Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Urgent, need help.

14 Dec 2013   #11
KingzofDawn

Windows 7 Ultimate x64
 
 

I guess I'll try to find it and delete it. I'll get back after a while.


My System SpecsSystem Spec
.
14 Dec 2013   #12
UsernameIssues

W7 Pro SP1 64bit
 
 

Sorry - I did not mean to imply that you should delete anything just yet.
My System SpecsSystem Spec
14 Dec 2013   #13
UsernameIssues

W7 Pro SP1 64bit
 
 

Just locate the EXE - because there should also be a log file in the same folder.
My System SpecsSystem Spec
.

14 Dec 2013   #14
UsernameIssues

W7 Pro SP1 64bit
 
 

You have not confirmed that you disconnected the computer from your network.
My System SpecsSystem Spec
14 Dec 2013   #15
Devlin1888

Windows 7 Home Premium 64Bit
 
 

After a little bit of research, i found that "ammyy" is quite often used to scam people, post after post on the MS forums, To ensure they dont get into your computer, from what i read, the best way is just to locate and delete the .EXE after this, if that is the ONLY thing they asked and succeeded in getting you to do, once that file is deleted, i think your safe buddy, You could run scans etc to be on the safe side, good luck
My System SpecsSystem Spec
14 Dec 2013   #16
KingzofDawn

Windows 7 Ultimate x64
 
 

Ok thanks guys, I fixed the problem, ran multiple scans on my computer and I can safely say it is fixed. Thanks for the help
My System SpecsSystem Spec
14 Dec 2013   #17
UsernameIssues

W7 Pro SP1 64bit
 
 

We don't have near enough info to declare this computer safe or clean.
My System SpecsSystem Spec
14 Dec 2013   #18
Devlin1888

Windows 7 Home Premium 64Bit
 
 

I'd recommend running some scans and posting the logs back here to ensure you are safe,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Another



download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
My System SpecsSystem Spec
14 Dec 2013   #19
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
We don't have near enough info to declare this computer safe or clean.
Your are absolutely correct. Not enough information.
Maybe the OP will get back to you.
My System SpecsSystem Spec
14 Dec 2013   #20
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Quote   Quote: Originally Posted by UsernameIssues View Post
We don't have near enough info to declare this computer safe or clean.
Your are absolutely correct. Not enough information.
Maybe the OP will get back to you.
I'm not holding out much hope for a slow and methodical examination of this incident.


This remote admin tool (RAT) has the ability to transfer files in both directions without additional warnings after the initial screen is accepted:

Urgent, need help.-ammyy-1.png

We don't know if the OP placed a check by "Remember my answer for this operator"* or what options were agreed to. We don't even know if the person that called the OP ever took remote control of the computer in question. If so, did that person run any apps? That kind of seems important.

*removing the ammyy folder from the programdata area makes the app "forget".

After the incident:
We don't know if the computer was taken off of the network while the issue is being worked.

We don't know what browser was used to download the RAT (which might help us to find the log file). That said, the logging seems to only detail errors. A successful transfer of files would not be logged :-(


I could have handled this thread better. I'm not thinking all that clearly after staying up all night clearing stubborn infections (via remote control) from two computers that I support. More poor marks for MSE :-(


I should have made my first post to this thread read something like:
You may feel panicked right now, but the best course of action is to slow down and do nothing without careful consideration. Leave the computer in question turned off until we develop a plan to examine it.

I also should have stopped going forward until my questions were answered. Specifically, was the computer off of the network.


Ammyy makes a legit RAT that is used by lots of companies. There are many other RATs that operate in much the same way (e.g. nothing to install, convey your ID to the other person to allow remote control).


My System SpecsSystem Spec
Reply

 Urgent, need help.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Please help anyone!! Urgent!!
Well, I've just took out the RAM memories today and swapped them from slot to slots to see if that makes any difference or changes. The thing is, once I put them back on again and start my computer, the system seems lagging more and even slowing down? So the question is, how do we fix this? ...
General Discussion
[URGENT] BOOT LOADER ERROR [URGENT]
Hi Guys, This is quite a long story, So let me get straight to the point. :) On my Dell Optiplex 360 Computer (Windows 7-Ultimate) I partitioned the hard drive to make space for another windows installation. I then installed Windows Vista Ultimate on it. All of that went successfully but...
Installation & Setup
Help please urgent!
Hello I'm new to this forum and I need help please :) My computer specs are: OS: Windows 7 x64 CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz RAM: 4GB DDR2 800MHz GRAPHICS CARD: Asus Geforce GTX260 MOTHERBORAD: Gigabyte EP45-DS3L Everything works perfectly new computer and newly...
BSOD Help and Support
Urgent help plz
Hey guys...plz help me out as soon as possible...i thought of changing the windows startup sound using the tutorial on this site...i renamed imageres.dll to imageresold.dll....it automatically made a file called imageresoriginal.dll also...within the system32 folder...i was continuing with the...
BSOD Help and Support
[URGENT] All System Restore Point Gone!![/URGENT]
The problem occurred when I made a standard user account and through that i redirected to the admin profile under c:/Users/xxxx and i right clicked the profile>properties>security> and i removed the standard account access to that admin folder and got some "Access denied error". After i logged off...
Backup and Restore
I need Urgent Help!
I encrypted in my LG laptop with omnipass some very important word office documents. I broke my LG laptot in 4 pieces. I have this files in my external hard disk,i copy paste them in my desktop i setup omnipass and i try to Decrypt them . But i can't,what im doing wrong? Please help,those files...
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:48.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App