Continued...
"A little box should pop up in the corner. In that box I need you to type in," (he spelled this out) "'eventvwr'. Okay?"
"Okay, I typed in 'event viewer'. Is that good?"
"No, aveilleux. I need you to type it in exactly as I spell it." He repeats the proper spelling.
"I hit Enter and it said 'Cannot find the file 'event' or any of its components..."
"I need you to go back to the Run box."
"I'm sorry?"
Go to Start, Run again."
"But I already did that."
He sighs. "Please, Mister aveilleux, I need you to follow my instructions exactly or else your computer could be at risk for viruses from the Internet or other malware."
"Oh, right, yeah, I'm sorry. Okay, so I have the Run box up again." (At this point my ignorant facade starts to slip.)
"You've typed in 'eventvwr' into the box?"
"Yes I have. e-v-e-n-t-v-w-r."
"Good, now click OK."
"..Okay, this box that says 'Event Viewer' came up. Is that good?"
"Yes, aveilleux. Look on the left, do you see three menu items that say 'Application', 'Security', and 'System'?"
"On the left? No... wait, I was looking on the right. Yeah, those are there."
"Okay, now in the center box, do you see a few messages with big red 'X's next to them?"
"Oh, yeah, Jason. Those look pretty bad. What are they?"
"Those are warning messages about potential viruses from the Internet."
"Oh, oh dear. There certainly are a lot of them."
"Okay, Mister aveilleux, you can close out of that."
At this point I'm cracking up. I've wasted almost ten minutes of this poor sap's time just trying to load Event Viewer, which he apparently doesn't even need. I guess he was just trying to scare people who don't know what the Event Viewer is (which is, let's be honest, most computer users) into believing him.
"..Close out?"
"Click on the 'X' in the upper-right of the window."
"I don't see an 'X'."
"...Okay. Well. That's okay. Can you get the Run box up again?"
"How was that again?"
"Start, Run."
"Where's St-- oh, right, bottom-left. Okay, I've got the Run box up again."
"Now I need you to delete everything in the box we typed in before, okay?"
"Just, like, close the box?"
"No, Mister aveilleux. Select everything in the box, it should still say eventvwr in it, and press the Backspace key."
"The box closed."
"You wh..." I can hear the click as he mutes himself. There's a pause.
I'm losing him! I don't want him to hang up!
"Jason?"
"Yes, sorry aveilleux. Could you please get the Run box up again?"
"Sure thing, Jason. It's up and there's nothing in it. What now?"
"Okay. Now type in (Web address omitted). Can you repeat back to me what it says in the box?"
"Okay, it says '(Web address)'. Is that right?"
"Yes, now you can click 'OK'."
Jackpot. Executing a Web address in the Run box opens up an IE window (or whatever browser you have as default). I run a quick WHOIS on the site and, obviously, the information is forged to look real.
"Okay, it's loading up. The little spinner thing is going off in the corner."
"That's good, that means it's loading. Just let me know when it's ready."
The Web interface for LogMeIn 123 loads up. Hooray! Time to screw with a remote user.
"Hang on a second, my cat's doing something." I put the phone back down and wander away, muttering, "Kitty..." I quietly return to my desk and start downloading as many pictures as I can from r/spacedicks, tossing them into a zip file on my desktop called "passwords.zip". I then go find a Flash drive I have lying around... it's covered in red electrical tape with the word "VIRUS" Sharpied on the side. It's a massive 7z archive of computer viruses, all ready to be unloaded onto a target system. I unpack it into the VM then re-zip it, fiddling around with the autoexec flags of some of the files. This is "bank_data.zip", naturally. It's ready.
"Okay, Jason. It's loaded up. I'm at a LogMeIn prompt. It's asking for some kind of password?"
"Very good, Mister aveilleux. Now, just enter in the code 215807. Can you repeat that back to me?"
"2-1-5-8-0-7. Is that right?"
"Yes. Now click 'Connect to technician' and we'll be connected to you, so we can make sure you are protected."
I click OK. It prompts me to allow access to LogMeIn's support software. I allow it, then the screen flashes as my system's taken over by the remote technician (probably "Jason"). I see the cursor wiggle a little.
"Uh, Jason, my mouse is moving."
"Yes, that's normal. That means our support technician has connected to your PC and is now examining your system to ensure that it's safe."
"Oh... okay."
"Now, we're going to take a while, up to an hour. Is that okay?"
"Well, I mean, I guess if it'll keep my computer safe."
"You can walk away from the computer now, and we'll call you back when we're finished. Thank you for your time, aveilleux."
"Thank you, Jason, for doing this for me." He hangs up.
Naturally, the guy at the other end of the line grabs passwords.zip and bank_data.zip and uploads them to a fileshare server. (Why he didn't just use the LogMeIn VPN is beyond me.) I make a note of the deletion links. This takes maybe 45 minutes (I have a fast connection). After that's done, he snags some files from \WINNT\ (to grab registration info and such; of course, the system's data is all incorrect). I get a call from Jason.
"Okay, Mister aveilleux. We have all the information we need and we'll be back in touch with you if we need anything."
"Thanks much, Jason. I hope you enjoy my data as much as I did."
"I'm sorry?"
"Never mind. Goodbye!"
