iYogi Scam Alert, Removal, Restore

iYogi Scam Alert

I had a really fun day today, which is why I am bringing you this iYogi Scam Alert. Ok, when I say fun, I mean it sarcastically. It wasn’t fun, between knowing that my mom can fall for phishing as well as installing some nasty crap on her computer, when she thinks I am not going to help her – or rather when I can’t help her right now!

iYogi Scam Alert

My mom needed help with her Lexmark printer, so a few days ago, she signs up for iYogi, pays the $179.99 fee for a year of support, then calls them when she needs help. The support guy gets her to send him a code on her computer through an app, and then starts telling her she has a multitude of problems, should get their firewall. She says she already has a firewall and anti-malware, the guy turns it off. RED FLAG! She does the right thing, hangs up, shuts down her computer.iYogi Scam Alert, Removal, Restore

HideMyAss VPN

Encrypt your web browsing, gaming, and online banking

She immediately calls me, I can’t do anything due to working on my site and being exhausted… tell her to unplug the ethernet cord from the back of the computer. She doesn’t know what that is, even though I explain it looks like a large phone jack. Tell her to unplug it from the back of her modem instead. She knows what the modem looks like.

Call drops, I realize she must have unplugged the wrong wire, power or something. I race over there (live 5 mins away), she is really panicing now, is convinced they hacked her phone, since she installed the iYogi thinking it was Lexmark support, and having called them, realized it wasn’t Lexmark.

Anyways, I run a deep scan on her computer, and then tell her I will be back in 2 days when I am off work. I reconnected her phone, just left the computer internet disabled, and blocked something I hadn’t seen before from running in memory – it was iYogi. I also removed it from startup.

She gets woken at 2 in the morning, freaks out that the scan was finally finished, stayed up. She put the computer to sleep at least, didn’t reboot.

So I get to her place yesterday to try and figure if this is a virus, a trojan, a RAT (remote admin tool), or what. First thing I check is the anti-malware, shows clean. I use Emsisoft on her computer, my computer, wife computer, know it’s the best out there, so if it says we are clean, we are clean.

Onto the next step; Task Manager (ctrl-alt-del press all, together). I see a program I don’t recognize, so I go to look it up. Realize I need to plug it back in – just search on my phone instead, and then proceed to check what it says – I don’t terminate, just look at the logs. Some weird app is running in /system32 nothing too alarming yet, anti-malware is Emsisoft, so I know it can’t be harmful. I use my phone to look it up, its something from microsoft. OK, we’re clear to plug the computer’s internet back on.iYogi Scam Alert, Removal, Restore

I run CCleaner – without plugging the inter net in yet. I don’t run the tool to fix errors, just have it scan the registry. I then check the registry for errors (without fixing them), see that there are a whole bunch of issues with firewall rules. I search for info on iYogi with my phone – lots of bad news here.

I saw a review which mentioned Team Viewer. Asked my mom if she used it when she called them, says no, but since she did have to give them a code, I checked the Team Viewer log. Only 3 lines on that day, but confirms to me, that they are using a custom build of the tool.

This is where things got more interesting. It turns out, they blocked her internet through her browsers. They sent some type of script, which I was not able to undo through cmd.exe. I do not know where they sent the command to, but since it was a command to set to 0, I changed it to 1 (off versus on).

So at this point, I checked her firewall, saw that it was on. I made sure to block all instances of iYogi, but also went in to check the ports. A port was still open and active to them. I blocked it, but there was traffic going back and forth, prior to that.

Even though I still blocked their program from running, the autorun was removed, and I blocked their ports, we still couldn’t access the internet through her browsers. It looks like they block Internet Explorer, Chrome, Firefox, and Opera. Of course if you are like me, you might have 1 or 2 more ways of getting out, but my mom didn’t. So at this point, she could call them back up, and be offered their premium removal, which would likely cost another $99.99 or find another solution.

iYogi Scam Removal

Emsisfot is the highest rated anti-malware solution

If you’re not using Emsisoft, you’re risking your gaming account to thieves.

