Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LOGMEINRESCUE


  • Please log in to reply
4 replies to this topic

#1 rittenhouse

rittenhouse

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 04 August 2017 - 02:37 PM

Is this program or service allowed to view all files on your computer or just the account to which you sign onto? if there are more than one account on your computer can the technician see all of the files  throughout your system? It seems that they can see through all of your various accounts and peer deep into your system things which are not showing up on your screen! How do you make sure that they release this ability once you have disconnected? I went into regedit and tried to delete the LOGMEINRESCUE references. I was speaking to one (Indian) on the phone while he or another technician was running tests. I did not see any system files on my screen ;so he must be able to see what he is not telling me!


Edited by hamluis, 04 August 2017 - 04:26 PM.
Moved from Win 7 to All Other Apps - Hamluis.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 04 August 2017 - 06:21 PM

We heavily use LogMeIn Rescue where I work (it's a legitimate program, but you have to make sure the person behind it is legitimate), so I can tell you exactly what we have control of.

Yes, they can see all files if you give them permission to the File Manager. Once connected (after you download and run the Rescue applet from logmein123.com), there's a few different prompts that can come up, and basically determine what you gave them access to.

Usually I go for UAC access first, which will prompt you about the technician wanting admin access. At this point, your Windows Firewall may also popup to allow the executable to reach out to the network, where it makes the peer-to-peer connection. If you allow it, then you get a UAC prompt to accept to give the program full admin - at this point, I (they) have full control and access to about anything. You usually will still see prompts for each "module" though. This whole part is optional, but really makes things smoother; for example, without this step, I can't see UAC prompts if you run a program as admin, the screen will just freeze until you click it on your end.

The remote control itself is another step, which can be done with or without the previous step. It will give you a prompt like "Technician would like to view and share control of your desktop"; accepting this gives me (them) full remote control of your mouse and keyboard. At any point, you still have control, and can kick me out with Break, or fighting the mouse and closing the window quickly.

A separate prompt comes up for File Manager, and once allowed, I can see all drives on your computer. I'm not sure if permissions apply if you didn't give them the UAC admin, I've never tried it since I always get admin first. I can just read and write any file on your computer. When a file is transferred to or from your computer, the main window with the chat will show it, along with a progress bar of the transfer, so it's easy to see if they did anything. I'm not sure where this is logged, pretty sure it is saved somewhere.

So bottom line; yes, they can see everything if you let them.

To make sure they cannot get back in, just close the window or hit the red X, it will prompt you to terminate the connection. The other thing to look out for is the Unattended feature; this let's the technician remote back into the system at any time, but it usually is for a set amount of time. You would be prompted for this, and it would ask for your Windows password so they can log back in automatically if the system is rebooted or logged out. This feature usually shows as a blue circle icon in your tray by the clock.

Also check installed programs for anything LMI related.

I'm guessing you had a remote scammer as well. If it came from a website stating you had a virus and to call or connect to them, or received an unsolicited phone call claiming the same, it is 100% a scam.

Edited by Demonslay335, 04 August 2017 - 06:23 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 rittenhouse

rittenhouse
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 04 August 2017 - 06:52 PM

Well, actually it came from the HP support on line help. They wanted me to download an applet (which i did) a bit different from the regular style that companies such as Norton used where you have to download then run the applet.of course the usual accents.I signed on as an alternate account hoping that the tech department couldn't see private files, but I have my suspicions that they see several screens on their side of the fence including system operating programs and deep hidden system  resources not seen on the same screen that i am watching. i can see the mouse moving around, but I feel that that is somewhat deceptive. I truly believe that all "walls and barriers "on your computer are removed once you allow such a procedure to go forth. of course Norton found no virus..they never do , but-they switched me over to a company that would safe guard my future web browser. We are totally helpless in dealing with any type of technical support, you do not know who you can trust. they call you on the phone, (once I  had visited the HP support site ) and their caller I. D name is no where similar to HP.



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 04 August 2017 - 09:13 PM

What site did you go to to contact the HP support? There's thousands of fake ones that are scam bait sites. If you looked it up by Google, you are very likely to stumble on one instead of the real HP site.

If you truly did not trust them to not pry into your files, then why did you let them in in the first place? If you cannot be 100% certain of the trustworthiness of a support person, then it is best to take it into your local computer shop or something.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 rittenhouse

rittenhouse
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 04 August 2017 - 09:46 PM

I.m pretty sure that it was legitimate; as i was able to look up my serial number on their pages using the HP installed assistance apps.It is just i am annoyed at why they want to use over seas technical support.I could barely understand what they were saying.i plan to get another external hard drive and place my personal files on that and do a complete fresh system restore soon.. but sooner or later.. something will go wrong it always does. i guess that's why this site is called,"My bleeping computer" !






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users