AMMYY warning against tech support Scams

We now interrupt my usual workflow to bring you some encouraging news from the less-than-wonderful world of PC tech support scams. (Courtesy yet again of Virus Bulletin’s Martijn Grooten: Martijn, where do you find the time to track all this stuff?)

When a support scammer tries to get you to hand over your credit card details in exchange for a fraudulent virus removal and system protection ‘service’, an important part of the scam involves persuading you to give them remote access to your system. They do this partly to convince you that there is a problem with your system, and partly to ‘help you’ by installing the software you’re paying them for. The software is often legitimate, but it’s also usually stuff you could get for free elsewhere, and usually has very little to do with protecting you from imaginary viruses. According to reports from the UK, the scammers often use the remote access service (I see reports of Team Viewer being used, too), but in the US, they make use – more often than not – of, a service apparently operating out of Seattle. In fact, the scam is often referred to in the US as the ammyy scam, though I haven’t seen much in the way of serious suggestions that Ammyy LLC is directly implicated in the fraudulent use of its service.

However, it seems that Ammyy is aware of the problem and is eager to disassociate itself from the scam.

!!! If you receive a phone call claiming to be from ‘Microsoft’ or someone claiming to work on their behalf, telling you that you have a virus on your computer or some errors which they will help you to fix via Ammyy Admin, it is definitely a scam.

Can’t argue with that. But judging by some of the questions I get asked by people who’ve been caught out by scammers, wondering how they can be sure the crooks can’t regain access, this is a passage that many people will appreciate:

“…make sure Ammyy Admin Service isn’t installed and doesn’t run in automatic mode. For this go to main window of Ammyy Admin -> Ammyy -> Service -> Remove. Then restart your PC again.”

The company also assures us that if you don’t want to use Ammyy Admin, you don’t have to uninstall it, just delete the .EXE.

Ammyy have just taken several steps up in my estimation. Perhaps we can hope for similar advice from Logmein?

ESET Senior Research Fellow

Author David Harley, ESET

  • Louis Verberne

    On August 23 I've been phonecalled by a person who said he called on behalf of Microsoft. A few minutes later during that phone-call, there was another man who spoke to me. Both men had an asiatic accent, I think India or Pakistan. They knew (or they said they knew) I have a PC with Windows XP with problems. They said I don't have a Fire Wall, and I gave them permission to take over my PC, but I assure them that I have different Fire Walls, one in Norton and one in Windows. They took over my PC and they said they should fix my Windows Fire Wall (from Microsoft) for only 91 euro's. I refused to pay, because I paid already for Windows, and at that moment I thougt it were scammers, but they had took over my pc and I saw them search on my harddisk for a very long time. I told them that I would stop this  contact and after stopping I took out my connection to my WiFi-router. Today I've read a warning by an ombudsorganisation in the Netherlands (named Kassa) who will bring attention about this item, and I took a look at my XP-PC today. I saw one new program from Ammyy Admin with connections to Ammyy LLC, the program aa_v3.exe and the websites and . What do you advise me to do?

    • David Harley

      Louis, it looks as if you put in a link which has been automatically stripped (that’s done by this site as an anti-(comment)spam measure. In any case, I don’t have enough direct experience of Ammyy Admin to give you authoritative advice. However, aa_v3.exe is the name of an ammyy executable, and ammyy’s warning states that its sufficient to delete the executable.

      Of course, a malicious executable could call itself by that name, but under the circumstances it seems reasonable to assume that ammyy is what they used to get onto your system, and that all you need to do is delete the file. It’s possible that the scammers left some sort of shortcut on your system, but if they did, it would probably still rely on the ammyy executable being there.

  • John

    AMMYY needs to do more rather than put a statment on several websites. They could easily add a 'signup' section first before you can download the software. A simple adjustment like this would make people receiving those phone calls think this could be a scam. Also, it make it harder for the scammers to carry it out (maybe add an additional false story). If Ammyy has genuine customers that want to use the product they would sign up and download the product.

    • David Harley

      Well, they haven’t solved the problem by making that statement. But they’ve been a little more responsible than other remote access providers whose products have been misused. This gives me a bit of an idea, actually. I might come back to that in a separate blog.

  • Lorrie

    AMMY again today from these ID scammers from India!

  • William Smith

    Thanks for Posting David. Agree with the above comments, more does need to be done than just making the statement.

  • Steve Seals

    I can't stand seeing scammers doing these things with free, useful software.  Adding an additional step for signing up for ammyy would just make it more of a hassle for the end user.  I've never used ammyy myself, and until last night when my mother got the scam call at midnight with "ma'am, the hackers are trying to get into your system RIGHT NOW", I hadn't even heard of it.  But it sounds like something I would like.  Abusing good things will only make the good things "less good."

  • badwolf303

    I was called this morning by an Indian sounding man claiming to be from Microsoft. I was suspicious and when he told me to got to, I instead googled the address. The scam reports and warnings came up immediately.

    I told the caller and he said , “Just disregard that. ”

    I told him, ” No, I don’t think I will”. And hung up.

    Thank God, I thought to Google instead. I’ve never had Microsoft ever call me unless I called them first on tech issues. It’s a scam.