I found another solution, and this is what you will need to do for anyone who installs this mess on their system. Use a System Restore Point. We do this in Windows, by going to Start Menu >>> Control Panel >> (Use the Search in the upper right corner) Search for System Restore >> System Restore Files and Settings >> Click the box on the lower right which says “show more restore points” >> choose a date prior to installing iYogi Scam software >> Click the Next button >> follow the remaining steps. You need to let the system do it’s thing. A computer might take 15 minutes, or it might take 2 hours. It will also reboot. When it’s done rebooting, it will be all set for you to go.

Things you need to know about iYogi

  • iYogi Scam software isn’t unique. Any service advertising on TV telling you to download their software is probably a scam as well.iYogi Scam Alert, Removal, Restore
  • iYogi can be used for good… but since salesmen get a cut of your sales, they push sales and screw your system up, to increase their commission, by holding your computer hostage.
  • If you used the iYogi scam software, and it’s worked well for the last 6 months, but suddenly after speaking with a rep, and not buying something, they screw your system up, follow the iYogi Scam Removal instructions (above) and then remove the program from your system. DO NOT use the included uninstaller. Instead, use Revo Uninstaller, to uninstall it. It will after removing the software, scan for leftover files and registry settings.

Other scams to be aware of

  • Website looks legit, you login and it doesn’t work. This is often a spoofed website. They make the URL look legit, and then follow it with a lot of useless letters and slashes. So for this site instead of mmoexploiters.com/post-name-here they would make it mmoexploiters.com.postname.com/here. While the URL looks somewhat legit, if you notice, the website would actually be postname.com, where mmoexploiters and com are subdomains.
  • Email shows right name, fake URL. Often used in conjunction with banking and the method above you receive an email alert, but the link shown links to another website.
  • Fake Anti-virus, malware, and firewalls. Sometimes you get something with a backdoor, or a hidden way that someone can get into your computer. Once they get in, they can wreck havoc, steal passwords, and then access your real banking info, or just hold your computer hostage again. Using the iYogi Scam Removal instructions will also work on any other fake software installed.iYogi Scam Alert, Removal, Restore

 iYogi Scam and the BBB

iYogi Scam Alert, Removal, RestoreSo if you noticed in my iYogi Scam Alert, that they are accreditted with the BBB. It’s true, they are. They can get away with this, by cheating. Since their site is in India, you can’t file a complaint with the BBB. But all complaints filed with the BBB are solved, because in part you can’t complain about an Indian company does, when in fact the company is in the US. It’s a run around and it’s cheating. While I won’t say the BBB is a scam, I will say they need to get their head’s out of their arses and deal with a company which is scamming people who don’t know any better.

Cleaning up after the iYogi Scam

Once you have uninstalled the software or performed a system restore, you need to perform a few more things to get your system cleared of all the mess that the iYogi tech caused or could have caused on your system.

  • It’s time to change your passwords. Change all your email accounts, and all your banking sites, including PayPal, Skrill, Gmail, etc. Change your Facebook, Twitter, and VK passwords as well. Anything you don’t want someone to get access to, which they can wreck havoc from the access of the iYogi scam software gave them, you need to change.
  • If you paid with a credit card, contact the credit card immediately, have they chargeback the money, and change your credit card – so they don’t rebill you. iYogi is a scam, and they are perpetrating fraud so their support can make their commissions.

Recommended Installations

Now there are a few pieces of software I am going to recommend, and I highly suggest you purchase them. Each of them will save you a headache down the road.

  • The first is the HideMyAss! VPN. I use the pro service to also protect my android phone. You can just use the basic service. When you are banking run it first, it will encrypt all your data, no matter where you are, ensuring that your information is safe. If you are a gamer, use it on the games as well.
  • Install both Emsisoft Anti-Malware and Emsisoft Firewall. You should be able to find a coupon online to save you the cost of the bundle price – about $10 less with a coupon. It will usually come bundled with something else, take whatever it is for free, and enjoy. DO Read their newsletters.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php
X

Forgot Password?

Join Us