Grandma allowed Computer 350 Tech scammer to install junk.

If the computer is a OEM (Dell, HP, etc) it probably has a Factory recover.
Once you launch it (from Windows or from BIOS) it will format the C: partition and load an image from the Restore partition.
It won't take long and it will end as it came from.

Save the data on a USB flash disk or external disk.

To help us guide you, give us the brand and model of your grandmother's computer.
 

My Computers My Computers

  • At a glance

    Windows 7 HP 64i5 6600K - 800MHz to 4200MHz4+4G GSkill DDR4 3000IG - Intel 530
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    custom build
    OS
    Windows 7 HP 64
    CPU
    i5 6600K - 800MHz to 4200MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Windows 7 and Lubuntu
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500Mb/s
    Browser
    Firefox 64
    Other Info
    TinyWall firewall
  • At a glance

    Windows 7 Proi7-4500U 800MHz to 3.0GHz(4+4)G DDR3 1600IG intel 4400 + NVIDIA GeForce GT 745M
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus Q550LF
    OS
    Windows 7 Pro
    CPU
    i7-4500U 800MHz to 3.0GHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics Card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs +
    1T HDD for data
    Internet Speed
    500 Mb/s
    Browser
    Firefox
    Other Info
    TinyWall firewall
Hi everyone,

OP here once again. I'm at Grandma's house and am poking around on the computer again. I've been busy with all sorts of things, many related to aging parents. Thanks for all the replies !! I know I'm supposed to just reload windows, to be safe. But so far I am content to tell Gma not to access any financial websites on her computer. I go to a different computer and access her financial sites myself, to check on things.

Anyway, I've found some more interesting stuff about the 'hack'.

I am now able to use Gmail again on her computer. It had been disabled somehow before, but became active again somehow. "Disabled' means you could click on the gmail icon and nothing would happen. Now it works again. I don't think I did anything to fix it.

I noticed that when you right click on the 'computer tech 350' folder icon (which appeared on the day of the hack) on her desktop, you get the popup box which has Mcafee 'scan' option and mcafee 'shred' option. Tempted to use 'shred'. I can't find much info about on mcafee shred, even with lots of googling, just that it is supposed to be a way to permanently delete something and make it unrecoverable.

I ran the mcafee scan option on the folder, and it processed for about 10 seconds, and reported that 4 files were scanned (yes, the folder contains 4 files) and that zero problems were found.


One of the 4 files in the folder is called Supremo.exe ! Internet says supremo.exe is a remote access program, which in itself is not malware. The install date of supremo is 9/9/2018, which is the day of the 'hack'.

Getting back to what actually happened on the 'hack' day, I asked Gma again about it and she said she would never give her passwords out to anyone, and that she did not give any password to the hackers. Maybe her memory is wrong. But maybe the hackers didn't need a password, anyway. Once they had Gma's IP address, they sent over the supremo.exe to her IP address, and Gma saw a dialog box pop up asking for her permission to install it? No password needed, Gma just clicks on OK, and boom, the new 'computer tech 350' icon pops up and the supremo.exe is installed ?

Another thing: remote access would not be needed in order to talk Gma through setting up a new Yahoo email account, right?
The scammers could have gotten their $149 and her credit card number from Gma without remote access, right? Of course why not go for the gusto, and send over the supremo.exe for good measure when you have a sucker on the line, right?

When I click on "remote app and desktop connections" it tells me there are currently no connections available on this computer'. A few days after the hack I noticed that 'allow remote assistance' was checked in 'system protection' tab in 'system', so I unchecked it.

Gma is running McAfee antivirus on her computer, and Windows Defender is turned off. A run of McAfee 'quick scan' says there are no problems found.

Summing up, thanks for all the advice so far. If you are tired of me not doing a reformat, reload, etc, I apologize and again thank you for your efforts, and of course someone in the future may benefit from reading this thread.

Is it possible the supremo.exe could self-activate at some point and send passwords and account numbers, etc out to hackers?


Lastly, what about the idea of me using the Mcafee 'shred' option on the entire 'computer tech 350' folder and the 4 files in it? Or just delete the whole folder, send it to recycle bin, and delete it from recycle bin? Any downside?


