1

I just got a call from a guy telling me he was Microsoft IT support. He told me to go to a suspicious website and download an executable there. Totally did not give him the satisfaction and trolled him. After making him wait for my "download" to finish (just me bs-ing the progress by single percents), he gave himself away cursing and saying he wasn't IT support.

Anyway, he tried to prove that he was Microsoft IT support by telling me to run "assoc" in command prompt and he matched the value for the CLSID that was near the bottom of the listing. Is that value accessible to the outside or is my computer compromised?

fixer1234
  • 27,064
  • 61
  • 75
  • 116
user2738698
  • 223
  • 1
  • 3
  • 12
  • Seriously, this scam has been going on for at least a few years now. The "assoc" command will list all the file extensions that are "associated" with certain programs. There's a question and further info about "zfsendtotarget" (and that CLSID) at http://superuser.com/questions/453386/what-is-the-purpose-of-the-zfsendtotarget-extension – Debra May 17 '14 at 06:17
  • Just got similar phone call from "Microsoft IT" with Indian accent. I stopped at the moment I was supposed to install TeamViewer.. – Niko Föhr Feb 19 '21 at 13:01

1 Answers1

3

CLSID is unique to an application, not to your computer. See here for that particular scam methodology: http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/

Was it ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} ?

Note, they may have called your CLSID your "Consumer License ID" but it's actually a "Class Identifier"

Madball73
  • 2,410
  • 1
  • 14
  • 16
  • YEP! That's what they matched! well, not that one exactly but that ...variable. They did call it my consumer license ID! – user2738698 May 16 '14 at 23:12
  • oh, yeah, I have a different program for zip files. Anyway, don't worry, your computer is fine if you didn't connect to anything or download anything. – Madball73 May 16 '14 at 23:15