to use it. Just until the part of How to restore items mistakenly deleted. To be on the safe side, create a system restore point before using HijackThis.

If HijackThis is too much of a bother, you can always use the free edition of the software Spybot which will make pretty much the same thing Norton Power Eraser did to have things nearly automatically done (you still have to choose what to remove and whatnot but in a more user friendly interface than that of HijackThis).

Sorry for the long post. I expect to have covered the best way of cleaning your PC from threats, but it is important to know that other people would use other methods. Also it is important to know that different kind of infections and different kinds of computer behaviours call for different methods. I personally would proceed like this in your case.
I really appreciate your time to type this.
1) I did run the Power Erase and only 6 programs got picked and deleted. Nothing like the guy in VSupport claimed of 500!!!. The computer is running normal.....in fact it never ran abnormal. My wife just lost an email account and one way lead to another, she contacted VSupport before she woke me up. I almost fell on the floor!!!
2)I definitely going to run the HijackThis you suggested and also the Spybot. I am not on that computer, I'll report back if I see anything comes out. Do you have a reliable site to download these, I am getting paranoid in getting into some unreliable sites.
3) I was surfing and I read about the a malware that called "psyb0t" or "Bluepill" that can stay in the modem and router and read the traffic going in and out. But according to the article, the electronic banking communication are encrypted and the psyb0t still cannot read it even they can read the data. You heard anything about this?

Again I really appreciate your help. Can you tell me which is the best way to learn these kind of knowledge about computers? I am absolutely not interested in gaming and all, but I am very interested in learning how to fix computer from infection, getting into the nuts and bolts of how to deal with computer issues. I was an EE and I have knowledge of the hardware, but not on this end.
yungman
yungman is offline
#8
Sep26-13, 07:44 PM
P: 3,844
Another concern is my wife gave the VSupply permission to take over the computer and the guy was actually getting into the configuration and all and start typing all sort of things on the screen. Can he still get into the computer. I do have the Norton Fireware, anti virus and all the goodies running already.
Rick21383
Rick21383 is offline
#9
Sep27-13, 11:44 AM
P: 9
They are definitely a legit company but I would advise your wife against allowing anyone access to your computer again, without being tech savvy enough to know what they're doing.

If she's looking to learn Windows 8, tell her to buy a book or look at some Youtube videos lol.

Chances are they didn't do any harm to your machine (at least not intentionally) but if they were in there scanning files, making registry changes, etc. they could have inadvertantly caused other issues, and you would have no idea what the new problem is because nobody knows what they did.

Even when I have a third party (trusted) company performing something as simple as an installation on my machines at work I'm going to be watching everything they do (or have another employee do that) do make sure they don't "break" anything. Trusted or not, I know that they don't know my system as well as me, and could unknowingly do something that affects it in a negative way.

Bottom line: Your PC should be ok, or at least no worse than it was before she called, but I would advise your wife not to let anyone remote into your system again without knowing exactly what they're doing and what changes they make.

And no, they should no longer have remote access to you machine. In theory, they now have all the info they need to easily hack into it, but assuming it was the actual legit company, they shouldn't be randomly getting into your machine again.
Rick21383
Rick21383 is offline
#10
Sep27-13, 12:06 PM
P: 9
Quote Quote by yungman View Post

We have electronics bank accounts on the computer, any danger for them to hack into our account? We called the bank, they said it's not easy to get into the account.

Thanks
Your bank accounts are not stored on your computer. You are logging onto the bank's website to view them.

The only way they could have accessed your account is if you somehow set your browser to remember your user name and password. Simply change your online banking password if you're paranoid. That will solve that.
yungman
yungman is offline
#11
Sep27-13, 12:48 PM
P: 3,844
Quote Quote by Rick21383 View Post
Your bank accounts are not stored on your computer. You are logging onto the bank's website to view them.

The only way they could have accessed your account is if you somehow set your browser to remember your user name and password. Simply change your online banking password if you're paranoid. That will solve that.
Thanks, you make me feel a lot better. I'll have her change the password.
yungman
yungman is offline
#12
Sep27-13, 12:56 PM
P: 3,844
In my wife's defense, I was too desperate yesterday running around, I should have said it all started out she could not get into her email in the new computer and it prompted her to contact the company as the computer is new. One thing lead to another, she allow them to take hold of the computer. She saw me let McAfee took control one time, she thought it's ok to do that. I told her I let McAfee did that because we had their service at the time, and they are well known and I got the number direct from the software installed.....And is McAfee!!!

BTW, McAfee sucked!!! I had infections with emphasis "s" under them. Their service sucks. I have Norton now, never have a single problem in over 2 years......with my grandson download and playing video games all the time!!! Only thing I ever had to do is stop and delete the extra Apps after he finish playing the game. I have been using their life chat the last two days and they are nothing but helpful. They even called me on the phone to make sure everything is ok. I used their register clean and the old computer runs much faster.
Rick21383
Rick21383 is offline
#13
Sep27-13, 02:10 PM
P: 9
Quote Quote by yungman View Post
Thanks, you make me feel a lot better. I'll have her change the password.
Yea and, rest assured, they are a valid company so I wouldn't worry about them doing anything malicious.