Thanks
 

My Computer My Computer

At a glance

windows 7 32 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
custom
OS
windows 7 32 bit
Motherboard
asus ??
Hard Drives
maxtor 75 g
Browser
firefox
Hi byzantine,

I really only have two things to offer:

[1] Save ALL her personal data and files to an external HDD.
[2] CLEAN INSTALL!

I only say this because you can spend hours and hours [and probably have] looking for what might have and might not have happened.

At the end of the day though, there will always be a doubt in the back of your mind. It is far better to be safe than sorry and still have money in the bank!

It really is quite easy to clean install. We can walk you through it if you don't feel that it is something that you can do on your own!

I hope this helps!
 

My Computer My Computer

At a glance

Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux...Intel(R) Pentium(R) CPU P6200 @ 2.13GHz4.00 GBIntel(R) Graphics Media Accelerator HD
Computer type
Laptop
Computer Manufacturer/Model Number
Fujitsu LIFEBOOK
OS
Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
CPU
Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Motherboard
FUJITSU FJNBB06
Memory
4.00 GB
Graphics Card(s)
Intel(R) Graphics Media Accelerator HD
Sound Card
[1] Realtek High Definition Audio [2] Intel(R) Display Audio
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 59 Hz
Hard Drives
TOSHIBA MK5076GSX
Antivirus
AVG FREE
I agree with Paul.
Once the computer has been under others control you don't know what is installed. And you can run all antivirus and it won't find anything because a program for remote control isn't a malware. Then in some months a schedule is executed and they take control again.

As I wrote on post #21 there should be a option to do a Factory restore.
Save the data on a USB flash disk or external disk.
Launch Factory restore from windows or from BIOS. It won't take long and it will end as it came from factory.
Then you just need to install the programs and updates.
 

My Computers My Computers

  • At a glance

    Windows 7 HP 64i5 6600K - 800MHz to 4200MHz4+4G GSkill DDR4 3000IG - Intel 530
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    custom build
    OS
    Windows 7 HP 64
    CPU
    i5 6600K - 800MHz to 4200MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Windows 7 and Lubuntu
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500Mb/s
    Browser
    Firefox 64
    Other Info
    TinyWall firewall
  • At a glance

    Windows 7 Proi7-4500U 800MHz to 3.0GHz(4+4)G DDR3 1600IG intel 4400 + NVIDIA GeForce GT 745M
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus Q550LF
    OS
    Windows 7 Pro
    CPU
    i7-4500U 800MHz to 3.0GHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics Card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs +
    1T HDD for data
    Internet Speed
    500 Mb/s
    Browser
    Firefox
    Other Info
    TinyWall firewall
Unfortunately these guys are right, a new install is what you need. Someone could go through all the places to look for these things but it would be a long list and very technical, and that kind of help usually ain't free, and honestly is more labor to Show someone how to do than actually do it.

My idea for you is to install Windows 10. I say this because it is Waaaaay faster to install. Windows 7 will take you all afternoon if you know what you are doing, longer if you don't. That is if you want all the Updates, perhaps that is not important for GMA.

And, some don't trust the Recovery Partition after scammers get involved. This may be a little paranoid, but it's possible that it has been tampered with, if it works at all. Most these scammers are lazy and will only remove Restore Points, and sometimes not even that. And, make sure to Delete all the Partitions during the install. This will eliminate every issue when you wipe the drive of all partitions. That is the key, to wipe all partitions.

Have you tried System Restore, most of these guys delete the restore points.

Uninstall Supremo

I don't endorse this site, but here are some simple instructions to follow.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64bitAMD A8-3520M6.00GB DDR3 @ 674MHz (9-9-9-24)512MB ATI AMD Radeon HD 6620G
Computer type
Laptop
Computer Manufacturer/Model Number
HP Pavilion dv7-6c23cl
OS
Windows 7 Home Premium 64bit
CPU
AMD A8-3520M
Motherboard
Hewlett-Packard 180B (Socket FS1)
Memory
6.00GB DDR3 @ 674MHz (9-9-9-24)
Graphics Card(s)
512MB ATI AMD Radeon HD 6620G
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
(1600x900@60Hz)
Hard Drives
Samsung 850 EVO 250GB SSD
Mouse
Logitec M525
Internet Speed
30-75Mbps
Antivirus
Avast Free, Unfortunately
Browser
Google Chrome, Firefox, IE
Back
Top