Maybe you tech savvy folks can tell me if I did okay or not.
I got a call from my dad this afternoon asking when I could come by. When I asked why he said that his computer had "flashed" a screen saying that he had been hacked and he should call a number to get it fixed. Naturally he called the number and said my mom was still on the phone with them and that they were wanting $200 or some such to "fix" the problem. I told him to tell her to hang up on them and I'd be right there.
Thankfully I was too far away and it only took me about 15 minute to get there. When I got there my mom was still on the phone with them. I sat down at the computer in question and she handed me the phone. I could see that a remote access program had been installed and activated. I asked the guy on the phone what his name was and who he worked for. He had an Indian accent and responded with "we're working on it. Do not do anything." I asked his name and company again and got the same response. I asked a third time, got the same response, and told him that if he didn't answer my question I was going to "do something". When I wouldn't give me his name and company at the fourth request I hung up the phone and restarted the computer.
Once the PC rebooted I uninstalled the remote access program. I ran Malwarebytes which found a Trojan. I ran a scan with Avast which came up clean. I ran a scan with CCleaner which also came up clean.
I asked them if they had given the guy any information. They had given him a credit card number. I told them to call the credit card company and stop any charges on the card. Naturally they didn't know what to say to the CC company so I told them to call them, tell them that I had permission to talk to them, and that I would handle it. Thankfully no charges had yet been made and the CC company agreed to put a block on the card and send them a new one.
Looking at the history on the computer it looks like the company that would not give me their info was fixalltechwork.com
My dad says he was deleting emails when the "scary" screen appeared.
His history shows the following:
His webmail.
Then a secure site (https) called getmediajobs.org
Then another secure site (https) called larkins-autoservices.com Now this site (non secure - http) appears to be a legitimate website for an auto repair shop in the UK.
My question to you guys and gals is (1) Was I correct in accessing it as a scam (2) Have you ever heard of fixalltechwork.com (3) Is there anything else I should have done?
Thanks