[closed] Comantra.net...beware of these faux IT supporters

My mother recently received a cold call from a person claiming her computer is infected with malware. Fortunately she had the good sense to hang up on the caller. When she told me of this I congratulated her on making the correct decision and informed her that I have heard of this scam a few times recently.

I got hold of some information about the scammers. They are from India and their website is http://comantra.net. Just for the heck of it I called them. Before calling I set up a restore point on my Windows machine and then booted into safe mode with networking. I was greeted by an agent that spoke excellent English and asked me for the reason of my call. I told him I thought there may be a virus infection. He directed me to www.logmein123.com and remoted my computer. He didn't comment on the fact that I was clearly in safe mode, didn't check task manager, event logs, add/remove progs, nothing! He asked how old my computer is and I answered approximately 5 years old. He then proceeded to explain that my computer is slow and the reason that it is slow is because my "Microsoft software and hardware license is expired." The solution was to make a payment to an Indian bank to "renew" my license.

I then confronted the agent and explained I am a CompTIA certified tech and that his diagnosis is a scam. He asked me what scam? Who is the tech here, you or me? I replied that I am the tech and that he's just a script monkey. I told him he did absolutely nothing to diagnose my computer, my software is legitimate (I purchased Windows 7 directly from Microsoft.com via download and had restore disks mailed to me) and that I'm aware of the fact that they have no association with Microsoft; Microsoft has revoked their association and distanced itself from Comantra. The agent became quite belligerent with me. It was quite amusing!

I ended the call and attempted to end the remote session but the agent on the other end wouldn't allow me to end the remote session. He countered every attempt at opening task manager and fought for control of the mouse and keyboard even after the call was ended. I had to hard reboot my computer. I then rebooted to safe mode w/out networking, removed the crap they installed on my computer, ran scans with Malwarebytes, ComboFix, CCleaner and Hijackthis. Did a system restore and ran the same scans but threw in a SAS scan as well. Got their crap removed and then contacted Logmein support to report the abusive use of their service. I was informed that Comantra has been banned but they are using a fake ID now. Unfortunately I didn't notate the 6 digit code for the remote session, but I will do this again so I can provide Logmein the session key so they can track it and block that IP.

All in all, it was a bit of fun...I just want to share this with the community so you all can let your friends and family know about this scam. It's been going on for about a year or so. In my capacity as an IT agent for a legitimate company I have had to fix this stuff a few times. Fortunately I have the tools and knowledge to counter Comantra's attempts to scam me. Unfortunately there are people that are naive or lack the knowledge necessary to recognize this scam and fall prey to Comantra.