Today I received a phone call at 5:24PM (CST) from (281) 593-3503 showed up on caller ID as Cleveland, TX.

This is the 2nd call from this person, who had a strong foreign accent. The first time I received a call from him, I told him I wasn’t interested and hung up. This time I was bored, so decided to go along with him.

Here’s how the conversation went:

He started out by telling me he has been monitoring infected files on my computer. He then asked me is my computer connected to the internet.
I said yes.

He asked what I seen on my screen, I said google

He asked me to close the window and press <windows/flag> key and “R”, I complied.

Capture

 

 

 

 

 

He asked me what I saw, I told him the run screen.

He asked me to type “inf hiddenfiles” then asked me if I knew what it was, I said no. then pressed enter after he instructed me to.

This opened a window

Capture2

 

He then asked me if I knew what these files were, I said no.  He said that they were a list of infected files. These are infact driver information files (windows/inf)

Then then asked me to go to a website by way of <win/flag> + R (run command) ( http://rescue12.webs.com )

scam_site

 

 

 

 

 

 

Then he asked me to download teamviewer and install it on my computer.  Since There was no way  I was going to give him access to my computer, I went ahead and pulled the plug.

I asked him, since he seen infected files from my computer, what was the IP address of my computer.  He didn’t have an answer.  I then asked him who my ISP was, he didn’t have an answer… I figured I spent enough time of the phone with this idiot… so I told him I knew what he was up to and was reporting it to the authorities.  He said go ahead, then hung up.

Now, here’s some relevant data for us geeks:

Who is for the website hosting the probably viruses:

I’m not being paid to do this, so I’m not going to load the files and see what wireshark shows… and perhaps trace the IP, which I would assume would be in a foreign country.

Bottom line everyone… if someone sends you links and they don’t look right… double check before you give anyone remote access to your computer. It is extremely easy to gain prolong access to your computer if you just give me 10 secs of remote access to your computer. If you get a phone call from your ISP (cox or centurylink) then perhaps it may be a legitimate phone call, but VERIFY.

I also asked for a call back number, and he gave me: 201-234-4604, I did not try to call it.