If the computer is a OEM (Dell, HP, etc) it probably has a Factory recover.
Once you launch it (from Windows or from BIOS) it will format the C: partition and load an image from the Restore partition.
It won't take long and it will end as it came from.
Save the data on a USB flash disk or external disk.
To help us guide you, give us the brand and model of your grandmother's computer.
Hi everyone,
OP here once again. I'm at Grandma's house and am poking around on the computer again. I've been busy with all sorts of things, many related to aging parents. Thanks for all the replies !! I know I'm supposed to just reload windows, to be safe. But so far I am content to tell Gma not to access any financial websites on her computer. I go to a different computer and access her financial sites myself, to check on things.
Anyway, I've found some more interesting stuff about the 'hack'.
I am now able to use Gmail again on her computer. It had been disabled somehow before, but became active again somehow. "Disabled' means you could click on the gmail icon and nothing would happen. Now it works again. I don't think I did anything to fix it.
I noticed that when you right click on the 'computer tech 350' folder icon (which appeared on the day of the hack) on her desktop, you get the popup box which has Mcafee 'scan' option and mcafee 'shred' option. Tempted to use 'shred'. I can't find much info about on mcafee shred, even with lots of googling, just that it is supposed to be a way to permanently delete something and make it unrecoverable.
I ran the mcafee scan option on the folder, and it processed for about 10 seconds, and reported that 4 files were scanned (yes, the folder contains 4 files) and that zero problems were found.
One of the 4 files in the folder is called Supremo.exe ! Internet says supremo.exe is a remote access program, which in itself is not malware. The install date of supremo is 9/9/2018, which is the day of the 'hack'.
Getting back to what actually happened on the 'hack' day, I asked Gma again about it and she said she would never give her passwords out to anyone, and that she did not give any password to the hackers. Maybe her memory is wrong. But maybe the hackers didn't need a password, anyway. Once they had Gma's IP address, they sent over the supremo.exe to her IP address, and Gma saw a dialog box pop up asking for her permission to install it? No password needed, Gma just clicks on OK, and boom, the new 'computer tech 350' icon pops up and the supremo.exe is installed ?
Another thing: remote access would not be needed in order to talk Gma through setting up a new Yahoo email account, right?
The scammers could have gotten their $149 and her credit card number from Gma without remote access, right? Of course why not go for the gusto, and send over the supremo.exe for good measure when you have a sucker on the line, right?
When I click on "remote app and desktop connections" it tells me there are currently no connections available on this computer'. A few days after the hack I noticed that 'allow remote assistance' was checked in 'system protection' tab in 'system', so I unchecked it.
Gma is running McAfee antivirus on her computer, and Windows Defender is turned off. A run of McAfee 'quick scan' says there are no problems found.
Summing up, thanks for all the advice so far. If you are tired of me not doing a reformat, reload, etc, I apologize and again thank you for your efforts, and of course someone in the future may benefit from reading this thread.
Is it possible the supremo.exe could self-activate at some point and send passwords and account numbers, etc out to hackers?
Lastly, what about the idea of me using the Mcafee 'shred' option on the entire 'computer tech 350' folder and the 4 files in it? Or just delete the whole folder, send it to recycle bin, and delete it from recycle bin? Any downside?
Thanks
Hi byzantine,
I really only have two things to offer:
[1] Save ALL her personal data and files to an external HDD.
[2] CLEAN INSTALL!
I only say this because you can spend hours and hours [and probably have] looking for what might have and might not have happened.
At the end of the day though, there will always be a doubt in the back of your mind. It is far better to be safe than sorry and still have money in the bank!
It really is quite easy to clean install. We can walk you through it if you don't feel that it is something that you can do on your own!
I hope this helps!
I agree with Paul.
Once the computer has been under others control you don't know what is installed. And you can run all antivirus and it won't find anything because a program for remote control isn't a malware. Then in some months a schedule is executed and they take control again.
As I wrote on post #21 there should be a option to do a Factory restore.
Save the data on a USB flash disk or external disk.
Launch Factory restore from windows or from BIOS. It won't take long and it will end as it came from factory.
Then you just need to install the programs and updates.
Unfortunately these guys are right, a new install is what you need. Someone could go through all the places to look for these things but it would be a long list and very technical, and that kind of help usually ain't free, and honestly is more labor to Show someone how to do than actually do it.
My idea for you is to install Windows 10. I say this because it is Waaaaay faster to install. Windows 7 will take you all afternoon if you know what you are doing, longer if you don't. That is if you want all the Updates, perhaps that is not important for GMA.
And, some don't trust the Recovery Partition after scammers get involved. This may be a little paranoid, but it's possible that it has been tampered with, if it works at all. Most these scammers are lazy and will only remove Restore Points, and sometimes not even that. And, make sure to Delete all the Partitions during the install. This will eliminate every issue when you wipe the drive of all partitions. That is the key, to wipe all partitions.
Have you tried System Restore, most of these guys delete the restore points.
Uninstall Supremo
I don't endorse this site, but here are some simple instructions to follow.
Quote