Some of our clients have been contacted recently by a company purporting to represent Microsoft and claiming that their computer has downloaded a virus which is broadcasting your personal information online. The company is aiming to sell its security software which will, they claim, remove this security risk. Although the call is clearly a scam, some people have been taken in because they caller can claim to know the CLSID number of your computer.
A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOTCLSID. Editing or even viewing the Registry is not recommended unless you really know what you’re doing but the caller may persuade someone to run the ASSOC command. It’s easy to do: you click on the Start button, Run, type in CMD to get to the command prompt (DOS prompt) and type ASSOC. That runs through a long list of file associations, telling you (for instance) that “.xltx=Excel.Template”. If you do make it to the end of the file you’ll find this entry:
ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
This is the number that the scammer will quote back to you to prove that your computer has been compromised, however this number is NOT unique and will be the same for recent versions of Windows. In other words, the scammer can’t see your CLSID or anything else on your PC, including your Event Viewer logs. Unless, of course, you fall for the scam and give him remote access. If contacted by someone alerting you about a security issue just politely tell them where to go!
Please view an earlier extended article here: Support Desk Scams: CLSID Not Unique
