SUPREMO.EXE
- Thread starter Marturo
- Start date
- Replies 47
- Views 1,111
You have no idea how you got it, what else they may have used it to install, or what information of yours they are currently uploading or destroying.
Reformat the entire drive, overwrite, reinstall a new OS(preferably not Windows). Don't connect the PC to the internet until you've done that.
Reformat the entire drive, overwrite, reinstall a new OS(preferably not Windows). Don't connect the PC to the internet until you've done that.
Last edited:
Can you right click on the icon when you've got it displayed, then use the path shown to go delete the .exe?
That's what the manufacturer recommends. It's a remote access client. Have you had a remote service call recently? If you run it, and get the display shown in that video, click the gear icon and de-select "run on boot:
That's what the manufacturer recommends. It's a remote access client. Have you had a remote service call recently? If you run it, and get the display shown in that video, click the gear icon and de-select "run on boot:
Last edited:
You need to change all of your passwords for your bank and anything else and do it from a different computer that doesn't have this software on it. Check all of your accounts. Find an IT that you know and have them trie to remove it or dump your data and reset your computer to scratch.
OP
I think you got it, I hope. I remembered I deleted the Shortcuts on the desktop, so I went to the trash & found it then deleted it again. I hope this works.
Frustrating because you can't get your sights on the F-ing Hackers. Bang!!
Yep.
Change everything. If they have one way to get in, remote desktop, there's no telling if they have other backdoors.
When I do an op, we have backups to our backups to get back in. Consider your computer tainted until you wipe it.
Change all passwords on a different computer. Bank, credit card, email, etc. Use a password manager like Bitwarden.
Use a USB to backup your data, and wipe that computer. Be careful what you copy over, don't just copy all of the users folder, because one common method of persistence is in the app data folder in there.
Change everything. If they have one way to get in, remote desktop, there's no telling if they have other backdoors.
When I do an op, we have backups to our backups to get back in. Consider your computer tainted until you wipe it.
Change all passwords on a different computer. Bank, credit card, email, etc. Use a password manager like Bitwarden.
Use a USB to backup your data, and wipe that computer. Be careful what you copy over, don't just copy all of the users folder, because one common method of persistence is in the app data folder in there.
OP
I can see by the Supremo icon in the Show hidden icons that Supremo is still onboard.
Well @pinkbunny it seems I will be taking advice from a pink Rabbit LOL. It seems that all the Boob Tube advice has gotten me nowhere so far. Thanks
You’re not going to be able to delete it. If it’s malware, and it sounds like it, it’s going to be entrenched in your computer’s bowels. A good removal tool might get rid of it, but there is no way to know for sure and that often times damages things.
Before you copy stuff, disconnect it from the internet, too. Just in case that triggers something that alerts a bad actor who then reacts.
OP
The only queer thing that happened a week ago, was I got an EMail alert from who I thought was PayPal but was not.
They asked if I purchased a $971.00 Iphone from EBay if not call 1-8000-XXX. After the Manager pleaded with me to
let him put back the Money back before I placed the order that EBay said I didn't order? SCAM Alert. However could my Phone SMART allow a hacker
to DL SUPREMO.exe to my PC.? This is getting Twilight Zonie time. And the Guy on Boob Tube says it's not a DL so just delete it.
listen to @pinkbunny, he is an expert in this stuff. I suspect that if he had your computer in front of him he could give you name, address, D.O.B., known aliases, a list of associates, and bathroom schedule for whoever is on the the other end of it.
What is “show hidden icons”?
Does windows defender identify supremo as malware?
Have you run an offline malware scan with windows defender (it scans early in the boot process, before the win ios is loaded)?
What version of windows?
Best I can tell, there is a real application called supremo used for providing remote access for technical support. If legitimate it wouldn’t be so hard to uninstall, so probably malware using the same name.
Full nuke will likely fix the problem, but I’d try killing it before taking that step.
And yes, change all passwords. Risk is lower if you have 2 factor authentication setup with your banks.
Does windows defender identify supremo as malware?
Have you run an offline malware scan with windows defender (it scans early in the boot process, before the win ios is loaded)?
What version of windows?
Best I can tell, there is a real application called supremo used for providing remote access for technical support. If legitimate it wouldn’t be so hard to uninstall, so probably malware using the same name.
Full nuke will likely fix the problem, but I’d try killing it before taking that step.
And yes, change all passwords. Risk is lower if you have 2 factor authentication setup with your banks.
Let's start from the beginning. How did you notice supremo in the first place?
Did you just notice it on your desktop? Is it possible it was bundled software with another install?
Or did you see someone moving your mouse, or something?
Did you just notice it on your desktop? Is it possible it was bundled software with another install?
Or did you see someone moving your mouse, or something?
Methods of persistence(ways back in to your computer):
*Run key in registry - Its there to start up programs that start up with your computer, like Adobe Updater, or OneDrive. You can put a key there and point it to a malicious executable hidden on your hard drive.
*Startup folder - Similar thing. It's in your user directory.
*Scheduled Task - You can schedule things to run on your computer at certain times, like at startup, or every day at 8 am, stuff like that.