My biggest fear would be them inadvertantly "breaking" something by whatever changes they made to your computer. Like deleting/modifying a file or something in an attempt to fix your computer, and not realizing that another application uses that same file.

If your machine seems to be running ok, then I wouldn't worry about it.
yungman
yungman is offline
#14
Sep27-13, 05:54 PM
P: 3,844
Quote Quote by Rick21383 View Post
Yea and, rest assured, they are a valid company so I wouldn't worry about them doing anything malicious.

My biggest fear would be them inadvertantly "breaking" something by whatever changes they made to your computer. Like deleting/modifying a file or something in an attempt to fix your computer, and not realizing that another application uses that same file.

If your machine seems to be running ok, then I wouldn't worry about it.
They sure did break something. The Photoshop program disappeared. In the control panel, it had a strange look program not normal Photoshop icon. It was empty. I tried to reload Photoshop, the CD would not activate the computer and not even read the CD. Luckily I learned how to turn the CD into ISO image and mount it. I ended up had to do it the long route to reload the Photoshop.

Thanks for all your help.
Psinter
Psinter is offline
#15
Sep28-13, 02:29 AM
Psinter's Avatar
P: 72
Quote Quote by yungman View Post
2)I definitely going to run the HijackThis you suggested and also the Spybot. I am not on that computer, I'll report back if I see anything comes out. Do you have a reliable site to download these, I am getting paranoid in getting into some unreliable sites.
3) I was surfing and I read about the a malware that called "psyb0t" or "Bluepill" that can stay in the modem and router and read the traffic going in and out. But according to the article, the electronic banking communication are encrypted and the psyb0t still cannot read it even they can read the data. You heard anything about this?

Again I really appreciate your help. Can you tell me which is the best way to learn these kind of knowledge about computers? I am absolutely not interested in gaming and all, but I am very interested in learning how to fix computer from infection, getting into the nuts and bolts of how to deal with computer issues. I was an EE and I have knowledge of the hardware, but not on this end.
Sorry for late response, I was busy with some exams and stuff.

2) HijackThis is in sourceforge.net. Spybot is in safer-networking.org. Hint: Wikipedia usually has the legitimate websites links of some software.

3) There always exists the possibility that the virus is programmed to spoof SSL certificates and if it does so, then it can read (and reading means it can copy too) whatever is sent between the supposed to be encrypted page and your computer. Once you know how networks work, spoofing an SSL certificate is kids game. (Why do I always have to be the party pooper and concentrate only on the bad possibilites).

The good news is that from what I have read, psyb0t hasn't been seen doing such even thought to me it appears to have the capability of doing so (I can't find details on the attack tools it posses). Although it is mentioned that it can steal personal information, to me it appears to be targeted more at websites like forums and databases and to spread itself, not at stealing personal people's info.

I'm happy you want to learn. Since you are an EE you will get things really fast . It's just that I'm a bad teacher like all those nerds who look like they have a lot of knowledge but are uncappable of expressing what is in their brains (rendering them useless when communicating). Lets see......... Let's organize everything........ and....... ok, I think I have it. The best way for that is the internet (most info is free and you have it anywhere as long as you pay for the internet service or live close to places with free internet access). To go deeper into programming and other informatics subjects then a university would be the best way in my opinion (or maybe just get the names of the books they use for each course and buy them for self study and then you won't have to pay for the course ).

But let's give a try to the internet first. Since we are talking about Windows, the first thing I would tell you to understand is the many ways a program can be executed at startup. There are services, registry entries, scheduled tasks, etc. Understanding them all is a must to know what to look for when dealing with malware (but is not necesarry to go too deep into services). The other would be to understand that in windows there exists ways for programs to code inject others so you won't necesarily see a virus asking for administrator privileges to get a hold of your computer. Then getting your hands in computer forensics software and learning how it works will give you a huge insight and techniqes that will allow you to better asess a problem and choose the correct tools to solve it.

Here are some nice reads:
http://www.bleepingcomputer.com/tuto...tup-locations/
http://www.bleepingcomputer.com/tuto...es-in-windows/
http://www.cisco.com/web/about/secur...orm-diffs.html
http://technet.microsoft.com/en-us/l.../cc959354.aspx

Once again, since we are talking about windows here are a few keywords to look for on a search engine (google, yahoo, duckduckgo, etc) to get something to learn and a boost to look into other stuff:
windows startup locations, windows startup entries, 
start stop windows services, hidden files, 
data recovery , computer forensics, 
using live cd to remove malware, 
types of network attacks, eavesdropping, 
spoofing, man-in-the-middle attack, kinds of malware, 
code injection......
and I'm leaving a bunch of other concepts, but its ok, you will find them yourself as those keywords will link themselves to other information you may want to know.

Now if you want to go even deeper like really understanding the system then you need to program for the operating system you are trying to understand. Some books that provide insights into the operating systems workarounds are those that teach about driver programming for the operating system of interest. They teach stuff like the kernel and how it handles nearly everything in the OS.
yungman
yungman is offline
#16
Sep28-13, 04:28 AM
P: 3,844
Quote Quote by Psinter View Post
Sorry for late response, I was busy with some exams and stuff.

