Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Is VSupport LLC legit?

  1. Sep 26, 2013 #1
    My wife called VSsupport LLC to help and took over the computer and did a lot of things......while I was asleep!!!! They claimed I have trojen stuff and all. When I woke up, I quickly disconnect the phone call and everything else.

    They claimed a lot of the system drivers are disabled. My question is

    1)Is VSupport ligit?

    2)They claimed the trogen house can infect the DSL MODEM and wireless connection. That the Norton anti virus cannot even protect. Is this true?

    3)My wife they them took over the computer, what potential damage can they do?

    4) We have electronics bank accounts on the computer, any danger for them to hack into our account? We called the bank, they said it's not easy to get into the account.

    5) What should I do. I am using an old computer right now, I don't even dare to turn on all the new computers!!

  2. jcsd
  3. Sep 26, 2013 #2
    1) I don't know. I dare not say they are not legit, but I dare not say they are legit either. First time I hear about them.

    2) Its called a troyan horse not house. It's weird how they know that Norton cannot protect against it, I don't know how they detected it despite the fact that a well known industrial antivirus couldn't. Smells fishy. If they scanned your computer they have remote access to it. Try to undo that. Try to uninstall whatever program they used to remotely access your PC and scan it.

    3) If they were able to scan it, they have access to every single file in your PC. Though, I don't say it so you get alarmed. Just so you know the truth.

    4) I believe there are ways a person can fake an bank account transfer although I myself don't know how it works. I just once read over the lines a method scammers in remote countries use to do so. (I don't even know why I'm telling you this, I hope you are not getting worried cause that is not my intention). Everything depends on how easy or hard would the bank go before authorizing a transfer.

    5) I would suggest trying to install a free antivirus and scanning your PC. Download it from another PC and without connecting to the internet on the infected one, install it (on the one that is infected). Be careful when googling. Some free antiviruses are not antiviruses at all but troyans or a virus themselves. I use none of the following, but you can try safely what many others are using: Avast, AVG, or Comodo (the free version). (That's great, now I'm doing non-paid advertising, lol). Note, if the supposed to be infected computer has Windows XP, don't use Avast. As of 2013, it will render it useless (previous self experience).

    Or you could just google and learn how to clean your pc free of viruses yourself, or ask a friend who knows.
  4. Sep 26, 2013 #3
    Thanks for the detail reply. I since contact Norton, they said it is not possible to infect the DSL modem and the wireless connection. Is that true. Should I can the Att provider?

    They suggested and I am running the Norton Power Eraser on the other computer.

    So I should go onto Control Panel, then Add/Delete programs to look for what is installed today and uninstall that?

    Again, thanks for the quick reply.
  5. Sep 26, 2013 #4
    Oh, I forgot about the modem. Yes, you can connect the modem again and use the internet on other computers, but don't connect the infected one to the internet yet. And yes, you should go to Control Panel and remove any suspicious programs installed today. If you want to know how I would proceed on to clean the PC you can go to the "Steps" part of this post.

    Norton is right and not right at the same time when they say it is not possible to infect the DSL modem and/or wireless connections. It's not impossible, it just requires a real whole lot of work because the malware running from the computer would have to identify the software running on the modem before trying to infect it and have a piece of software that can run under the found modem's architecture.

    As you can see, it is very unlikely (but not impossible) for that to happen for there exist so many modems running different kinds of software. It would be one hell of a malware to infect a modem, if it would I would personally get on a plane, go to your home and get a sample of that malware to study it. :biggrin:

    But jokes aside, a more possible scenario is that the malware scans your local area network for vulnerable computers and try to infect the other computers if it finds an opening. But lets not worry about that because we are about to kick out whatever malware has been bothering you before they have a chance to do anything big.

    First, do run Norton Power Eraser. Let it find and remove whatever it detects as malware. You will probably have to restart the computer before everything is done. Finish this before going to "Second".

    Second, Go to Control Panel and try to find what programs were installed today by sorting them by date. Usually there is a column that says "Installed On" from which you can sort the installed programs by date. From those, try to identify anything suspicious. Anything suspicious would be something you have no memory of having installed yourself. Also, if you find something from VSupport installed, uninstall it (for you no longer need their support). If VSupport was legit, everything should proceed smoothly. Otherwise, either you will have trouble uninstalling it or it will appear to have been uninstalled, but it would still lurk hidden on your system.

    Norton Power Eraser should do the whole trick and even remove anything from VSupport if it was actually unlegit and malware so no further action would be needed. However, if you really really want to take it a step further (I don't think it is necessary), you can proceed to "Third". "Third" is just a way to make sure you get everything from VSupport removed from your PC in the case Norton didn't detect it as a potential threat but as a legit set of programs or to have other hidden entries in your system that are hindrances removed from it.