*DLL Hijacking - There are missing DLL's that get loaded, these are small bits of code that are run by programs, so the programs aren't bloated by running all the same code over and over. If a dll is no longer needed, but still being called, you throw a bit of malicious code, put it in that location with that name, bam, you got persistence.
*Dll Proxying. Similar, but in this case you take a legitimate dll, rename it. Make some malicious code with the legitimate dlls name, do your bad stuff, then call the renamed dll, you get to do your bad stuff, and no one is any the wiser.
*Services - make a malicious service, or take over a legitimate one, that starts up when the computer starts up. There are likely over a hundred running in the background on your computer.
Those are just the common backdoors into computers, there are much more obscure ones. Point being, unless you are trained and skilled in hunting for these, its hard to impossible to be sure the bad guys don't have a backdoor into your computer, even if you delete Supremo. Much easier just to wipe your computer.
----
What they can do:
Use paypal to buy things in your name.
Log into your bank account to transfer money, through direct money transfers, or things like Zelle.
Log into best buy, walmart, amazon, ebay, etc to buy things.
Log into your email, approve password changes.
Create credit cards with personal info they've gathered.
Sell your facebook page to scammers to use and take over.
Use your forum logins to run scams.
----
What you should do:
1.) Disconnect infected computer from internet.
2.) Set up a password manager like Bitwarden or lastpass.
3.) Using password manager, make new, unique passwords for all logins. All of them.
4.) Get thumb drive, backup :
C:\Users\{your username}\Desktop
C:\Users\{your username}\Downloads
C:\Users\{your username}\Music
C:\Users\{your username}\Photos
C:\Users\{your username}\Documents\
C:\Users\{your username}\Videos
Do NOT just backup the C:\Users\{your username} folder, as one of the persistence mechanisms could be hidden in there.
5.) Completely wipe your infected computer
6.) Move backed up data back, use as before
7.) Be very careful what you click on.
*Run key in registry - Its there to start up programs that start up with your computer, like Adobe Updater, or OneDrive. You can put a key there and point it to a malicious executable hidden on your hard drive.
*Startup folder - Similar thing. It's in your user directory.
*Scheduled Task - You can schedule things to run on your computer at certain times, like at startup, or every day at 8 am, stuff like that.
*DLL Hijacking - There are missing DLL's that get loaded, these are small bits of code that are run by programs, so the programs aren't bloated by running all the same code over and over. If a dll is no longer needed, but still being called, you throw a bit of malicious code, put it in that location with that name, bam, you got persistence.
*Dll Proxying. Similar, but in this case you take a legitimate dll, rename it. Make some malicious code with the legitimate dlls name, do your bad stuff, then call the renamed dll, you get to do your bad stuff, and no one is any the wiser.
*Services - make a malicious service, or take over a legitimate one, that starts up when the computer starts up. There are likely over a hundred running in the background on your computer.
Those are just the common backdoors into computers, there are much more obscure ones. Point being, unless you are trained and skilled in hunting for these, its hard to impossible to be sure the bad guys don't have a backdoor into your computer, even if you delete Supremo. Much easier just to wipe your computer.
----
What they can do:
Use paypal to buy things in your name.
Log into your bank account to transfer money, through direct money transfers, or things like Zelle.
Log into best buy, walmart, amazon, ebay, etc to buy things.
Log into your email, approve password changes.
Create credit cards with personal info they've gathered.
Sell your facebook page to scammers to use and take over.
Use your forum logins to run scams.
----
What you should do:
1.) Disconnect infected computer from internet.
2.) Set up a password manager like Bitwarden or lastpass.
3.) Using password manager, make new, unique passwords for all logins. All of them.
4.) Get thumb drive, backup :
C:\Users\{your username}\Desktop
C:\Users\{your username}\Downloads
C:\Users\{your username}\Music
C:\Users\{your username}\Photos
C:\Users\{your username}\Documents\
C:\Users\{your username}\Videos
Do NOT just backup the C:\Users\{your username} folder, as one of the persistence mechanisms could be hidden in there.
5.) Completely wipe your infected computer
6.) Move backed up data back, use as before
7.) Be very careful what you click on.
Last edited:
OP
Ok. It was a blue green screen saying do not shut your PC off Updating.
I hit CTRL< ALT< DELETE & BG screen disappeared & a pop up saying SUPREMO control panel & the mouse cursor moving clicking on settings & Passwords.
The mystery cursor took control over & canceled my choices to end task on more than one occasion .
I can't remember any DLs I did for a while that may have had something, just the Hacker who was impersonating PayPal on the phone.
Desktop had 2 new shortcuts called Supremo & Supremo 1
amnesia
.
Staff member
2A Bourbon Hound 2024
2A Bourbon Hound OG
Charter Life Member
Benefactor
Life Member
Supporting Member
Multi-Factor Enabled
They are in your computer. Turn off wifi and unplug ethernet if you value your identity
OP
I just tried to print your instructions but the Ink ran out. 🥸 Twilight Zone.
Hey I was using a Fountain pen you filled with ink in the 3rd grade & this was not in any of my Schools ever. ARGGGGGH!
