esoftdata

[huckleberry]

I think I've been conned by this outfit out of $150 and now they seem to want me to pay for a driver protection plan saying my system is going to crash in an hour. Anyone know anything about these guys?

 

[Regedit32]

Hi huckleberry,

Welcome to the Forum.

It is difficult to say for sure whether esoftdata is legitimate or not.

Here is an article from 2015 regarding a spyware infection with the name esoft.data:

http://www.capitalcomputercentre.co...hud-dataprovider-dlltrojanbuzus-154041-virus/

You could take a look at that to see if this is what you are talking about. If it is they suggest using an anti malware program called Spyhunter and offer a download from their website, however, if you wish to download this tool I'd recommend going to Spyhunter's official website to be certain you do not accidentally install more garbage.

http://www.enigmasoftware.com/products/spyhunter/

If this is not what you are referring to could you provide more information as to how you originally got esoftdata and where from so I or someone else can check for you.

Regards,

Regedit32

 

[huckleberry]

I never had typing, just a fast pecker so I'll try to be brief. I was using Google pictures to look for skull rings. I saw an interesting piece and clicked on it and was besieged by a warning of imminent threat to my system, and that closing the page would crash my computer. I also was told that a windows approved company would help if I called a number... I did. In a spiel whereby after allowing him to control my computer he told me I was infected by the kubla virus I knew of Russian hostage taking of computers and ransom payments. If I bought their software protection for a year at $149 he'd get rid of it and guarantee me protection from future malicious attacks. I gave in after almost a half-hour spiel, he got my credit card and even sent me formal looking receipts. He put some Esoftdata program on, ran it, and also ran Malwarebytes. Gave me a text document with his phone number, name, and said to call him if I had problems. He even had me on the phone through this as I had called that number. There were others in the background on phones and it sounded legit. This was in April. Today he called and said various foreigners were camped outside my email account trying to gain access. I have Yahoo which had me thinking it might be true, and also Outlook and a Comcast account. Give him access and he'd show me. Sure enough he went into registry or something and where my IP address was there they were. All but five of twelve and many marked established and some marked foreigners. Then he went into my drivers registry and next thing you know he's showing me I have 181 drivers shut off and a crash coming in an hour. Cost? $1 a driver but because I had protection for a year they would fix them no charge. Next thing you know he's selling me a driver protection package for $199. I told him to get f***ed, called him a thief and said he should be in prison for fraud. As I was hanging up he's cursing me. I restarted and came here. I downloaded Spyhunter and it turns out THEY wanted my money too. I saw some pretty scary shit in the scan, more than a few robo dialers, but one in particular that had something that they said would run a false scan and give bad results. Then try to get you to fork over money for software. Then I thought what the heck? Is this one of them too? So I bought Spyhunter and their Registry scan and they got rid of some stuff I never knew I had. I only use Windows protection, have no others like Norton or whatever. I thought as long as I don't open any strange emails, download any files, but come on. A redirect in Google pics to buy a skull ring/ This is crazy. I thought Esoft was so legit. Their receipts, phone number looked so corporate. Windows Approved my ass!

 

[Regedit32]

You are being scammed.

First contact your Credit Card company and let them know about this so they can cancel any future withdrawals from your card by this scammer. They may need to stop your card and issue a new one.

Second, uninstall this program, they installed on your computer.

Third press Windows key and S key to give focus to the Search box then in the search box type Allow remote access to your computer then press Enter key. This will open the following window:

If that box is checked remove the check as explained in picture.

Fourth, run a full system scan using a reputable virus scanner. If you do not have one, use either Windows Defender which is built in to the operating system, or alternatively, press Windows key and R key to get a Run dialog then type in the run dialog MRT and click OK.

You will see a User Account Control appear. Click Yes

This window will open:

Click the Next button

That will take you to this window:

Check the Full scan then click the Next button to begin the scan. This particular scan can take quite a while so be patient.

I'd also recommend doing a rootkit scan of your computer. If you need help with that let us know.

Also, if you happen to have a third party antivirus tool installed like AVG, Norton, McAfee, etcetera could you let us know what one as that will also help to ensure you are given proper advice on what scans to do.

Regards,

Regedit32

 

[huckleberry]

I've done all this just as you said, and the Microsoft Malicious removal scan is running now. I may need help with a rootkit scan. I have no third party software just what I bought and used today (2 Spyhunter programs) plus Defender which I've always used and trusted. I ran a SpyHunter registry scan, and a regular Spyhunter spyware scan and eliminated all they said to. Here's what I don't understand. There is a valid program called Citrix Online Launcher with valid certificates I checked in details and Esoftdata support under a Logmein, Inc. and a Gotoassistcustomerlauncher. It all seem legit. What if esoftdata is real? What if he was following company policy trying to sell me more software? What bothers me is there was no other voices this time in the background. Same guy as before. From India I believe, broken English, hard to understand sometimes. Very slow plodding to the point of making you angry. I kept telling him to fix it already but he seemed to want to walk me through all he was doing. I could see him moving the cursor and it all looked good. I'm no novice but no expert either. The drivers in Windows weren't running when he went there and yesterday I had to wait for Windows to try to open my camera to upload pics but the usual way through photo viewer wasn't working but I did a workaround and manually moved my pics. His name is Austin Miller, which doesn't sound Indian to me at all.

 

[Regedit32]

I can assure you Microsoft do not operate in this manner, and whom ever is calling you is a fraudster.

There is a genuine Citrix tool people can use to remoting into computers and conducting Webinars (which is like a voice to voice or video voip conversation).

If this man installed that for you, or got you to install it, I'd recommend uninstalling it as they may be using this as a back door to get into your computer. The legitimate program also adds an extension or ad-on to your browsers, so you may want to check your browser settings and remove the extension there too.

I'm happy to help with the rootkit scan later but let's wait to see how the mrt scan goes first. Unfortunately is is rather slow but if they have swapped any critical windows files for bad ones it ought to find them for you.

With any luck they did not go that far given it seems they are happy to just take money for services they claim you need, but in fact do not need at all.

Hopefully, your bank can track them down although its notoriously difficult to get these jerks.

Once we are more confident your computer is clean and safe from attack from this man, another thing you may want to do is email anyone in your contacts list to let them know you were taken advantage of and to ignore any false emails relating to this program they used with you; just in case they are using your contacts to email people.

Regards,

Regedit32

 

[huckleberry]

I've deleted that and the others i said earlier, except for one. security task manager which seems to be legit though it may have been one of theirs or SpyHunter's. Don't know. Should I delete that also? And how can I bring up those foreign hackers sitting outside my ISP gate that he showed me? He said his program stopped them from getting in, but if so I said, how did they access mt drivers? I have Comcast I said. I asked if they should be notified but he said they just provide the Internet, not security.

 

[Regedit32]

He was lying to you regarding the foreign hackers.

Ignore everything he told you.

Security Task Manager is a third party tool that can monitor tasks as they appear in Windows Task Manager and in theory alert you to any bad ones.

I don't personally think its worth keeping; but that is your decision not mine. If you like it there feel free to keep it.

 

[BigFeet]

Immediately uninstall whatever programs you were instructed to download and install. I would strongly suggest reinstalling Windows from scratch. Sometimes antispyware and virus software can't clean some of these things. These "companies" are famous for install keyloggers and other spying software to steal your passwords and credit card information.

This video is from a former Microsoft employee that was called by one of these scammers. He set up a virtual maching so the scammer couldn't do damage. This was a cold call instead of website, but the scam is the same. It's very informative, and I recommend everybody watch it.