The INF-Ammyy Scam – Recovering from a Gotcha

Mary writes (in relation to this article):

Sorry to trouble you like this BUT I fell for the ammyy scam! July 11 6PM. Unlike you, I am computer illiterate, so they accessed my computer remotely (I think they got my computer “ID number” or something). But did not give them credit card number, at least :-) To cut short long, inane story: Am I liable to be under CONSTANT SURVEILLANCE by ammyy?? Is my past e-mail correspondence also compromised? Most grateful for your advice! I have filed a complaint with ICC center (Internet Crime Complaints). Also contacted bank & credit card companies. So far (2 days) no mishaps! But what about the FUTURE? Many thanks! P.S. I listened to your audio clips — scammer sounded exactly like my caller…

Don’t feel too bad – the scam is designed to be confusing and scary for you. It’s good that they didn’t get direct access to your banking details. However, it is difficult to know how much access they still have to your computer, or what they intend to do with the access they have gained. Does anyone have any insights as to what actual damage has been done by these people in the past?

Let’s be sure the main access route is closed. Remove the Ammyy Admin software to ‘change the locks’ and make sure the access you originally provided (the ID Number) doesn’t work any more.

  1. Press the Windows key and type ‘Control Panel’ (enter), then click on ‘uninstall a program’
  2. You should see ‘Ammyy’ or ‘Ammyy Admin’ in the list somewhere: click on the name and then click ‘Uninstall/Change’
  3. Follow the instructions from there, and reboot your computer.

That should shut down the access they gained to your computer during your call. Unfortunately, it is possible that since gaining access to your computer they may have already installed other, invisible methods of gaining access. (That would be the first thing I would do, if I were not so nice)

It’s difficult to know if your email records have been accessed, and if your passwords have been compromised. It may be a good time to change your passwords, including the password you use to access your computer, just to be on the safe side. Even if someone doesn’t have access to your computer, it’s a good habit to get into every six months or so.

Spyware and Malware detection programs should help you figure out if other people still have access to your computer using invisible software. Microsoft’s built-in solution ‘Security Essentials‘ should already be installed, and will hopefully flag any untoward software and behaviour, but just in case, I would perform a full spyware scan of your computer to make sure:

  1. If Security Essentials is installed and running, you should see a green ‘House’ on the bottom right of your screen (you may need to click the ‘up’ arrow) – double click on it. (If not, install Security Essentials quickly via the link above!)
  2. Select the scan option ‘Full’ and click the ‘Scan Now’ button.
  3. Wait until it completes, and follow any instructions.

If the scan completes without an issue, you may be in the clear, but keep monitoring your computer (and accounts) for unusual behaviour.

I hope this helps! If you have any other advice for Mary (or corrections), please comment!

UPDATE: August 2 – It looks like the scammers are pretending to be from Telstra now:

UPDATE: September 8 – It also seems the latest Microsoft Security Essentials malware definitions are treating the AMMYY Admin software as hostile and removing it. Guess that points to the AMMYY organisation being part of the problem, not an innocent party. Suggest avoiding at all costs. Microsoft has a good article about what they do and don’t do over the phone, and some advice about what to do if you’ve been scammed.