I think you got it, I hope. I remembered I deleted the Shortcuts on the desktop, so I went to the trash & found it then deleted it again. I hope this works.Can you right click on the icon when you've got it displayed, then use the path shown to go delete the .exe?
That's what the manufacturer recommends. It's a remote access client. Have you had a remote service call recently? If you run it, and get the display shown in that video, click the gear icon and de-select "run on boot:
Damn is it that bad? They did change my password for my PayPal account.You need to change all of your passwords for your bank and anything else and do it from a different computer that doesn't have this software on it. Check all of your accounts. Find an IT that you know and have them trie to remove it or dump your data and reset your computer to scratch.
I'm sure it felt good but that didn't do anything useful.I think you got it, I hope. I remembered I deleted the Shortcuts on the desktop, so I went to the trash & found it then deleted it again. I hope this works.
Frustrating because you can't get your sights on the F-ing Hackers. Bang!!
I can see by the Supremo icon in the Show hidden icons that Supremo is still onboard.I'm sure it felt good but that didn't do anything useful.
Well @pinkbunny it seems I will be taking advice from a pink Rabbit LOL. It seems that all the Boob Tube advice has gotten me nowhere so far. ThanksYep.
Change everything. If they have one way to get in, remote desktop, there's no telling if they have other backdoors.
When I do an op, we have backups to our backups to get back in. Consider your computer tainted until you wipe it.
Change all passwords on a different computer. Bank, credit card, email, etc. Use a password manager like Bitwarden.
Use a USB to backup your data, and wipe that computer. Be careful what you copy over, don't just copy all of the users folder, because one common method of persistence is in the app data folder in there.
You’re not going to be able to delete it. If it’s malware, and it sounds like it, it’s going to be entrenched in your computer’s bowels. A good removal tool might get rid of it, but there is no way to know for sure and that often times damages things.I can see by the Supremo icon in the Show hidden icons that Supremo is still onboard.
Yes & if I click on it then it jumps before I can stop task???Is supremo.exe running in the task manager?
The only queer thing that happened a week ago, was I got an EMail alert from who I thought was PayPal but was not.Now you all have me paranoid. I had to search the Registry and the file system. Nothing...
Ok. It was a blue green screen saying do not shut your PC off Updating.Let's start from the beginning. How did you notice supremo in the first place?
Did you just notice it on your desktop? Is it possible it was bundled software with another install?
Or did you see someone moving your mouse, or something?
Methods of persistence(ways back in to your computer):
*Run key in registry - Its there to start up programs that start up with your computer, like Adobe Updater, or OneDrive. You can put a key there and point it to a malicious executable hidden on your hard drive.
*Startup folder - Similar thing. It's in your user directory.
*Scheduled Task - You can schedule things to run on your computer at certain times, like at startup, or every day at 8 am, stuff like that.
*DLL Hijacking - There are missing DLL's that get loaded, these are small bits of code that are run by programs, so the programs aren't bloated by running all the same code over and over. If a dll is no longer needed, but still being called, you throw a bit of malicious code, put it in that location with that name, bam, you got persistence.
*Dll Proxying. Similar, but in this case you take a legitimate dll, rename it. Make some malicious code with the legitimate dlls name, do your bad stuff, then call the renamed dll, you get to do your bad stuff, and no one is any the wiser.
*Services - make a malicious service, or take over a legitimate one, that starts up when the computer starts up. There are likely over a hundred running in the background on your computer.
Those are just the common backdoors into computers, there are much more obscure ones. Point being, unless you are trained and skilled in hunting for these, its hard to impossible to be sure the bad guys don't have a backdoor into your computer, even if you delete Supremo. Much easier just to wipe your computer.
----
What they can do:
Use paypal to buy things in your name.
Log into your bank account to transfer money, through direct money transfers, or things like Zelle.
Log into best buy, walmart, amazon, ebay, etc to buy things.
Log into your email, approve password changes.
Create credit cards with personal info they've gathered.
Sell your facebook page to scammers to use and take over.
Use your forum logins to run scams.
----
What you should do:
1.) Disconnect infected computer from internet.
2.) Set up a password manager like Bitwarden or lastpass.
3.) Using password manager, make new, unique passwords for all logins. All of them.
4.) Get thumb drive, backup :
C:\Users\{your username}\Desktop
C:\Users\{your username}\Downloads
C:\Users\{your username}\Music
C:\Users\{your username}\Photos
C:\Users\{your username}\Documents\
C:\Users\{your username}\Videos
Do NOT just backup the C:\Users\{your username} folder, as one of the persistence mechanisms could be hidden in there.
5.) Completely wipe your infected computer
6.) Move backed up data back, use as before
7.) Be very careful what you click on.
I allowed the installation from a dangerous website.
Time for some tough love, your real problem is you. You fell for a scam that gave them full access to your computer, and you don’t seem to have a clue what this means. They have installed a countless number of ways to get into your computer, and when you briefly kill the one you’re hyper-focused on, they just install it again so you have something to do while they are doing whatever else they want in the background. It’s unlikely that they did this over the phone, they did it way back when you downloaded the tool and let them in. Not sure why you keep trying to find an alternate explanation, there is none, you invited them in.Once hackers gain remote access they can reinstall Supremo.exe without your knowledge or consent. Don't ask me how.
Oh yeah, kill it with fire.
My suggestion to replace the drive was because doing so is cheap and effective while allowing him to get his otherwise unbackedup data of the infected drive at a future time once he’s got a clean/secure machine to work from. Agree that it isn’t needed.There's no need to remove your hard drive and throw away,
True, unless it's a newer m.2, then it can get confusing.My suggestion to replace the drive was because doing so is cheap and effective while allowing him to get his otherwise unbackedup data of the infected drive at a future time once he’s got a clean/secure machine to work from. Agree that it isn’t needed.
Yeah, and I was assuming a desktop vs laptop.True, unless it's a newer m.2, then it can get confusing.
They are going after you because they want to know where you got that $600. And busy redefining what a pistol brace is so they can kick your door in and kill you.Why don’t the Feds go after internet hackers and scammers instead of Trump and Jan 6 innocents?
Why don’t the Feds go after internet hackers and scammers instead of Trump and Jan 6 innocents?