How to Fix: Your Firewall has Been Breached, Call This Number (Scam)

Dennis Faas's picture

Infopackets Reader Robert C. writes:

" Dear Dennis,

The other day I received a warning that 'Your Avast! Firewall has been breached and a Trojan Horse is infecting your computer. Call 1-888-698-3247.'

I'm a computer novice and I panicked. The warning seemed to appear as part of the operating system, and not the browser. I say this because the warning appeared on the screen, with a voice screaming at me, and I had no idea how to stop it. I held down the power button to force the computer to shut down. I waited three minutes, then powered back up ... but it went right back to the warning and the voice. I did that two more times ... So, I called 1-888-698-3247 and it was to a company called One Solution, Inc in Chicago. I Googled them on my phone and saw favorable BBB ratings and, still panicking, felt it was on the up and up.

$239.99 and 3 hours later, they uninstalled my antivirus (Avast!), then installed their antivirus and Defender Pro and CCleaner software, and they 'fixed' the warning. And it's worth it to note that my PC is running faster and better than it has in a very long while.

Question: Do you know One Solution and are they on the up and up? I still feel like I was scammed and just cannot figure out how that warning came up and if I did the right thing. "

My response:

Unfortunately, you were scammed.

Any virus warning with a 1-800 number attached to the warning message is unequivocally a scam, regardless of whether or not the company in question has a pristine better business bureau (BBB) rating. In this case, it sounds like you were sold a "fix" (to remove the fake warning message), and then sold bogus antivirus software (Defender Pro) in addition to the "fix". The $239.99 you were charged is certainly an eye-watering amount.

I did look up One Solution, Inc. via Google and came across a page on Yelp where someone else was complaining of a similar issue you describe. The complaint page was only available through Google's Cache. At the time of this writing, however, the cache has been updated and removed, so I can no longer access it.

That said, please note the following based on this scam:

  1. The antivirus software (Defender Pro) which you were sold is fake antivirus and will try and trick you to purchase more bogus software. You should uninstall the fake antivirus and reinstall your Avast! (free) or similar antivirus, update the antivirus definitions, and then do a full system scan to ensure that nothing else suspicious is found. If your antivirus doesn't find the problem, you can also try another solution - such as Grisoft AVG (free).
     
  2. The people that run these scams often share your contact information with other scammers, so don't be surprised if you get a phone from "Microsoft" in the coming days, telling you that your computer is infected.
     
  3. Your credit card may be charged multiple times unbeknownst to you, possibly from the same company or an affiliate scammer. Also note that if you call the company to request a refund, you may be charged more money for "ongoing support", even if it's to reverse the original charges.
     
  4. The tech support scammers will have installed remote access software to your computer to perform "the fix". Oftentimes this remote access software is installed stealthily, which means it's very difficult to locate and remove. Based on my own experience, the remote software is left active on the computer even after the company has applied their "fixes". That means the scammers can get back into the system any time they want.

What to do if You've Been Scammed

  1. Call your credit card company and tell them what happened. Attempt to get the charges reversed. You can reference this page if you like.
     
  2. Cancel your credit card and ask the card company to send you a new one, with a new expiration and CSV number.
     
  3. Pay careful attention to your credit card statement in the coming days to ensure the card has not already been charged multiple times, and inform the credit card company if this has happened. It usually takes a day or two and even longer for charges to appear on a statement, even if it's viewed online.
     
  4. As always: if you receive a phone call for "tech support", hang up. Only use reputable online tech support and only if you are seeking it - not if they are seeking you.
     
  5. As always: if you receive a message stating that "your computer is infected", do not call the 1-800 number attached to the warning message. It's a scam!
     
  6. Lastly, have your computer looked at by a qualified professional (and someone you trust) to ensure that any remote access software has been completely disabled and uninstalled. I can provide you with such a service - more info about that further down.

For further reading, we have also published the following articles which you may find helpful:

Additional 1-on-1 Support: From Dennis

If you fell for this scam (or similar) and need help removing the fake antivirus, remote access, or would like a second opinion, I can help. In addition to running this website and publishing articles like this, I also provide a legitimate remote tech support service and can review and discuss the problem with you in depth. Simply contact me and we can set up a time to meet online. You can read more about my remote support service, here. Alternatively, you can read about my credentials, here.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (8 votes)

Comments

anniew's picture

Always appreciate your information, Dennis, and often pass on warnings to my kids. They usually use Macs; can this Avast or other scam happen as readily on Macs?
Thank you

c'est ma's picture

When I've gotten fake "warnings" like this that won't close, I've been successful at getting rid of them by opening the Task Manager, highlighting the task, and then clicking "end task." That seems to get rid of anything harmful.

And of course, if all else fails, there's always system restore.

Dennis, what do you think of those methods for cases like these?

abdulhamidmalik34_5916's picture

I was sometime back was getting same high tone voice.
I worked:

1. just after booting switched the Internet Off.

2. used JRT App (junk removal Tool ) which removed 'Relative Knowledge'

<///.bleepingcomputer.com/download/junkware-removal-tool/>

Note:
1. Even my paid Avast did not detect it before in Full-Scan which I did before JRT

2. I always scan in Internet-Off position