Hello britechguy and Nikhil__CV,
After being exposed to the worst of humanity in my dealings with the deceivers at GuruAid, it's very gratifying to interact with people who are not only not trying to scam me but are actually seeking to help me !!! Wow! So I must immediately express my appreciation to you guys: imagine I'm uttering the following words in the kind of thunderous basso profundo that is used to simulate God's Voice in the movies!!
So, here's what I've done in the past few days: synthesizing the disparate pieces of advice I've gotten from all sources into a coherent, sensible plan, the first thing I did as I turned on the affected computer was to instantly put it in Airplane Mode to sever it from the internet and any potential further mischief from GuruAid should there still be a connection between them and that computer. Then, following a good suggestion, while still in Airplane Mode, I carefully examined my full list of programs in Add or Uninstall a Program and my full list of Apps in the Start Menu to see a) if I saw anything with GuruAid's name in it (when I was going through the Windows process to give remote access to GuruAid, I typed their name into the box that Windows supplied)-- and no, I didn't see anything with GuruAid's name in it, and then, realizing that of course GuruAid, while on that computer, might have slipped something into it without their name on it, I carefully checked to see if I noticed anything that didn't 'belong' in the Add or Uninstall a Program list or any inappropriate new Apps in the Apps list. Again the answer was 'No', and my pulse started to noticeably slow! But, at this point my senses were still on Full Alert, as I cautiously left Airplane Mode and connected to the internet. The first thing that happened was the appearance of a notice from Windows that popped up on my computer screen that said something like "the Host has ended the session" and referenced GuruAid by name. That must have been what appeared on the GuruAid guy's screen at some point after I turned off my computer on Thursday and didn't turn it back on (in thinking about why the connection had remained in effect on Thursday when, in my first failed attempt to sever the connection, I briefly turned off and then restarted my computer but GuruAid was still there, I realized that if a person is getting help from someone using remote access, then during the course of the computer repair, it might well be necessary to restart the damaged computer, so a brief interruption shouldn't end the session, only a longer-lasting one-- and 24 hours is certainly long-lasting enough to indicate that a repair session is not still going on!!) Anyway, after reading that notice from Windows, my breathing returned to normal and my mood brightened considerably! At least I could be sure GuruAid no longer had remote access to my computer-- at least in the normal way (some illicit means, like using a 'backdoor', couldn't be ruled out, but I'm certainly not computer-savvy enough to determine the presence of something like a 'back door'.)
Also on Friday, I backed up all my un-backed-up files (I didn't have too many of those, since I'm pretty good at frequently making safe copies of my files, which I store on not one but TWO external hard drives!-- whether using two external drives is being sensibly cautious or displaying a touch of obsessive-compulsiveness, I'm not entirely sure!!).
Then, on Saturday, I returned to the affected computer, and after updating Windows Defender to make sure it had the latest definitions for viruses and malware, I ran a Full Scan of my computer. Although some people disparage Windows Defender when comparing it to Web Security protectors like Norton or McAfee, which people pay extra for, one thing I'll note in praise of Windows Defender-- their Full Scans are exhaustive! Their scan on Saturday was something right out of Eugene O'Neill: a long day's journey into night!!! It took six hours and they detected only one piece of malware, a Browser Modifier: Win32/Obrypser worthy of High Alert in the eyes of Windows Defender and something that ought to be removed from my computer. Of course, I ordered it removed, but I was pretty sure it had not been placed there during my encounter with GuruAid-- that sort of detection is pretty routine when I run a full scan with Windows Defender.
Then, as soon as the Windows Defender full scan had finished, I followed to the letter the suggestion from someone--who deemed himself an expert on the detection and removal of malware, a proficiency gained over many years, he told me-- to download the scan offered on a trial basis from Zemana and to conduct a full scan, but to first go Advanced and check off certain boxes there, which would make the scan even more penetrating and more likely to ferret out any malware lurking deep within my computer. I ran that scan, and it made four detections, but three of the four I didn't consider genuine detections because they involved items I myself had deliberately downloaded (7zip decompression software and Scanguard), and the fourth detection involved too many empty lines in the Hosts File, with Hosts Hijack mentioned-- I really don't know how to evaluate that threat; in any case I instructed Zemana to repair the problem in the Hosts File. My conclusion from the Windows Defender and Zemana scans is that GuruAid probably didn't infect my computer with any malware.
Britechguy and Nikhil_CV, I'd like your opinion of my overall evaluation of my episode with GuruAid, since my experience with these matters is far more limited than yours. First, most evil things that unscrupulous people do to innocents on the internet are done anonymously. People are victimized without realizing it, and by parties whose identity is completely unknown to them. In contrast, in this case, GuruAid is a known company, with known addresses, including one in Connecticut, and therefore is identifiable and thus capable of being prosecuted by the authorities-- whether in the US, Europe, or India-- should they cross the line between unsavory behavior that nice people don't do and downright illegal acts that are criminally prosecutable. In reading a lot about GuruAid on the web, and reviewing my own interaction with their representative, my sense is that they do some sleazy things (like giving me the impression they were a tech arm of Norton, and certainly never correcting me when I expressed that perception at the beginning of our encounter), but they make their money not by the outright cheating of the customer or getting hold of their financial passwords and looting their accounts, but by doing very trivial tasks for affluent computer illiterates and then charging those wealthy but dumb folks ridiculously high fees for it. The intuitive feeling that I have is that once GuruAid failed to extract the $120 fee from me, they just moved on to another potential 'mark'. All day today I've been back on the affected computer (I am right now, typing these words!), keeping my eyes open and checking Task Manager frequently for anything unfamiliar or out of place, and I've not noticed anything unusual-- except for one thing, that I'm still trying to understand. On Thursday, during the remote access session with GuruAid, when they hit me with the absurd $120 fee and I realized that I was not dealing with Norton and I immediately turned off my computer, when I turned it back on, instead of getting the desktop with its usual colorful background, I got an absolutely black screen, with just my icons on the blackness, and the taskbar at the bottom. And every time I've turned this computer on since then, I've found the same black screen with my icons on it, and with the taskbar at the bottom. So clearly something happened during GuruAid's time on my computer that caused this, but I have several questions about it: was it a deliberate act done by GuruAid either out of pure anger or from a desire to perhaps intimidate me into cooperating with their demand for the $120 fee (by implicitly threatening not to return my computer to normal unless I paid them), or was it done accidentally, or as a byproduct of some other action taken by them, perhaps in the course of beginning to uninstall the Norton trial software)? By the way, while still connected to GuruAid on Thursday, I went to the real Norton website and was guided by them through the removal process to rid myself of their trial software. Anyway, what do you guys think happened that resulted in the black screen instead of the colorful background I had on my destktop? And if a person simply wanted to remove the colorful image from the desktop and make it a black screen, how would they do that?
Well, that's a pretty full account of things; I'm eagerly looking forward to hearing your comments!!
Edited by LobsterRed, 24 September 2017 - 06:39 PM.