  • Jose Torres Romero

    This is terrible. My girlfriend just got hacked by them & they shut down her computer when she attempted to comment on here

    • Stephen Cobb

      I doubt the shutdown was triggered by commenting, more likely a coincidence of timing. We are not aware of any attacks targeting the comment system.

      • My mom just got a call from them and she told them that she will do some further investigating of them, then a “supervisor” got on the phone and told her that if she didn’t go to the website they suggested they would shut down her pc… she hung up on them

        • Stephen Cobb

          Thanks for sharing Rena. Yes, these guys are really nasty!

  • Ari

    WOW! they called me minutes ago and when I saw hey wanted me to download sth from this web site with its weird name, I told them let me call you back. give me microsoft windows technical department! ha ha ! This is their number they gave me 02081446007 ;don’t know for sure but it must be faked !

  • MikeC

    My mother just got taken in by these people. Same situation. An indian sounding tech from “Microsoft” contacted her, remoted in and started doing some “simple maintenance”. He then explained that her computer had been infected, that he could fix the issue and offered her a yearly service subscription for an insignificant 500 dollars. When she declined and stated that she wished to talk to me about the service, he then dropped the price to 50 dollars for a single month of the service. She declined once again and was left with a number to call.

    Upon speaking to my mom and having discovered what happened, I disconnected the model and discovered the “ammyy” program. I then removed a number of programs. The issue though was when we restarted the computer. Immediately after the black reboot screen, a new password window pops up that prevent logging into the computer.

    THe way I explained what happened to my mom is as follows….A mechanic calls saying that he was “notified” her car had an issue and would be happy to take a look. The mechanic in the midst of “looking” at the car removes the starter. When you fail to start your engine, you call the friendly mechanic who just took a look at your car…..who then steals your credit info…..

    • Stephen Cobb

      Thanks for sharing Mike. It looks like they are getting more aggressive all the time. And some of them are so convincing it is no wonder people fall for the scam if they have not heard of it before.

  • AB

    They just called me!!! I go to to give them control of my computer (like I would do that), I told the woman no and she put a supervisor on the phone. I told him it was b.s. and he was giving me an argument. “How would I have your phone number if microsoft didn’t give it to me?” I have a block for no caller ID/not allowed and they broke through that!!! They don’t appear on caller id. Shrewd people – both with accents supposedly calling from Brooklyn, NY haha…sure. Anyone know how they got our number?

    • Stephen Cobb

      AB – Thanks for sharing.

      Did they call you on your landline? They may just be robo-calling every number in an area.


  • I just had them call me too…I kept the creep on the phone for 45 minutes and even had him calling me “MOMMY” lol…my kids and I were dying laughing at this guy. I am gonna have to youtube the call…I think I will name it ammy mommy…search it cuz its so funny

  • disqus_HDN9yRwCWb

    I just received a call from someone claiming to be Tech Support working with Microsoft and asking me to go to When I refused to go to the sight, I insisted on a phone number to call him back after I checked it out. He gave me a cell phone number in Miami. (786)600-1027. So sorry to anyone who happens to have that number.

  • Tom

    Was called by a man called Ryan Wilson wanting to refund me some moeny becuase the said I had paid up for 5 years on pc helpline. Thing is he wanted to pay me £300
    and i dont remeber ever paying more than £40. He wanted me to fill in my credit card details, which I refused. Anybody else with anything similar??

    • dharleyatESET

      I’ve heard other instances of the same ploy being used. It’s also somewhat similar to 419 scams where the scammer claims he’s offering you recompense for having been scammed by a 419. Astonishingly cheeky. I would assume in this case that the caller is interested in getting your credit card details, not in getting you a refund. It’s his pockets he’s interested in filling, not yours.

  • EasternOrGuy

    Just experienced the same scenario as badwolf303. Took me to an error logging admin page, where there were 17,0000 plus errors, told me we caught it just in time. I was a bit skeptical, because my computer has been working fine. He claimed he was from Microsoft, had an Indian accent, and knew my home address.

  • disqus_v0LELrECIK

    Apparently this happened to my grandfather today, he ended up falling for the scam to a certain level. He got just as far to download the option for them to go into the computer. But once they asked for money and credit card, i over heard that part. I quickly looked up the site and found this. He hung up. NOW Luckily this was one on a 2003 computer, Its a old piece of crap. (Which is why he thought they were being honest about it needing help.) Well anyways, I turned off the computer, unplugged it and everything. I Just need to know,

    A. is all the information on the computer still eligible to get messed with and looked into, even tho the computer is off? Like past online transactions, bank, photos and what not? We already informed the bank of what happened, to just be safe. But it would also help to know if they can get into personal things as well.

    B. Someone said it had an effect on the wifi, Now are our laptops and tablets at risk? and if we were to get a new house computer, would that be at risk as well?

    • dharleyatESET

      No-one can get into the PC when it’s off, or disconnected from the internet. We don’t think these guys generally do a serious search of a PC when they’re connected. They’re more interested in the instant gratification of a quick credit card score. I don’t know of any scenario where wifi has been compromised by a support scammer in that way. There was one instance I wrote about in another blog where the scammer tried to trash the machine and disable the network card because the victim didn’t pay up quickly enough.