    Third, to identify any misbehaving programs that may still be hiding from you and Norton Power Eraser I suggest to try HijackThis. Free open source program I always use to manually get those pesky programs that like to misbehave. You can follow this tutorial on how to use it. Just until the part of How to restore items mistakenly deleted. To be on the safe side, create a system restore point before using HijackThis.

    If HijackThis is too much of a bother, you can always use the free edition of the software Spybot which will make pretty much the same thing Norton Power Eraser did to have things nearly automatically done (you still have to choose what to remove and whatnot but in a more user friendly interface than that of HijackThis).

    Sorry for the long post. I expect to have covered the best way of cleaning your PC from threats, but it is important to know that other people would use other methods. Also it is important to know that different kind of infections and different kinds of computer behaviours call for different methods. I personally would proceed like this in your case.
  6. Sep 26, 2013 #5


    User Avatar

    Staff: Mentor

    May I ask why she contacted these people to begin with?
  7. Sep 26, 2013 #6
    i was sleeping!!! She was interested to learn Win 8.....too interested!!!:rofl::cry:
  8. Sep 26, 2013 #7
    I really appreciate your time to type this.
    1) I did run the Power Erase and only 6 programs got picked and deleted. Nothing like the guy in VSupport claimed of 500!!!. The computer is running normal.....in fact it never ran abnormal. My wife just lost an email account and one way lead to another, she contacted VSupport before she woke me up. I almost fell on the floor!!!
    2)I definitely going to run the HijackThis you suggested and also the Spybot. I am not on that computer, I'll report back if I see anything comes out. Do you have a reliable site to download these, I am getting paranoid in getting into some unreliable sites.
    3) I was surfing and I read about the a malware that called "psyb0t" or "Bluepill" that can stay in the modem and router and read the traffic going in and out. But according to the article, the electronic banking communication are encrypted and the psyb0t still cannot read it even they can read the data. You heard anything about this?

    Again I really appreciate your help. Can you tell me which is the best way to learn these kind of knowledge about computers? I am absolutely not interested in gaming and all, but I am very interested in learning how to fix computer from infection, getting into the nuts and bolts of how to deal with computer issues. I was an EE and I have knowledge of the hardware, but not on this end.
  9. Sep 26, 2013 #8
    Another concern is my wife gave the VSupply permission to take over the computer and the guy was actually getting into the configuration and all and start typing all sort of things on the screen. Can he still get into the computer. I do have the Norton Fireware, anti virus and all the goodies running already.
  10. Sep 27, 2013 #9
    They are definitely a legit company but I would advise your wife against allowing anyone access to your computer again, without being tech savvy enough to know what they're doing.

    If she's looking to learn Windows 8, tell her to buy a book or look at some Youtube videos lol.

    Chances are they didn't do any harm to your machine (at least not intentionally) but if they were in there scanning files, making registry changes, etc. they could have inadvertantly caused other issues, and you would have no idea what the new problem is because nobody knows what they did.

    Even when I have a third party (trusted) company performing something as simple as an installation on my machines at work I'm going to be watching everything they do (or have another employee do that) do make sure they don't "break" anything. Trusted or not, I know that they don't know my system as well as me, and could unknowingly do something that affects it in a negative way.

    Bottom line: Your PC should be ok, or at least no worse than it was before she called, but I would advise your wife not to let anyone remote into your system again without knowing exactly what they're doing and what changes they make.

    And no, they should no longer have remote access to you machine. In theory, they now have all the info they need to easily hack into it, but assuming it was the actual legit company, they shouldn't be randomly getting into your machine again.
    Last edited: Sep 27, 2013
  11. Sep 27, 2013 #10
    Your bank accounts are not stored on your computer. You are logging onto the bank's website to view them.

    The only way they could have accessed your account is if you somehow set your browser to remember your user name and password. Simply change your online banking password if you're paranoid. That will solve that.
  12. Sep 27, 2013 #11
    Thanks, you make me feel a lot better. I'll have her change the password.
  13. Sep 27, 2013 #12
    In my wife's defense, I was too desperate yesterday running around, I should have said it all started out she could not get into her email in the new computer and it prompted her to contact the company as the computer is new. One thing lead to another, she allow them to take hold of the computer. She saw me let McAfee took control one time, she thought it's ok to do that. I told her I let McAfee did that because we had their service at the time, and they are well known and I got the number direct from the software installed.....And is McAfee!!!

