:-\ - Well I am consistently getting phone calls from somewhere on this planet claiming that I have a virus on my computer; of course this is a scam to convince me to allow remote access and of course infection. This I do not have any infections all of my systems are running at peak without problems and have a variety of Virus and Maleware protection with full in place firewalls; however I always am curious as to what the Hacker’s are up to so I drag it out; cautiously. Anyway it was interesting to me to what transpired and I wanted to share with the community and discuss the issue further:
Hacker: Goto Run enter CMD
Hacker: Command Window
Hacker: Run prefetch
Me: perfetch doesn’t work from the dos promt.
Hacker: this is because you have a virus on your rundll32 file
Hacker: Goto Run : prefetch
Hacker: See the rundll32 file listing this means it is a virus
Hacker: Goto CMD Dos promt again
Hacker: Run assoc - displays list of file associations
Hacker: See the CLSID
Me: Yes - I see the Send to Target = CLSID
Hacker: Reads me back my CLSID correctly
Hacker: Let me have access to your computer
Me: Not in your lifetime
End of Call
Anyway it was interesting and i then ran a few scans with specific scans of rundll32 in the system32 directory. I was surprised that he had this computers CLSID since I have many and could have been running the assoc command from the dos promt from any of them.
Any comment on that would be interesting to me.
Best regards to all and safe surfing. 8)
I