  • some guy

    Ammyy itself is dangerous to use. I opened it to try it and almost INSTANTLY before i could even try to connect computers my mouse started moving by itself to search i panicked and tried to close it but the mouse kept moving away from ammyy and closing the folder it was in every time i tried to access Ammyy. Ammyy is dangerous i dont know if it is a scam but it is definitely not safe to use.

  • jo

    hi, this happened to me today. they called, and had me on the phone. they showed me error things and stuff. I believed it because my computer has been messing up. anyway they got access of my computer and they did a scan and said my security thing was invalid and that I needed protection. they then took me to a site where he wanted me to purchase some antivirus stuff. I said I didn’t want to buy it that I would fix it in my own. he said he wanted me to fill out a form. he took me there it was my billing info for PayPal and I refused. he was controlling my laptop. I told him to stop that I had to go. he said I should leave my computer on for 15 more minutes but I shutdown. I feel so stupid. I then turned back on minutes later to get some files and restored my computer to factory settings. I am scared they took my info because I pay bills and such on my computer. I have changed some of my password but I’m scared to use my computer and then still being there. I is restored to factory setting and have an antivirus. what else can I do. I didn’t fill out anything but did they get my info from my internet history or duff like that

    • dharleyatESET

      Jo, it’s unlikely that they took info from your machine that they’ll make use of in future: generally, they just want to scam you into paying via credit card right now.

  • Jamie

    I just received a call from an Indian person saying that he wanted to refund me the $159 I spent on anti-virus software on March 7th because they were going out of business. He also mentioned that he was with Microsoft when I asked what specific software did I purchase. I didn’t purchase any software recently and knew it was a scam. He pointed me to the ammyy website and told me to download the software. Crazy! I told him I wasn’t downloading software on my computer for a refund. I hang up and he called back 4 times. Crazy!!!

  • Nicholas Bellows

    I had soooo much fun messing with this lady. I strung her along for a good 25 mins. “Oh no! That is a lot of viruses” HA HA HA. Is it just me or does the “Office Ambience” in the background sound totally fake. I am pretty sure I could hear the loop end and restart. Most fun I have had all week. The best part was line clicking when I told her I was an IT professional and that I hoped I had wasted as much of her time as possible.

  • dharleyatESET

    AMMYY is legitimate software. I can’t account for the mouse behaviour you mention, I’m afraid.

  • john

    I had call from withheld number saying microsoft engineer at talk talk. I had herd about this so said just a min let me turn tel of. 3mins later after turning of my router i said o.k. better now can here you. I played dumb and made him repeat evey thing twice.he went though loads then said cancel that open run box again and type ok i said he said press o.k, i said ok. He then sain can you see a green window i said know it says website not found. let him get me to try it again this is after 25 mins i have kept him on the phone. then i said it says server not found DO YOU THINK IT IS BECAUSE I TURNED OF ROUTER WHEN I NEW YOU WERE A SCAM.

    Sugest anyone who gets one of these calls do the same. Wasted 25 mins of his time.

    • ZodiacZ

      I just did the same thing , kept reading back the wrong things he told me… like dot w w dot apple mike yankme yankme. Told him my pc restarted by itself, made him wait to come back. then said the web page was blue not green and it said shopzilla shopping….he was getting frustrated at my stupidity but hung in there… after pretending to get disconnected he called back and started over, when he told me to read back the ammyy addy i said it as a-hole, monkey, yank-me dot cum and that he should go back to screwing farm animals… It felt pretty good to scam the scammer!

  • Joey

    hi, this happened to me just an hour ago!!n I am a stupid! I gave they my credit card information n my $500 was gone…I really wanna cry. I called the bank immediately to cancel my credit card. I downloaded ammyy to my computer n click run, n they just can controlled my mouse on the screen, I am not sure if I installed ammyy to my computer after I clicked run, n I deleted the file which I download n cannot find any other ammyy file on my computer, how can I make sure I uninstall ammyy and what should I do next? can they still see my information in the future? please help me

    • NormaRae Alyss

      Restart your computer to the time before the call. You maintain all of your files but that one download will completely be GONE!!! So use your restart! They are life savers.

  • Sick of it

    Yep same here..they just tried to scam me, but I realized that the last time I actually called Microsoft tech support, it took forever to get anyone, so why would they call me out of the blue?

  • Sick of it

    I should also note, that the name they used when they tried to scam me shows that they somehow received information on me via AT&T. So whoever is doing this has a link to AT&T.

  • Jordan

    Hi there, please don’t post that last comment. I’m worried about the repercussions of name dropping companies and stuff. Cheers!

    • dharleyatESET

      Deleted your previous comment as requested. To answer a question you raised in that comment, I’ve never seen a report of a tech support scammer going back to get further access to a system he’s accessed in the past, though I can’t say it couldn’t happen. I think they probably try the scam, run through the script if you let them, and move on. I doubt if they keep records of people they’ve tried to scam, successful or not. But I can’t guarantee that. If you’ve done a complete reinstall, I can’t see an attempt to regain access succeeding, though.

  • joe

    Hi, so, today an indian dude called my house to tell me that my computer was in trouble. It got a little complicated after that (i.e. i got confused) and he told me to go ammyy. I downloaded it and then gave the guy the id number so that he could type it in and get control of my computer. it then gave me the option to reject or accept it… me, being the slow guy that i am but still kinda skeptical almost clicked accept. I then clicked reject and told the guy on the phone that i didnt want his help anymore. I dont know if im still in trouble or what and i havent been able to find any answers on the internet (because i pretty much am useless when it comes to research on the internet). did clicking reject keep me away from making a bad decision or am i still in trouble?