2) HijackThis is in sourceforge.net. Spybot is in safer-networking.org. Hint: Wikipedia usually has the legitimate websites links of some software.

3) There always exists the possibility that the virus is programmed to spoof SSL certificates and if it does so, then it can read (and reading means it can copy too) whatever is sent between the supposed to be encrypted page and your computer. Once you know how networks work, spoofing an SSL certificate is kids game. (Why do I always have to be the party pooper and concentrate only on the bad possibilites).

The good news is that from what I have read, psyb0t hasn't been seen doing such even thought to me it appears to have the capability of doing so (I can't find details on the attack tools it posses). Although it is mentioned that it can steal personal information, to me it appears to be targeted more at websites like forums and databases and to spread itself, not at stealing personal people's info.

I'm happy you want to learn. Since you are an EE you will get things really fast . It's just that I'm a bad teacher like all those nerds who look like they have a lot of knowledge but are uncappable of expressing what is in their brains (rendering them useless when communicating). Lets see......... Let's organize everything........ and....... ok, I think I have it. The best way for that is the internet (most info is free and you have it anywhere as long as you pay for the internet service or live close to places with free internet access). To go deeper into programming and other informatics subjects then a university would be the best way in my opinion (or maybe just get the names of the books they use for each course and buy them for self study and then you won't have to pay for the course ).

But let's give a try to the internet first. Since we are talking about Windows, the first thing I would tell you to understand is the many ways a program can be executed at startup. There are services, registry entries, scheduled tasks, etc. Understanding them all is a must to know what to look for when dealing with malware (but is not necesarry to go too deep into services). The other would be to understand that in windows there exists ways for programs to code inject others so you won't necesarily see a virus asking for administrator privileges to get a hold of your computer. Then getting your hands in computer forensics software and learning how it works will give you a huge insight and techniqes that will allow you to better asess a problem and choose the correct tools to solve it.

Here are some nice reads:
http://www.bleepingcomputer.com/tuto...tup-locations/
http://www.bleepingcomputer.com/tuto...es-in-windows/
http://www.cisco.com/web/about/secur...orm-diffs.html
http://technet.microsoft.com/en-us/l.../cc959354.aspx

Once again, since we are talking about windows here are a few keywords to look for on a search engine (google, yahoo, duckduckgo, etc) to get something to learn and a boost to look into other stuff:
windows startup locations, windows startup entries, 
start stop windows services, hidden files, 
data recovery , computer forensics, 
using live cd to remove malware, 
types of network attacks, eavesdropping, 
spoofing, man-in-the-middle attack, kinds of malware, 
code injection......
and I'm leaving a bunch of other concepts, but its ok, you will find them yourself as those keywords will link themselves to other information you may want to know.

Now if you want to go even deeper like really understanding the system then you need to program for the operating system you are trying to understand. Some books that provide insights into the operating systems workarounds are those that teach about driver programming for the operating system of interest. They teach stuff like the kernel and how it handles nearly everything in the OS.
Thanks for the detail answers. I went on live chat with Norton, they said their anti virus and firewall will take care even the infection of the modem. But I don't know how true that is.

Does it help to use a totally different computer even though it is still on the same DSL modem? How about changing the password of the bank account?

I am not sure the modem has been infected, only the VSupport person said it's a possibility. He showed 300 trojen horses in my computer, which make me very suspicion of what he said, particularly he tried to make us pay $199 to clean up the system.

Is there any way to check for modem infection and clean it up?

Thanks
harborsparrow
harborsparrow is offline
#17
Sep28-13, 07:35 AM
harborsparrow's Avatar
P: 325
The best thing to do is, save any personal data that is on the local drive on a USB device. Then, reload Windows from scratch. And, it never hurts to change your bank password if you think someone else may have it.

Teach your wife never, ever to allow anyone to take control of the computer. In fact, there is a setting to disable this capability. In the Control Panel, open the System applet and then select Remote Settings. Make sure the box is unchecked next to "Allow Remote Assistance connections for this computer".
yungman
yungman is offline
#18
Sep28-13, 11:58 AM
P: 3,844
Quote Quote by harborsparrow View Post
The best thing to do is, save any personal data that is on the local drive on a USB device. Then, reload Windows from scratch. And, it never hurts to change your bank password if you think someone else may have it.

Teach your wife never, ever to allow anyone to take control of the computer. In fact, there is a setting to disable this capability. In the Control Panel, open the System applet and then select Remote Settings. Make sure the box is unchecked next to "Allow Remote Assistance connections for this computer".
Thanks, I disable the remote access.


Register to reply

Related Discussions
Cornea Remolding: Is it legit? Medical Sciences 9
Eigenvalues / Eigenvectors - Is this a legit question to ask? Engineering, Comp Sci, & Technology Homework 8
Is this GR explanation legit? Special & General Relativity 4
How legit is R considered in industry and labwork? Math & Science Software 2
Legit maths in movies? General Math 15