Got this call yesterday morning (coincidentally while I was setting up a new virtual machine). Guy claims to be from Microsoft "Windows Technical Department" and that they have received a message from my PC that it has problems/viruses which are making it run slow. My Auntie got tricked by this scam (or should that be scum) just three weeks ago and I spent my weekend remoting to her computer uninstalling the crap they put on it and scanning it etc. They took $320 dollars from her (She is in her eighties).
I wanted to let them loose on the Virtual Machine but wanted to get it ready (didn't want it to be totally vanilla with no apps/history or they'd smell a rat so created excuse regarding internet not working), I just didn't set up access to the network. I go through the initial process on a live machine as I wanted to see how the scam worked - he attempts to convince that a code (which is the same for every windows PC) is unique to my machine and proves he is genuine ...I smell shite!
He phoned back 2 hours later but I still didn't have it ready and stalled him further.
Unfortunately, he didn't call back again as I wanted to get to the part where he takes control of the PC and demands (in the words of George Agdgdgwngo) the "monies".
I'm keeping the VM on ice as he may call back for more and I'll post that if it happens. Unfortunately, I didn't have a screen grabber on the go and just grabbed the GoPro - as I wasn't expecting a call. Hence I'm scrambling around at the beginning and you don't get a good view of the screen.
I checked out the number that came up on CLID and "Peter" has a mobile in India - surprise, surprise! Number was 9547188002 - let me know if it calls you!
I hope that this helps educate others to avoid this scam, if you it happens to you, you can just hang up. Or if you're like me (I work in IT for a living) keep these bastards occupied - while they're on the phone to me they're not scamming someone else.
The CLSID after typing the assoc command is NOT unique to my machine, in fact try it on your machine is it the same? (888DCA60-FC0A-11CF-8F0F-00C04FD7D062). Thought so and would this "secret" ID number get 232,000 hits on Google if it was unique?
The "inf" does NOT mean infected, it is the much less scary abbreviation for "information". As explained by Microsoft...
"An INF file is a text file that contains all the information that device installation components used to install a driver. Windows installs drivers using INF files. This information includes the following: Driver name and location."