I would feel so much better if I could just take her the PC & hacker out to the range & completely clean them with my Red Hawk & super Blackhawk using 250 grain BLACK TALONS. 🤬
Thanks for your Help @pinkbunny I will follow your advice. I hope everyone is paying attention, I was somehow blindsided this time.
OP
Heads Up I got this From MS. Remember the Phone call I had with Hackers claiming to be PayPal?
Back to the fight!
Supremo.exe Not Easy To Remove
The file can be located just about anywhere. Once removed - it has come back. I am suspicious that the phone from a ghost number activates the file. Spectrum says this is impossible. But the hackers have remote access after the call, and not before. The best way to find and remove the file is with the Performance Monitor. And a popular security program named Security Task Manager ever better. Another self defense tool is simply disconnect your computer from online when you don't need to be online. Once hackers gain remote access they can reinstall Supremo.exe without your knowledge or consent. Don't ask me how. I have been fighting the Supremo.exe hack for weeks. It was first installed by the Amazon Phone Prime Scam when I allowed the installation from a dangerous website. Malwarebytes is also a good defensive weapon. The more I learn about this scam the more I worry. It's far more complex than anyone understands at this time. There is not much information online. It is also important to run Norton's Power Eraser and a Norton full scan. This detects bad files in the root director that may also be part of the hack. You need to fight this hack with everything you got for a long time. The hackers don't give up easy. I have a mountain of evidence ready to turn over to Microsoft, Spectrum, and law enforcement. No one seems interested yet because the hack is not widespread in the USA. It is sweeping Europe.Back to the fight!
If someone is using a tool like Supremo, they are low level script kiddies, not anyone too advanced. Microsoft did just allow you to connect your phone, but the chances of those being connected is almost vanishingly small. I wouldn't do any of those things he recommends. Just wipe, don't try to remove it. The reason it keeps coming back is that they have another method of persistence he hasn't found.
The most important logical fallacy to remember when dealing with something like this is "post hoc, ergo propter hoc." Just because two different things happened, doesn't mean they're related.
The most important logical fallacy to remember when dealing with something like this is "post hoc, ergo propter hoc." Just because two different things happened, doesn't mean they're related.
Last edited:
Time for some tough love, your real problem is you. You fell for a scam that gave them full access to your computer, and you don’t seem to have a clue what this means. They have installed a countless number of ways to get into your computer, and when you briefly kill the one you’re hyper-focused on, they just install it again so you have something to do while they are doing whatever else they want in the background. It’s unlikely that they did this over the phone, they did it way back when you downloaded the tool and let them in. Not sure why you keep trying to find an alternate explanation, there is none, you invited them in.
I assume that you don’t have a good backup of your data, and probably don’t know how to format your hard drive and reinstall windows, so stop dicking around and ask for more detailed help. If I was in your shoes I’d pull the drive, install a new one and go from there, you don’t know enough to kill this through software.
If you're not confident in reinstalling windows on a new drive (the drive will be cheap), take it to a shop and pay them to do it. Never plug that old drive in again.
Meanwhile, get on the phone and call your bank, Paypal, and any other important entity you accessed via this PC and change passwords ASAP and/or freeze the account.
And never give passwords out to anyone on the phone.
Last edited:
Another thought...
Securo may just be the OBVIOUS method they're using, persistent though it may be. While you waste your efforts trying to stomp that cockroach, there are potentially dozens of others in the background sneaking around without notice.
If I were a hacker, I wouldn't rely on just one tool. I'd have a layered means of attack such that the more obvious means distract the victim away from others that continue to operate uninterrupted in the background.
Securo may just be the OBVIOUS method they're using, persistent though it may be. While you waste your efforts trying to stomp that cockroach, there are potentially dozens of others in the background sneaking around without notice.
If I were a hacker, I wouldn't rely on just one tool. I'd have a layered means of attack such that the more obvious means distract the victim away from others that continue to operate uninterrupted in the background.
There's no need to remove your hard drive and throw away, no way someone using a gui RDP is using cutting edge rootkits.
@Marturo , when you remove your computer from the internet and backup the data, I can walk you through making a bootable thumb drive and wiping your computer, reinstalling Windows, if you don't want to take it to someone.
@Marturo , when you remove your computer from the internet and backup the data, I can walk you through making a bootable thumb drive and wiping your computer, reinstalling Windows, if you don't want to take it to someone.
My suggestion to replace the drive was because doing so is cheap and effective while allowing him to get his otherwise unbackedup data of the infected drive at a future time once he’s got a clean/secure machine to work from. Agree that it isn’t needed.
They are going after you because they want to know where you got that $600. And busy redefining what a pistol brace is so they can kick your door in and kill you.
That involves actual work and doesn't produce votes as easily.
After reading this thread, I did a general search of my iMac and there are a number of .exe files in there whose names I don't recognize; they are almost all Windows (I don't use Windows). I don't want to start arbitrarily deleting files that may be necessary, but should I delete these? I use Malwarebytes, no known issues - touch wood.
Mac is Unix based, completely different architecture from windows. It's closer to Linux. An exe will not technically run on a Mac. You can do it through an emulator like "wine", but you shouldn't worry.