    BTW, McAfee sucked!!! I had infections with emphasis "s" under them. Their service sucks. I have Norton now, never have a single problem in over 2 years......with my grandson download and playing video games all the time!!! Only thing I ever had to do is stop and delete the extra Apps after he finish playing the game. I have been using their life chat the last two days and they are nothing but helpful. They even called me on the phone to make sure everything is ok. I used their register clean and the old computer runs much faster.
  14. Sep 27, 2013 #13
    Yea and, rest assured, they are a valid company so I wouldn't worry about them doing anything malicious.

    My biggest fear would be them inadvertantly "breaking" something by whatever changes they made to your computer. Like deleting/modifying a file or something in an attempt to fix your computer, and not realizing that another application uses that same file.

    If your machine seems to be running ok, then I wouldn't worry about it.
  15. Sep 27, 2013 #14
    They sure did break something. The Photoshop program disappeared. In the control panel, it had a strange look program not normal Photoshop icon. It was empty. I tried to reload Photoshop, the CD would not activate the computer and not even read the CD. Luckily I learned how to turn the CD into ISO image and mount it. I ended up had to do it the long route to reload the Photoshop.

    Thanks for all your help.
  16. Sep 28, 2013 #15
    Sorry for late response, I was busy with some exams and stuff.

    2) HijackThis is in sourceforge.net. Spybot is in safer-networking.org. Hint: Wikipedia usually has the legitimate websites links of some software.

    3) There always exists the possibility that the virus is programmed to spoof SSL certificates and if it does so, then it can read (and reading means it can copy too) whatever is sent between the supposed to be encrypted page and your computer. Once you know how networks work, spoofing an SSL certificate is kids game. (Why do I always have to be the party pooper and concentrate only on the bad possibilites).

    The good news is that from what I have read, psyb0t hasn't been seen doing such even thought to me it appears to have the capability of doing so (I can't find details on the attack tools it posses). Although it is mentioned that it can steal personal information, to me it appears to be targeted more at websites like forums and databases and to spread itself, not at stealing personal people's info.

    I'm happy you want to learn. Since you are an EE you will get things really fast :smile:. It's just that I'm a bad teacher like all those nerds who look like they have a lot of knowledge but are uncappable of expressing what is in their brains (rendering them useless when communicating). Lets see......... Let's organize everything........ and....... ok, I think I have it. The best way for that is the internet (most info is free and you have it anywhere as long as you pay for the internet service or live close to places with free internet access). To go deeper into programming and other informatics subjects then a university would be the best way in my opinion (or maybe just get the names of the books they use for each course and buy them for self study and then you won't have to pay for the course :biggrin:).

    But let's give a try to the internet first. Since we are talking about Windows, the first thing I would tell you to understand is the many ways a program can be executed at startup. There are services, registry entries, scheduled tasks, etc. Understanding them all is a must to know what to look for when dealing with malware (but is not necesarry to go too deep into services). The other would be to understand that in windows there exists ways for programs to code inject others so you won't necesarily see a virus asking for administrator privileges to get a hold of your computer. Then getting your hands in computer forensics software and learning how it works will give you a huge insight and techniqes that will allow you to better asess a problem and choose the correct tools to solve it.

    Here are some nice reads:

    Once again, since we are talking about windows here are a few keywords to look for on a search engine (google, yahoo, duckduckgo, etc) to get something to learn and a boost to look into other stuff:
    Code (Text):
    windows startup locations, windows startup entries,
    start stop windows services, hidden files,
    data recovery , computer forensics,
    using live cd to remove malware,
    types of network attacks, eavesdropping,
    spoofing, man-in-the-middle attack, kinds of malware,
    code injection......
    and I'm leaving a bunch of other concepts, but its ok, you will find them yourself as those keywords will link themselves to other information you may want to know.

    Now if you want to go even deeper like really understanding the system then you need to program for the operating system you are trying to understand. Some books that provide insights into the operating systems workarounds are those that teach about driver programming for the operating system of interest. They teach stuff like the kernel and how it handles nearly everything in the OS.
  17. Sep 28, 2013 #16
    Thanks for the detail answers. I went on live chat with Norton, they said their anti virus and firewall will take care even the infection of the modem. But I don't know how true that is.

    Does it help to use a totally different computer even though it is still on the same DSL modem? How about changing the password of the bank account?

    I am not sure the modem has been infected, only the VSupport person said it's a possibility. He showed 300 trojen horses in my computer, which make me very suspicion of what he said, particularly he tried to make us pay $199 to clean up the system.

    Is there any way to check for modem infection and clean it up?

  18. Sep 28, 2013 #17


    User Avatar
    Gold Member

    The best thing to do is, save any personal data that is on the local drive on a USB device. Then, reload Windows from scratch. And, it never hurts to change your bank password if you think someone else may have it.