  • dharleyatESET

    It doesn’t sound as if they got access to your machine, so you should be ok.

  • theVirus911

    My IT friends and I have gotten multiple calls from these wackos. we have a contest to see who can keep them on the line the longest. Some of our fun with them includes:

    them: go to
    me: how do you smell that?
    them: W W W .
    me: W W W DOT
    them: no! not dot, dot! Dot! its on the keyboard on the same key as the carrot!
    me: i dont have a carrot. i have a banana, i can put that on the keyboard?
    them: press the four-square windows key and R at the same time
    me: i dont have a windows key? what does 4-square mean?
    them: its on the keyboard next to the control key
    me: i dont have a control key. i have a little key that looks like and little piece of fruit with a bite taken out, is that it?
    them: no! its….
    Giving them access to a virtual pc running windows xp, just to see what they do, we gave them access to a machine running linux. that was a blast listening to them wonder what the heck was going on.
    letting them get to the website to type in credit card info then V E R Y S L O W L Y type in the wrong card number time after time… they where being SO helpful, wanting that card number.

    • charley

      Seems to me these wako’s are making a lot off money, and the police is powerless.

  • Clare

    I was called by the scammer. Didn’t know about it and started off doing what they said. (press windows flag and R, key in eventvwr, key in When it got to the ammyy website I did not proceed with install, did not click on icon or run or anything. Hung up and found out it was a scam. My question is, having gone to the ammyy website, was that the real ammyy website or one created by the scammers and can any harm be done to my system, can they get access to bank details etc? I thought I was in the clear as I didn’t give them access but a guy at PC world has said that because I went on the poss fake ammyy website my PC is still vulnerable and I should do back up and a load of other stuff I don’t understand.. I’m worried . Can anyone help Please? Reading posts on here people have deliberately gone as far as I did to waste scammer time and ammyy say a scam has happened if you download and give them access, but I didn’t.

  • MDPrineville

    I just had an encounter by MY calling 866-775-3928 which was the number on Norton’s website support page when I tried to contact them by email (after downloading Norton 360). The email did not go through and the 866 number appeared to call support. When I did, the call center employee spent an hour with to to try to resolve my issue, then wanted $400 to remove the Chineese hacker trojan and give me lifetime Norton plus 1 year of unlimited tech support for any tech issues. I declined. He said the trojan was “csrss.exe” which is an actual windows component. I hung up and called another Norton support number and that person (also with a heavy Indian accent) said it was NOT an authorized Norton support person and they never charge over $199 for 5 years…not $400 lifetime! Beware! Even if you call the number. I told Norton that I think their website page was hacked with the re-directed number. They said they would check it out. I did a full Norton scan and it detected NO security issues or viruses.

    • That number seems to be associated with an ‘independant’ [sic] support site belonging to ‘Online Tech Support’ and has a page offering Norton support. (Badly written, I’d guess not by a native English speaker.)

  • Misty

    They just called me and I almost fell for it. I got all the way to the ID screen of AMMYY, and thought…who offers to just remove a virus for free? I googled it as he was talking and when the option to reject or accept came up, I hit reject. He asked me why I was rejecting it and I hung up. Am I okay? Is there more I should do?

    • If you didn’t allow them to connect, you should be ok.

  • phil

    phildavies uk, it happened to me today 10/aug, very same process as below, as soon as they realized I would’nt purchase, he went but all my photos are gone, desktop changed, trying to recover but some files missing

  • Jens

    They called me too! I didnt pay anything, bur now I need a startup password..?!?! What should/can I do?

    • Jens, it sounds as if you might need more help than we can offer through the blog. Did you give them remote access but then didn’t pay them? If so, there’s a chance that they took the opportunity to damage your system in revenge. Your best bet, in that case, would be to consult a local PC tech specialist.

  • Cherie

    It just happened to me, but as shes is asking me to type in and find the green page, and download the program, I just typed it in google search and found this, pretending to follow her instructions… read this page and told her she was a scam and dont call back! Thanks you!!!

  • Philippe Desrosiers

    Bless you!!! I just received a phone call just about this and as I was reading the blog I was on the phone with someone claiming to work to a company associated with Microsoft… He wanted me to http AMMYY on the address bar of my internet browser. Instead I typed the AMMYY in my google search and saw the security warning and I hung up the phone as I was reading this blog. Craps there is more and more junk going on the web. The technician, 99% positive it was an Indu, was claiming that my computer had downloaded two viruses and he was to show me how to fix the problem.

    Good blog, good info thanks a 1000 times.



  • Charles

    I am sorry I wasn’t so creative with them. I just made them listen to “Sports Talk Radio” on ESPN. I occasionaly checked back in with them to make sure that they were still there, but they hung up after 15 min. If they call back I will try to keep them on longer. (Games with scammers…Who would have guessed it could be so entertaining; caviot, as long as you don’t fall for their shtick).

