6 replies to this topic

[jonbey]

A cold caller they asked me to open a command prompt and type assoc to get my unique customer ID. They used this to convince me that they were genuine Microsoft support. How did they know it?

I know that they are running a dodgy show, and that MS sued a previous incarnation of them, or a company operating the same way - "windows securities services" etc. but curious to know how they knew. Is it something they may get from an email, web logs? Maybe it is not unique?

Edited by jonbey, 15 November 2010 - 01:03 PM.

[Michael_Martinez]

That command doesn't work for me. What version of windows are you running? Are you sure you didn't download something? I cannot find any online reference to such a command, either.

[jonbey]

Not aware of downloading anything. But I did make a typo.

Correcting now, assoc was the command.

Check out my latest webologist post to see a full story. Still at a loss about that ID.

[jonbey]

just found this: http://support.microsoft.com/kb/323526

makes no sense to me... but maybe they were checking that something (their trojan/virus?) was in place?

[Michael_Martinez]

So the zfsendtotarget CLSID is not unique. I can pull it up on my system. This is just the data stored in "REG_SZ" under HKEY_CLASSES_ROOT. I see other people are reporting the same scam as you when I search for this registry field.

[jonbey]

Ah, the cheeky sods. I googled parts of that id and found nothing. Will seek out those other cases, add to my blog.

[jonbey]

aaahh, why could I not find that before?
888DCA60-FC0A-11CF-8F0F-00C04FD7D062

everywhere.

I must have mistyped it!