Urgent, need help.

After a little bit of research, i found that "ammyy" is quite often used to scam people, post after post on the MS forums, To ensure they dont get into your computer, from what i read, the best way is just to locate and delete the .EXE after this, if that is the ONLY thing they asked and succeeded in getting you to do, once that file is deleted, i think your safe buddy, You could run scans etc to be on the safe side, good luck

I'd recommend running some scans and posting the logs back here to ensure you are safe,

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Another



download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

UsernameIssues said:

We don't have near enough info to declare this computer safe or clean.

Your are absolutely correct. Not enough information.
Maybe the OP will get back to you.

Layback Bear said:

UsernameIssues said:

We don't have near enough info to declare this computer safe or clean.

Your are absolutely correct. Not enough information.
Maybe the OP will get back to you.

I'm not holding out much hope for a slow and methodical examination of this incident.


This remote admin tool (RAT) has the ability to transfer files in both directions without additional warnings after the initial screen is accepted:



We don't know if the OP placed a check by "Remember my answer for this operator"* or what options were agreed to. We don't even know if the person that called the OP ever took remote control of the computer in question. If so, did that person run any apps? That kind of seems important.

*removing the ammyy folder from the programdata area makes the app "forget".

After the incident:
We don't know if the computer was taken off of the network while the issue is being worked.

We don't know what browser was used to download the RAT (which might help us to find the log file). That said, the logging seems to only detail errors. A successful transfer of files would not be logged :-(


I could have handled this thread better. I'm not thinking all that clearly after staying up all night clearing stubborn infections (via remote control) from two computers that I support. More poor marks for MSE :-(


I should have made my first post to this thread read something like:
You may feel panicked right now, but the best course of action is to slow down and do nothing without careful consideration. Leave the computer in question turned off until we develop a plan to examine it.

I also should have stopped going forward until my questions were answered. Specifically, was the computer off of the network.


Ammyy makes a legit RAT that is used by lots of companies. There are many other RATs that operate in much the same way (e.g. nothing to install, convey your ID to the other person to allow remote control).