  • k e

    This happened to a friend of mine. They remoted in, and when she refused to pay them they warned her not to shut down her computer or she would “lose everything.” Doing this, they activated “SysKey” which then required a password during startup, known as SecureBoot. We ended up having to reinstall windows all together because after I took the computer for support Plug-n-Play was disabled, and my keyboard and mouse wouldn’t install properly to be usable. Oh well. The name of the company was PacifiTech. They are targeting seniors.

  • Richard – UK

    Its 6th December 2013 and it happened to me exactly as below. Yes I googled ammyy and found this web site. Thank goodness for the internet and honest people warning us all

  • mom

    god I cant believe I fell for this … gave access to my computer,but refused to pay 200.00 for this and he said he would call me back monday…now I am freaked cuz I do my banking and as well as family members on my account …not sure what to d

    • If your PC is still functioning, you might be ok. Depends on what he might have installed (or modified): if you cut the connection before he made any changes, you should be fine. It would be a good idea to run some security software, especially anti-virus and anti-spyware, in ‘paranoid’ mode. In general, these scams seem to be more about getting immediate payment for ‘repairing’ your system than leaving keyloggers and other spyware, but I can’t guarantee that was the case here. If you have a good local tech support company, you might find their fees worth the peace of mind.

  • Basil Forthrighly

    Just had a round of this, strung them on long enough to find out what they wanted me to download. They directed me to and wanted me to click on a link labeled “Technician 1”. I told them my anti-virus was blocking it, my little helper couldn’t handle that one and apparently tried to forward me to someone else. I got bored and hung up.

    The download payload is still AA_v3.exe from BTW.

  • Gemma L F Knight

    I just received a phone call this morning (Indian guy). As soon as they said they were from Microsoft, that was a big red flag to me. I decided to try keep them long enough to find out information from them so I could Google it. As soon as he wanted me to run the AMMYY program site, I typed it into Google and came across this page. As soon as I called him out on it, he started laughing and saying ‘this isn’t a scam, I don’t think you’re stupid enough for a scam, you’re very clever’…What an idiot…hung up on him and went to my Facebook to warn my friends.

  • wideawakeintx

    This happened to me this morning when I woke up to a call from a heavly accented man indicating my computer was going to crash. I was half asleep and followed his instructions until he wanted $150.00 to keep my computer from crashing. My brain woke up and when I realized it was a scam I started asking him questions and he hung up on me. I did a ‘system restore’ to a point before this creep had me let him take over my computer. Am I safe doing the system restore or is there other things I should look for?

  • RaNell

    This just
    happened to me 2 days ago. The individual said he was from Microsoft and the
    internet site was 24/7itechsolution. Being that our computers were acting up
    and I was sick I allowed him access to my computer. I should have known
    better…after 20-30 minutes of showing me all my viruses etc. he asked if I
    wanted them fixed and for $99 a year, $ 199 for 3 years …there was an
    increase each time he would fix my computer. He asked for my credit card and I
    declined…told him I don’t do plastic then he asked if I could do online
    banking which I do not use…finally he asked for ‘cold hard cash’. I told him
    he could fix it, send me a bill and I would pay him by check…no good for
    him…not cold hard cash. Phone battery was ready to die so he hung
    up on me. He was still yanking my computer so I turned it off and turned it
    back on and it’s ok (I think). Anyway, I now have this icon for ammyy and I
    don’t think it was there before. Now what should I do?? I do plan on taking it
    to a tech in my hometown. should I uninstall ammyy

    • I wouldn’t panic about it’s being there. But unless you have a particular and unconnected reason for having AMMYY, I’d certainly uninstall it.

      • RaNell

        Thank you for the information. I have tried to find this on the hard drive to uninstall and cannot find it. Having said this, they once again called today, said they were with Microsoft, March 5, 2014 and asked if I still remember them and that I needed to take care of the problem with my computer. I told them that I would take it to my itech here in my hometown and they informed me that internet has been blocked..HMMM…I have been on every day….after I again told them I was going to let my tech take care of it, he started laughing and told me to have a good day. My husband told me that if this happens again to ask for their Phone # so I can call BBB and verify them.I do plan on taking it in probably tomorrow. Any words of warning.? Can they screw up my computer without my knowledge? Thank you again for the information.

        • What they really want is your money. It sounds as if they’re still trying to kid you that they have more power and knowledge than they really do. So while there are certainly ways in which unpleasant people can have covert remote access to a system, for this type of scammer the access to your system is normally just a way of convincing you that you need to pay for their ‘help’. That said, it’s not unusual for them to ‘punish’ victims who have given them access, but refuse to pay for their services. by trashing their systems. But it’s usually pretty obvious when they do that.

          • RaNell

            Thank you very much. I will not worry about them

  • Chris

    Hi, i have downloaded aa_v3 but i then found out it was a scam i deleted it, removed the process tree and restarted my computer. Now i am wondering what they could have from my computer. They no longer have access to my computer but are other computers that are connected to the same IP at risk also? I am wondering as i suspended my online banking account and i now know that no money was taken from it. Can they access the same information from other computer that use the same wi-fi router? Please help.

    • Misusing AMMYY as part of this scam is reliant on the presence of the agent software. I don’t think that just sharing the same router could expose other machines on the network to the same attack.

  • Tammy

    My mother in law was using my computer and she thought it was the real deal, I was away on business, now I am not sure how to get rid of it AHHHHH.

