Scammer installed MS Access file

Tony D

Tony D

Super-Moderator
FPCH Staff
Joined
Jan 18, 2016
Messages
812
Location
SE Pennsylvania, USA
I'm looking at a computer where someone called the user, told them that there was a problem with their computer. The user allowed them remote access and gave them the password to get into their machine. We've since changed the password.

I see that the scammer put three files on this Windows 10 machine:

1) AnyDesk.exe onto the Desktop
2) FixMeit Client.exe into the Downloads folder
3) An MS Access file titled "New Microsoft Access Database.accdb"​

It doesn't look like any executables were installed.

What piques my curiosity is that MS Access file. What would that be for?
 
Hi Tony,

I see that the scammer put three files on this Windows 10 machine:
Click to expand...
AnyDesk.exe onto the Desktop
AnyDesk is a popular Remote Desktop application and no administrative privileges or installation is required.

FixMeit Client.exe into the Downloads folder
With FixMe.IT, connecting to a remote desktop becomes as simple as a mouse click.
You can direct the client to your website to start a support session or you can easily manage unattended machines from your account console.

An MS Access file titled "New Microsoft Access Database.accdb"
The title doesn't give anything away.
It's been a long time since I wrote or used Access databases..... but New Microsoft Access Database.accdb is the generic title for a new database.
.accdb files are related to versions of Access since 2007.
The database could include any number of things.... even macros ( which can be used for malware purposes)
If this was placed by the scammer it may well be password protected. ( as this is possible with these files)
Does the user have M$ Access 2007 or newer installed?

Have you tried deleting these files and then running a malware scan?
 
Thanks Pete, It has MS Office Home and Student 2010. Looks like it also has or had Office Professional 2010 Trial edition which has expired.

You confirmed my findings on AnyDesk, I hadn't researched the FixMeit Client yet.

I thought I sent all three of those files to VirusTotal. Results were clean.

MBAM found only PUPs.
The installed McAfee found nothing.
ESET found one item in AppData\Local\Mozilla\Firefox\Profiles\ks412v3u.default\cache2\entries\ some long alpha-numeric file name
Threat name: HTML/FakeAlert.DQ trojan
 
Hi Tony,

It has MS Office Home and Student 2010.
Looks like it also has or had Office Professional 2010 Trial edition which has expired.
Click to expand...
Either way, the MS Access file is useless.
As you can see neither the trial (Starter) version or the H & S version have Access installed.

8c5ff74dd0ea606c3160e25ce9679cdb.png
 

Similar threads

A
Microsoft Security Exposure Management Graph: unveiling the power
Replies
0
Views
22
andreykarpovsky
A
L
New on Microsoft AppSource: June 7-13, 2024
Replies
0
Views
63
Luxmi_Nagaraj
L
AWS
Insights you can use: Microsoft’s internal upgrade to Windows 11
Replies
1
Views
440
Tony D
Tony D
AWS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Replies
1
Views
291
Tony D
Tony D
AWS
Seamless update experience for organizations on Windows 11
Replies
1
Views
374
Tony D
Tony D
Back
Top