    Teach your wife never, ever to allow anyone to take control of the computer. In fact, there is a setting to disable this capability. In the Control Panel, open the System applet and then select Remote Settings. Make sure the box is unchecked next to "Allow Remote Assistance connections for this computer".
  19. Sep 28, 2013 #18
    Thanks, I disable the remote access.
  20. Sep 28, 2013 #19
    One thing I am questioning. I have a 2Wire 1701HG Gateway DSL modem only. It is only a little modem connected to the phone line, not some fancy cable modem that has a lot of intelligence. It is really nothing more than a multiplexer that can mux and demux phone calls and DSL. I just cannot imagine that there is a lot of intelligence needed in the modem. In another word, does it even have the capability that can be infected? At best, I can imagine it is control by some simple processor with a 8051 core and firmware. Can you even infect these kind of stone age modem?
  21. Sep 29, 2013 #20
    That is more inner working of their firewall. I believe that what Norton means is that they have built in their firewall a block to the original IPs of the places where that virus was seen initially operating from, rendering it useless when trying to communicate back to its creators. Or it could be other things like their firewall detects and dismiss any man-in-the-middle attacks by forcing your PC to communicate directly with the router (through forced authentication methods).

    Changing the bank account password is a good idea looking at how things have turned out, but I don't think you have the virus so using another computer won't do anything. I would change the password only because there was someone with remote access to your PC and also because that someone used a very even number of viruses in their report (300, that is way to an exact number to be truth, it can be, but sounds fake).

    Yes, you have to check whether the input ports 23, 22, and 80 are blocked from the router (that is for input connections to the router, not output). The faster way to test this is to try to open the modem configuration through a web browser, if you get 404 not found error, then the input port 80 is blocked and we shouldn't conclude anything yet (because we haven't tested ports 23 and 22) but we can safely conclude the virus is on the modem given the situation.

    If you have it, what harborsparrow said is the best way (there are also "harder but faster ways" and "harder AND slower ways") since the computer is new and a reinstall will be done in the blink of an eye and also, add to that a hard reset to the modem. But just do that if the port 80 test gives a positive since there is no need to go through all that trouble if there is no modem virus.
  22. Sep 29, 2013 #21
    I couldn't say for sure. A stone age modem won't be infected for sure, but there are a few factors to consider like if there is enough space for the virus to allocate itself and the processor architecture of that modem of yours.

    To enter into specifics that virus you mentioned works only on modem routers that have a microprocessor of MIPS architecture that uses little endian byte order since it was compiled to work there. However, knowing what processor architecture yours have takes more time than doing the previous post port check.

    In my opinion, yours is not infected if you are actually using it to enter the forums.
    Last edited: Sep 29, 2013
  23. Sep 30, 2013 #22
    Hi Psinter

    Now I got a new modem, it's Actiontec GT784WN. The 2Wire broke when I tried to hard reset. It would not work anymore. I contacted ATT and they ran a bunch of diagnostics and they told me the modem was bad.

    Is there anything about hard reset that I missed? Could it be the password got reset that I have to reload back in? I search through the control panel trying to find a place to put back in the password and I can't. I am still trying to save the 2Wire. I had to buy a new one in a big hurry as I was totally disconnected( from the world!!!).

  24. Sep 30, 2013 #23
    I can swear the internet comes on much faster with the new Actiontec modem than the old 2Wires. Is that possible?
  25. Oct 2, 2013 #24
    I so had forgotten about this thread, I apologize.
    :eek: Really?! How come? I'm surprised. That's not supposed to happen (but it happened). I highly doubt it was the hard reset as that is something every router must do without bricking itself (unless another firmware was installed by you which we know didn't happen), but if they say the modem was bad then maybe (still can't explain myself how) the hard reset gave the finishing blow.

    The password is not really inserted on the control panel, it is either with the CD software it came with or through the Web Browser. Default URL address to access the password page is, but it can be or any other ip address. It is usually specified in the manual of the modem router. Did you try to write in the browsers URL bar the following one: http://gateway.2wire.net/mdc [Broken]

    when connected to the 2Wire wirelessly?

    Once again I'm sorry for not replying fast, otherwise you wouldn't have had to buy another! That costs real money!!

    Yes, that is possible. 2 things could be happening:
    1) If the internet you are paying for is higher than 54Mbps then you will find faster internet speeds since the new one you bought support higher wireless speeds.
    2) The other one was bad and wasn't giving you the highest possible speed.
    Last edited by a moderator: May 6, 2017
  26. Oct 2, 2013 #25
    yungman, how did it end up like this? We passed from having to fix your PC to buying a new router. It is not my money, but it still hurts my pocket. :cry: Next time I won't reply until having written full instructions on how to completely do whatever I tell you to do. In part is my fault cause I didn't tell you how to specifically do the port check on the modem. I thought you would google it and find how to do it before doing the hard reset, but what has been done has been done.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook