Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem - Go To Assist?


  • Please log in to reply
15 replies to this topic

#1 ByondKlewless69

ByondKlewless69

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 06 April 2016 - 07:57 PM

Hi All,

  I have a friend who lives about 90 mi away and apparently he got this "Go To Assist" program installed on his computer. Says that he allowed them remote access to his computer (hmmm... that don't sound good to me) then they reported a whole bunch of "problems" found on his machine! I'm not sure how he got it on there as he is a stroke victim and has problems remembering. So, if anyone has any tips on how to get rid of this garbage, it would be greatly appreciated.

 

Thank you in advance,

Klewless



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:40 AM

Posted 06 April 2016 - 08:05 PM

Without making him feel bad, find out exactly what happened during and after The Assist.  Find out what usb and/or dvd boots he has, what OS [oem or ms] dvds he has.  The solution process will depend upon what tools he has available.  Is he willing to let you Teamviewer into his computer?  You might be able to remote control in, ascertain more of just what has been done, ascertain what you can do about it.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 06 April 2016 - 08:26 PM

This is a scam run by criminals. Did he give them his credit card info?

They may have left some crappy scanner on his computer.

 

The scammers make money by convincing their targets they can repair all and by selling long term

contracts and crappy repair and security programs.

 

If your friend hung up on the criminals before giving his CC info then it is likely no damage was done.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 06 April 2016 - 08:36 PM

Hi Roland, thank you for your response. From my conversation with him earlier today, he said some "notification" window popped up on his monitor after he was having resolution problems when he opened a new page in his browser (Chrome) supposedly from a "Windows Support Tech" with a phone number, which he called. Apparently they talked him into letting them take remote access, then after the song & dance told him how much $$$ it would take to fix. Now his resolution on the monitor is way off and he can't read his e-mail or view all the content of certain pages in his browsers. He didn't pay up cause by that time he thought he had been scammed. However they left their "Go To Assist" crap on his machine.

 

OS: Win7 Pro 64bit

Bitdefender AV

and

Malewarebytes

 

He has a Emergency Boot Disc and a Macrium Reflect image backup on his second HDD about 2 yrs ago.



#5 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 06 April 2016 - 08:42 PM

Hi buddy215, thank you for your response. Nope, luckily he didn't give his CC after he realized he probably been had. However, they left their shortcut to the software on his desktop, and I'm thinking they installed something, not to mention anything else while the where mucking around on his machine.



#6 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:40 AM

Posted 07 April 2016 - 04:33 AM

Is there any way you, him, and his computer can get together on a weekend day?  The only way to resolve this is "hands on."  While he may not know as much about computing as he would like, he certainly can help with cleanup and going forward.  Two year old backup probably includes all his data folders and files, he's using one partition/one hard-drive, correct?


Edited by RolandJS, 07 April 2016 - 04:33 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 07 April 2016 - 04:34 AM

Your friend can look in his list of installed programs for the remote access program and simply uninstall it.

GoToAssist is a legitimate program and can be easily uninstalled. If the shortcut is still on his computer after

uninstalling then right click on it and delete.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 07 April 2016 - 06:09 AM

Hi Roland, yes I agree that it may require 'hands on' with his box to make sure all is well. The second internal HDD has two partitions, one for the backup image, the other for Data. The first Hdd is the OS C: I have a USB Win7 x64 Installation flash drive, if needed.

 

Hi buddy215, if the program has its own uninstaller, any experience with how good it cleans up after its self? I have already advised him to shut down and disconnect his LAN cable for now. Was thinking of having him start in safe mode with networking, uninstall 'Go To Assist', update his Malewarebytes, run a scan/remove if anything found. Then restart normal and see if it's running ok. I don't know if it wiped out his Restore Points or not yet. Hard to tell without the box just what all is there. Is this a good procedure to follow? I'm not the sharpest tool in the shed when it comes to removing crapware. That's why I come here, to get help from experts.

 

Will let you guys know how it goes after I try and talk him through it over the phone.

 

Thanks for your help,

Klewless



#9 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 07 April 2016 - 06:33 AM

Running the uninstaller in regular mode would have been sufficient.

 

There have been several members that have had the same and similar experiences with the criminals.

For the most part, no malware was involved. But to be sure that no adware or malware was involved scans

were recommended using AdwCleaner, MBAM, CCleaner, Junkware Removal Tool and Eset Online scanner.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 07 April 2016 - 07:10 AM

Hi buddy215, thanks for the input, I will take your advice on the normal startup/program removal.

It is sounding better to me that no malware/adware/crapware possibly not involved.

 

Regards,

Klewless



#11 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:40 AM

Posted 07 April 2016 - 01:08 PM

"...AdwCleaner, MBAM, CCleaner, Junkware Removal Tool and Eset Online scanner..."

Be aware that a few malware fighters such as AdwCleaner and JRT [just to name a couple] can be a little caustic.  Such, if run too quickly and not unchecking what is known-good, can remove goodies that have to be reinstalled. 


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#12 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 07 April 2016 - 03:13 PM

Hi Roland, thanks for checking in. I'll take note of the ambitious behavior and use due care. So far we did not find 'GoToAssist' in Control Panel programs, so maybe no harm done, we hope. Did however find a Citrix folder in  C:\Program Files(x86)\Citrix\GoToAssist Remote Support Customer\948\Shortcut.txt_Notepad.  Still to be determined if we should delete without a scan. We had to cut our over the phone session short. I'll be back with him tomorrow.

 

Thanks for you help,

Klewless


Edited by ByondKlewless69, 08 April 2016 - 03:37 AM.


#13 ByondKlewless69

ByondKlewless69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 09 April 2016 - 05:38 AM

Hi All,

Thank you for looking at this post and providing input and advice. Unfortunately it is too difficult to try and identify the problem over the phone with my friend as I cannot 'see' what is on his monitor while trying to assist him. What I have been able to confirm is Bitdefender Virus Shield and Auto Scan are turned OFF <Cannot be toggled back ON> and Malwarebytes self-protection module had been disabled <'Unchecked'> but was able to enable it <Checked>. Normal boot time has gone from less than a minute to about 15 minutes. I was able to have him run: sfc /scannow  in elevated command prompt and it reported no violations. He believes this all started April 1, 2016. Was unable to talk him through booting into Safe Mode. So we will have to make arrangement for him to bring me the box. Not sure is this is being caused by 'GoToAssist' or something more. Hopefully I can re-post here for further assistance.

 

Thank you for your help,

Klewless



#14 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:40 AM

Posted 09 April 2016 - 12:35 PM

GoToAssist probably is not the only malware and un-wanted-ware on the computer.  Hey, we all will be here!


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#15 IGeekJazz

IGeekJazz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 03 October 2017 - 08:18 PM

My friend had this same program installed on his Windows 10 Home (Version 1703) OS machine. Today I uninstalled it through Windows uninstaller via the Control Panel. However, I noticed that the executable files remained even after running CCleaner. He has 3 different .exe files in the path:

C:\Program Files (X86)\GoToAssist Remote Support Customer\1488\

One of them is g2ax_service.exe.

I tried to delete the files but received the File Access Denied pop-up saying "You'll need to provide administrator permission to delete file. You require permission from computer's administrator to make changes to this file. I checked under his "Accounts" and he is listed as APSLONE, Local Account, Administrator.

 

How can we delete these executable files that he no longer needs or wants?

 

Thank you very much.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users