  • Charley

    I was called by they said ms windows help and support. I knew it was a scam but wanted to find out what they actualy do. So I pleayed the game with them, but did ask them for their phone nr which is 1800 427765 in australia. recorded everything on my mobile phone allso. I don’t know and understand why the police can’t get these scammers.If they want ill give them all the info (recordings) I have. and put these artists away. I will leave the phone number as is because I have to. and if they want the police can sue me for it ok.

  • iww

    I’ve had several of these calls over the last few weeks. Exactly the same spiel about Microsoft and remote recognition of problems, and they’d tell me how to fix them.
    “Are you by your computer?” – Yes
    “Hold down the 4-square key and press R.” okay, done that…
    “Now what can you see on the screen?” nothing
    “Try again.” nothing
    “Are you sure? Is it switched on?” you didn’t say anything about switching it on

    “Can you switch it on?” sure, I’ve been on a training course for that.

    “Switch it on then.” Okay, but it will take a while… it’s been running a bit slow… Then kept him waiting about 5 minutes while i played solitaire on a mobile phone.

    “Is it running yet?” yes, it’s just coming up…

    “Right, hold down the 4-square key and press down R.” okay, done that…

    “Now, what can you see on the screen?” so I described the photo of a rockpool with sea anemones, barnacles, sea-weed on my wallpaper…

    “No, no, no, in the bottom left hand corner of the screen!” oh yes, there’s a window with “run” in the corner…

    “Right, now type e like echo into the box” e,l,i,k,e,e,c,h,o

    “Now type v like victor.” v,l,i,k,e,v,i,c,t,o,r

    “Now type e like echo again.” e,l,i,k,e,e,c,h,o,a,g,a,i,n – and so on for ntv…

    “Now type w like whisky.” do you mean Scotch whisky or Irish whiskey? Irish whiskey has an “e” in it…

    “It doesn’t matter.” w,l,i,k,e,w,h,i,s,k,e,y

    “Now r like romeo.” Romeo, Romeo, wherefore art thou, Romeo? r,l,i,k,e,r,o,m,e,o

    “Now click on OK. What do you have on the screen?” windows can’t find elikeechovlikevictorelikeechoagainnlikenovembertliketigervlikevictorwlikewhiskyrlikeromeo…

    “What did you type into the box?” elikeechovlikevictorelikeechoagainnlikenovembertliketigervlikevictorwlikewhiskyrlikeromeo
    “Type it in again.” so we went through the same rigmarole again, with the same result…
    “You must have made a mistake.” no, I don’t think so…
    “Right, open Internet explorer.” I don’t use Internet Explorer, I use Firefox…
    “All right, open Firefox.” ok, will do, but my computer is running a bit slow…
    “Now type in http://www.teamviewer dot com.” so i do that, one letter at a time, exactly as above, but when he comes to “I like indigo” I reply – no, I don’t like indigo, I prefer yellow…
    “Oh my god, oh my god” do you mean Siva? or Ganesh? or Krishna?
    “Now hit enter. What do you see on the screen?” sorry, unable to find ….. Would you just hold on for a minute, please? I have to go to the bathroom… (so off I went to the bathroom for 3 minutes).. OK, back now. Sorry, I had to go for a p**s, because I’ve been taking the p**s out of you for the last half hour.
    At this point he got VERY abusive “You mo**erf****r, I’ll f*** your mother, etc, etc. etc” That’s ok, but you’ll have to go via the crematorium. Enjoy the fire!
    He kept ringing back for an hour or so, but eventually got bored & left me alone. it was great fun to wind him up!

  • josh

    So stupid of me, with the media saying not to use internet explorer i thought maybe i really had a virus after someone called claiming to be from microsoft with very poor english. started with windows R then type cmd after command prompt is up assoc. 2nd line from bottom has my unique computer id 888dca60-fcoa11cf-8f0f etc. turns out my other computer has the exact same number in this location. Then run eventvwr look thru summary of events shows me all my errors. convinced me to download ammy aa_v3.exe give him my id and to remember my settings and accept. shows me process tree says process csrss.exe is a trojan used by mexicans to gain access to my computer and are using my internet. runs netstat-n on comand prompt to show me 4 computers are on my internet. used notepad to type all the things i needed to do to fix my computer including antivirus that cost went from 199 to 400 depending on time frame i would sign up for. that provider was Symantic solutions. I finally came to my senses and hard shut down my computer and hung up. he called 3 more times but i never answered. number called from 800-825-0870. P.S. Thanks for your blog……

  • NormaRae Alyss

    I’m so grateful for all of you!!!! This guy is on the line with me NOW! I’ve been making copies of the addresses he’s asking me to type in and where they take me. Then I was researching on the side. I have had soooo much trouble with viruses lately I don’t trust anything that comes unsolicited and FREE! Finally I told him I knew he was a scam and started reading back some of your results and he hung up. Thank you for letting me protect my computer!

