PC fraud by changing properties

[mech-eng]

How can some PC scammers change the properties of a pc and its device manager to sell it to a high price? How can show another PC's device manager as that of the another PC?

Thank you.

 

[Greg Bernhardt]

If there was a way to put it up there, there's a way to change it. I'd guess it's somewhere in the registry.

 

[mech-eng]

Isn't it a simple and well-known method? I suspect that the swindler might take an academic position in an instutition. I have some clues even though they are weak.

Thank you.

 

[Greg Bernhardt]

Isn't it a simple and well-known method?

Perhaps

I suspect that the swindler might take an academic position in an instutition.

Sounds like something you need to handle personally.

 

[mech-eng]

Perhaps
Sounds like something you need to handle personally.

Yes but I am wondering a lot about this trick.

Thank you.

 

[stoomart]

How can some PC scammers change the properties of a pc and its device manager to sell it to a high price? How can show another PC's device manager as that of the another PC?

I've never heard of this in 18+ years in computer security, but I can think if two ways this may be accomplished:

- Malware code that hijacks the execution of the Device Manager interface to present false information (third-party tools like Speccy would not be affected).
- Sophisticated rootkit that intercepts the Windows hardware API calls.​

In either case, most modern antivirus programs would detect this behavior.

 

[mech-eng]

I've never heard of this in 18+ years in computer security, but I can think if two ways this may be accomplished:

- Malware code that hijacks the execution of the Device Manager interface to present false information (third-party tools like Speccy would not be affected).
- Sophisticated rootkit that intercepts the Windows hardware API calls.​

In either case, most modern antivirus programs would detect this behavior.

It was a win 7 notebook, it was like every part of interface was fake. The wireless symbol had a strange behavior. The device manager, control panel and right-clicking on my computer symbol was working properly and I could enter the harddisk. When I shutdown the monitor after turning it and clicking win symbol the operating system was still working properly i.e it could pass to the sleep mode. But when I shut down the pc properly and re-start it didn't boot instead gave the notification of PXE-E61:Media test failure, check cable.

1. Do you think this is still a job of a virus or rootkit?

2. Is this a simple trick?

3. Can the swindler be a programmer and created a completely fake interface?

Thank you.

 

[OCR]

Do you think this is still a job of a virus or rootkit?

Did you look... here ?

 

[stoomart]

It was a win 7 notebook, it was like every part of interface was fake. The wireless symbol had a strange behavior. The device manager, control panel and right-clicking on my computer symbol was working properly and I could enter the harddisk. When I shutdown the monitor after turning it and clicking win symbol the operating system was still working properly i.e it could pass to the sleep mode. But when I shut down the pc properly and re-start it didn't boot instead gave the notification of PXE-E61:Media test failure, check cable.

1. Do you think this is still a job of a virus or rootkit?

2. Is this a simple trick?

3. Can the swindler be a programmer and created a completely fake interface?

Thank you.

Without any pictures of the interface, it's easy to speculate about all kinds of possibilities, like a Windows-like Linux distribution.

The PXE boot error means there is no bootable device, so the system may have been booted from a Linux USB, with no OS installed on the hard disk.

A fake-looking interface and not being able to reboot seems like a good indicator the system is being misrepresented.

 

[Svein]

It was a win 7 notebook, it was like every part of interface was fake. The wireless symbol had a strange behavior. The device manager, control panel and right-clicking on my computer symbol was working properly and I could enter the harddisk. When I shutdown the monitor after turning it and clicking win symbol the operating system was still working properly i.e it could pass to the sleep mode. But when I shut down the pc properly and re-start it didn't boot instead gave the notification of PXE-E61:Media test failure, check cable.

1. Do you think this is still a job of a virus or rootkit?

2. Is this a simple trick?

3. Can the swindler be a programmer and created a completely fake interface?

Thank you.

Simplest explanation: Something is connected to your PC and looks like a hard disk. I have had startup troubles from:

• A printer with a hard-disk like interface (it had to be shut down or disconnected during boot-up)
• A device driver CD/DVD containing a small OS (usually a Linux variant)
• An activated USB stick

Start by disconnecting every peripheral, every USB thing and empty all removable drives.
Then reconnect a keyboard and try to boot up. Do you see any difference?
If the problem persists, try hitting [F8] on booting...

 

[newjerseyrunner]

Open the BIOS and check what the boot order is. I'm guessing the USB or Network is the primary boot source, which a scammer would be able to boot up, then disconnect and run without being able to reboot. You can do the same thing by putting an Ubuntu Live CD in your machine and booting it up. Once you take the disk out, Ubuntu will continue to run, but you can not access the real hard drive and rebooting will now bring your session back.