>> Well I hope not but he let them remote access his computer.
The one I had a look at in May, was actually clean - well sorta if you know what I mean, and the 'other thing' was actually unrelated and more of a co-incidence and came from elsewhere.
I said to the guy, there is no way that they can know from the 'other end' that your PC is infected and they are using event viewer to scare users into thinking that it is.
From what I can gather, the main scam is to allow them to remote access, and then fork out a hefty fee for 'cleaning' up the PC, that basically just were normal windows notifications which the average user would never see because they are within event viewer.
Once those are all deleted, the victim them probably feels that his PC is 'clean', but if it WAS genuinely infected the company probably wouldnt even bother looking at that.
The Report by Computer Active "sadly there's some bad information going around.", would also seem to suggest that leaving malious software on the PC to track info afterwards is baloney.
I would imagine the scammers are simply using something like TeamViewer to remote access, and then just deleting events in the windows logs, whilst charging a nice fee for the privilege of doing basically nothing.
One thing that does strike me is that due to these scammers not really cleaning up Windows machines, and because they are preying on the niave, is that those users who report their computers have been compromised... could well have got trojans from other sources.