  • trish

    i got a call yesterday they said they were from my service provider but when i started asking questions about who they were they tried to rush me so i thought it was odd.i had already got half way through the downloading before i said that i didnt have time just now and to call me back about 7 but they never did.i didnt give them any card details but they knew my address and postcode,phone number and my talk talk account number.i shall still be checking my account though.i went through my computer and uninstalled the bit that i had put in of the download just to make sure.devious so and sos

  • Sean Borthwick

    I was just contacted by someone claiming to be with Windows Security with a heavy East Indian accent. After about 1/2 hour I was finally able to get his operator ID. I did not give him my Client Session ID as this would give someone I do not know access to my computer. His Operator ID is

    10 942 143

    Here is how the scam works. 1 The first caller tells you that your computer is at risk. 2 They get you to go to your computer and use the Windows Key and the letter R to bring up the run box and type in eventvwr which brings up you warning and error logs, (Note this number is high even on a newly built PC.) Then scare you with this BIG number. 3 Close this window and then type in scroll down and double click on Technician One. 4 Then they pass you on to another person. 5 Click through Run and Yes until Ammyy Admin v3.4 – Free opens. 6 Tell him your ID number XX XXX XXX Oops I kept giving him the wrong number. The same wrong number but still the wrong number. (I always play dumb here and tell them I really need their help.;>) This is the third time they have tried this scam on me. I always try and get as much info as possible now to report them.) If they get this number they have control over your PC. So eventually he gave me his Client ID/IP number which again is 10 942 143 At this point I thanked him and hung up.

    Please note that I will copy this to,, My FaceBook as well as our National Police force the RCMP. Please use tighter controls around your very easy to use remote control software Ammyy.

    Please remember never give any numbers to anyone you do not know or contact over a legitimate contact number.

  • Guest1

    Got a call tonight, spent 75 mins on phone before the fourth person told me that my problem could only be fixed by buying the security certificate for $200. If I didn’t, they wouldny allow me to even use as in control my computer as it is a Microsoft product. I was leary as I didn’t have the money, first if all . He then asked for my birthdate which was strange. I told my husband and he told them off. To me it was a form of blackmail. How do I get to the word ‘Ammyy’ then ‘service’ on the site?

  • James Johnson

    HEY my missise just had the same scam call as i came in she was talking to indian guy and she was in command exe and had already d-loaded ammy i jumped on phone used all my best language to him while he tells me im wrong immadieltly i removed all ammy refrences and processes and will restore and double check … She was about to hand over control on ammy phewwwww just in time … i called them back and before phone is answered u hear several keyboard buttons being pressed like a call diverter is in use then a so called polite lady answers denying all knowledge of this haha ……….heres the Number ill pass it all over the web for pranks 07805550161—– i will post any further updates Be safe ppl

  • David

    I was sitting at home today, I’m 13. And I received this call. Luckily my mom wasn’t homes when i got to the “give me all your money” stage I had to wait for my mom to provide credit card info. while I was waiting I looked the situation up as i had my reserves about the call in the first place. I then found tons of sites like these all leading to the same conclusion. After resetting my computer I received around 20 calls afterwards each from the same person. Needless to say I completely ignored them and eventually he stopped calling. Thanks guys :D

  • tls24

    this just happened to me except I wasted there time like they have to me many times All I did was string them along for 30 minutes or so while they were laughing in the background of course they heard me pounding on my keys which made them laugh even harder then I asked them if they liked wasteing my time they assured me that I wasnt and then I told them that that I was wasteing there time By golly they got rude and what they were going to do to my Mother and daughters and even my cat it really was comical and they also said they were going to call everyday that just made my night

  • Friday, late afternoon, I received a phone call from an English speaking Indian (sub-continent) hurriedly telling me he’s representing Tech Help Line and asking if I have a computer and am I the main user. He asks me to describe the lower left keys of my keyboard then asks me to hold down the 4 flag windows key and hit R. This opens a run window in the lower left corner. Then type in EVENTVWR and click OK. Then double click custom views and then administrative events in the middle window. It shows a number of errors and warnings and he uses this to prove (if there are more than 3) that I have a problem and a slow computer and he can help me.

    I knew he as going to try to get me to turn over control or access to my computer so I knew not to establish such a connection via a web connection. Back to the run window he said type in: www . AMMYY . com (no spaces) then single click OK then the green page… Well I didn’t type this address in for sure. I asked him to give me his supervisor and he said he’s the supervisor so I asked for the phone number there and he said a call back won’t work, your computer needs attention right now! So I started laughing and he said are you laughing and I said yes, I know what you’re trying to do and he promptly hung up.

    Just a FYI. Oh by the way he was calling from a bucket shop (call Center) because there was a tremendous cacophony of voices in the background the entire conversation. It was fun burning up some of his time!

    Forewarned if forearmed.

  • ricrabt

    Got a call from a guy with an Indian accent who said his name was Mark Johnson (when I asked his real name he said Mark Johnson lol). He said he was from Microsoft and how else could he know my name and phone number if he wasn’t legit (lol). He said my pc was going to be hacked very soon if I didn’t go to right now and let him solve the problem. I told hang on and googled AMMEYY and proceeded to read him all the comments here on this blog. What’s really funny is he kept telling me he’s the real deal. When I finally said I’m not going to release any control or info he said he was going to shut down my pc and that I was wasting his time. I didn’t set any records, but I got him for 28 minutes. Mark Johnson hahaha!!!

  • Gail

    I just got a call that said his name was David and windows wanted him to help me fix my computer that I am not having a issue with.Did not download anything. There was a lady first that passed me to a man.Told me my computer would shut down today If he did not help me I said ok I go buy a new 1 and he said it would do me no good it in my id address. I told him to have a good day.

