Pop Up scammer got remote access. Help cleaning up anything left on the pc – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

I’m helping someone who got a pop that their “computer was infected,” called the number on the pop and let the bad actor onto his computer to “help remove the infection.  I saw UltraViewer was installed and I have removed that via the Apps section.  I am concerned that there still might be something on the computer.  Hoping you guys can help check it out as there are no other easy to notice issuesinfections.


OS: Windows 10 Home

AV: Windows Defender

Make: Lenovo



What I have done so far.


1) Uninstalled UltraViewer via Apps

2) Run Windows Defender offline scan.  Gets to 91% and pc reboots.  Security Settings don’t have acknowledgment of the scan




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022

Ran by Jim (administrator) on GOOGOOPC (LENOVO 10156) (06-02-2022 15:45:37)

Running from C:UsersJimDesktop

Loaded Profiles: Jim

Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


() [File not signed] C:WindowsjmesoftJME_LOAD.exe

() [File not signed] C:WindowsjmesoftService.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxext.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxTray.exe

(Intuit, Inc. -> Intuit Inc.) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe

(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.Amd64.exe <2>

(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.exe <4>

(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.x86.exe

(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0LenovoVantageService.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.Device.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerServiceLenovo.Modern.ImController.exe

(Lenovo) [File not signed] C:Windowsjmesofthotkey.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxOutlook.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxTsr.exe

(Microsoft Windows -&…….

Source: https://www.bleepingcomputer.com/forums/t/768221/pop-up-scammer-got-remote-access-help-cleaning-up-anything-left-on-the-pc/

Posted on

Leave a Reply

Your email address will not be published. Required fields are marked *