  • Zack Williams

    Almost scammed my mom…

    I happened to be walking by my mom when she was on her laptop, it sounded like she was being instructed by someone to do something on her computer. Red flag #1. My mom knows very little about computers. Red flag #2. I saw “ammyy” and quickly walked over to my computer that happened to be on. A quick Google search brought up many user comments and pages filled with scam warnings. RED FLAG #3! Quickly, I walked back and told her to hang up the phone just as she was about some free download. She did, shut down her computer and blew the guy off. About 10 seconds later, he calls the house again and leaves a message on our voicemail saying he’ll “shut down the computer if you don’t do this and that”…blah blah, empty veiled threats.

    Years ago I almost fell for this scam and had a bad feeling up until the point he wanted my credit card information which was confirmation of a scam. Sadly, I get many phone calls from bizarre, unknown numbers from guys with Indian accents.

    Watch out everyone, these scammers are everywhere, unfortunately.

  • rspeace

    I bought the pro version and use it to support my customer warranty problems (Other support software too pricey). About a year ago different remote operators would ask for permission to log onto the same session I was in. This occurs almost every time, so I warn my customers not to “click” accept. I’ve been emailing support about the problem but they just give the same warnings you’ve outlined above. I believe this is a different problem. It’s not “cold calling” but scammers alerted to log on sessions. The only logical explanation is that the ammyy servers are hacked. They deny this of course but what else makes sense? Again, as soon as I log on to the remote computer another operator comes in right behind me and wants to gain access also (wasn’t an issue until a customer clicked accept and the hacker brought up notepad with instructions to call a 1-800 number). I’d love to use teamviewer or logmein but cost prohibited. Could this be something else besides a server breach?

  • Foiled spam

    They just tried with me luckily before I checked disregard I googled my iPad Air . I personally thought it was folly to have laptop and a tablet until that moment when I spotted the scam alert. Name given to me is Tracy Ray 855 481 5322

  • tori

    Hi this just happened to me 5 minutes ago, callers indian but said they were based in Australia, told me I have a 49.99 credit and want to refund me, told me to log into teamviewer, but looks like they want remote access. HANG UP its a HOAX and DO NOT LOG INTO TEAM VIEWER.

  • sonicimage

    I got fooled myself into this scam last week. Someone called me claiming to be from Microsoft. I used to trust people (but not now!), and because I had an agreement for a year with Microsoft about computer protection (but had expired I guess – a year ago I had updates failing all the time and I contacted Microsoft and signed up with them, they fixed my PC by repairing my OS). So, I thought they called me to renew the agreement! The person calling had an Indian accent but introduced as Patrick Jones. I gave him an access to my PC after I ran Ammyy admin .exe. He made me pay £95 for a year protection, and saw me inputting my credit card details! He did basic maintenance on my PC, downloaded Malwarebytes and ran the scan. I watched him doing all that. I didn’t see him installing anything except Mozilla Firefox and upgrading Team Viewer to v10. After he finished I started to feel uncomfortable (The worst thing is I’m a technician myself but never have time to maintain my own computer). I ran my bank immediately and asked to block my credit card. Then I located AA_v3.exe (was in a hidden folder) and deleted it, also removed ammyy admin service from the registry.
    I feel so stupid and blamed myself for being do naive and trustful. I learned my lesson though, and did a thorough research about scammers (didn’t have a clue before!). Pity I lost some money, but people always lose money on the way.
    I don’t see anything suspicious going on on my PC (also removed TeamViewer and Firefox). So, hopefully nothing will happen. Will be alert next time if someone calls me again!

  • Guest

    here by today i am disclosing the details of one company owners with their details who are running outbound virus scams from india. they have been running this business for the last many years in united kingdom and usa together.they are running virus calls scams with their websites are also hosted.


    please share this info as we really dont have any hope from any country’s police

    • Thank you for your information, which has been forwarded to a group including agencies authorized to undertake a formal investigation.

  • ancientgenes

    I got scammed a few months ago just like all these others have reported. I let them in and today something else happened and I’m wondering if it’s related. a loud noise blares and a warning message from Norton is displayed. I don’t use Norton but it says I have two viruses and must call tech support. My real, paid for current virus protector says I’m clean. What can I do?

    • I can’t say whether the message you’re seeing is related to something the scammers may have planted onto your PC, but the fact that it wants you to call tech support for a product you don’t have certainly suggests it’s a possible. If the product you do have has a mode for detecting possibly unwanted programs, make sure it’s enabled and re-scan. You might want to double-check with an online antivirus. However, there probably isn’t a ‘real virus’ on your system, but something that’s putting up a fake message and that was put there by the scammers. Real AV won’t necessarily detect it. Contact support for the product you do have for further advice. If you can’t get support from them, as might be the case if you’re using a free product, then you may need to find a reliable local repair company or invest in a reputable for-fee product.

      • nate

        If you don’t give remote access to yur computer are you fine?

        • Well, I can’t speak for the overall health of your system, but if you don’t let a support scammer onto your system, there isn’t much they can do except give you bad advice.

Follow us

Copyright © 2017 ESET, All Rights Reserved.