Thanks for all your work to help brother!!! My dad almost got scammed the other day even after all my warnings to not reply to emails or phone calls without talking to me. Luckily the wire transfer wouldn't go through. Must have been a gift from God! I got the any desk off the computer but now I'm going to go check for this software thanks to you. I have not let him put it back on line yet until I could do more research or wipe it. All you guys fighting this are amazing! You are saving so many lives!
Wow 😭😭Thank you so much for your help 🥺🥺the scammers have been on me for a while , I restarted my laptop severally and they still got hold of me!! I never knew that I’d be the one looking for videos concerning scammers!! This was more than helpful! Thank you for saving lives like you have done to me
I work in IT and my company uses this software, we're able to remove it from the control panel with the admin credentials. Unless the package is being modified before installing, a user with admin privileges should be able to remove it. But I have to admit the danger that this can be for unaware people. Great job!
I am not a Scambaiter, just someone who is intrigued by this whole subject of fighting scammers, and saving victims. I only have basic awareness of PC operation but still was able to understand your explanation. Thank you. What is really scary though, is that criminals/scammers may also come across this simple "tutorial" too. Ideally this should only be shared amongst the Scambait community. No idea how this is possible.
This is insane and truly disgusting. Thank you for sharing this. And I just want to say that this is now the second time that I have seen a scambait video where scammers had managed to gain access to a PC in a doctor's office which tells me that it must happen more often than we would ever want to believe. That is scary.
Great advice Davy. I followed instructions, and thankfully, nothing like that was on my computer. I wasn't baited or anything like that, just checking. I hear Modder talk about you all the time. Excellent work young man.
It is removable, but not easy. From what Apple has told me, you must reboot from the cloud, NOT your hard drive. You then must completely wipe your hard drive. When that is complete, you reload your operating system from the cloud. Basically, you lose everything to get control of your computer back. The whole process takes about four to six hours, depending on your network speed.
Thank you very much for this video, a scammer got access into my computer and and almost got me and then started to control my computer after days of login off. I followed your steps and I actually find the screen connect. Thanks ❤
Cheers guys. Great work 👍. Thank you so much. Be interesting to know Jim Browning's take on this software too. scammers having to up the ante tells me they're making less money! yaaaay😁
Thanks for a great TH-cam video on how to remove a scammers file. I was scammed a few days ago and spent many days and hours until I came across your video and was able to go to and DISABLED the t file. I feel a great relief and want to thank you for posting this video. If you find a way to delete the screen connect file entirely please do let us know. To be safe while on-line banking and browsing, I have now subscribed to a VPN service as well. Many Many thanks!
One scammer dislikes your video. 🤣 I disabled the ScreenConnect Client service on one of my customer's computers today. The scammers were actually trying to connect to the computer while I was working on it. I'm reloading Windows 11 on the pc to make sure everything related to the remote support software is gone. Thanks for the video.
After you disable and stop the service, goto the file location of "path to executable" and delete all the files. Then remove them from the recycle bin. Then open CMD as administrator and run the following command sc delete "ScreenConnect with some GUID", get the exact name from the "Service Name" of the service.
A friend's computer was infected by clicking on a polar bear image on a website. The alarm was ringing after it, and she called the phone number written on the false scam alarm message. The lady on the phone, from France (We are in Montréal), stay connect for two hours, and at the end asked credit card asking for 300 $ and after another other 400 $. My friend turned off the call. I worked on her computer. In the download folder, there is an AnyDesk installer. So I deleted it, I passed CCleaner, after I cleaned all browner temps and cookies manually. I passed the Norton 360 and Malwarebytes. And I realized that ConncetWise icone was presented in the triangle on the right of the dock. I search in the program list, directly with Win 10, with CCleaner, but nothing. I try with service, but no service either, I try with MSConfig, nothing too. I try with REGEDIT, I deleted some lines without knowing. Maybe this verion of Connect Wise app was a little bit modified. Question can I address the backdoor problem with firewall ?
After a scam call, I installed Anydesk and gave access to my phone for a while. Do you have any recommendations of what to do to ensure that they didn't install anything else on it? What precautions should I take?
I found it on my computer and disabled it. I have multiple computers and was able to isolate the infected compute from the internet while searching and found your video. I have allot of screenshots of what I found. on my computer, in Properties under Dependencies, there are not any. My question is, will it be save to remove it, if I can?
The way they have the file named, Power shell or cmd prompt will not delete or remove the file. Just have to leave it disabled or a complete wipe and reinstall.
i have a question, my ''friend'' asked me to uninstall teamviewer and i didnt know what it was at the time, he said to give me this id and i did, he brought it up on me when we were playing a game and i got really paranoid. I uninstalled Teamviewer from my system and i have never installed anydesk or any other remote software, can he still get into my pc and am i safe from other remote softwares please respond
Wrong, wrong, wrong. As a connectwise user with many hundreds of installations around the country, users certainly can remove it. What's hard to remove is when it's a silent installation you don't know about that's been made to be incognito.
A scammer did this to my Mom but wasn't able to get her CC info. I deleted the connectwise file and lock my pc. I saw that the hackers were still on the computer because they were moving the mouse everytime I tried to get into the task manager. I disabled the screen connect and I stopped it from running. I did find the files and manifests (cdf-ms files) - should I delete them and the folder as well?
I have seen android and ios devices pop up on their queue of clients but there is no native builder for these so there must be an extra client they use to get the mobile devices.
@@kirkmara5 yes a service on a computer is basically a registry entry here: HKLM\SYSTEM\CurrentControlSet\Services if the service does not exist here - it doesn't exist. Actually you can set the start to 4 (disabled) or create your policy to block that service.
Wow, I almost got scammed today thinking it was amazon customer service. They made me download anydesk on my phone and started looking at the last 4 digits of my card in my amazon app, the moment he asked me to go to my bank account where I have most funds I was like you're a fucking scammer lol then uninstalled the app. So in other words if I never installed with that second set of codes I'm good to go right? They can only install when I give them the second code you were showing? I already uninstalled the app and put lock on bank accounts and already issued new cards marked as stolen.
@@ShadowHuntersScambait No because I booted the VM with a snapshot today. But many scammers have connected to me with Connectwise. I will watch next time.
Thanks for all your work to help brother!!! My dad almost got scammed the other day even after all my warnings to not reply to emails or phone calls without talking to me. Luckily the wire transfer wouldn't go through. Must have been a gift from God! I got the any desk off the computer but now I'm going to go check for this software thanks to you. I have not let him put it back on line yet until I could do more research or wipe it. All you guys fighting this are amazing! You are saving so many lives!
mate shut it
Wow 😭😭Thank you so much for your help 🥺🥺the scammers have been on me for a while , I restarted my laptop severally and they still got hold of me!! I never knew that I’d be the one looking for videos concerning scammers!! This was more than helpful! Thank you for saving lives like you have done to me
Very useful. Thanks so much. I get called weekly by elderly clients who think they may have been scammed.
I work in IT and my company uses this software, we're able to remove it from the control panel with the admin credentials. Unless the package is being modified before installing, a user with admin privileges should be able to remove it. But I have to admit the danger that this can be for unaware people. Great job!
I am not a Scambaiter, just someone who is intrigued by this whole subject of fighting scammers, and saving victims.
I only have basic awareness of PC operation but still was able to understand your explanation. Thank you.
What is really scary though, is that criminals/scammers may also come across this simple "tutorial" too.
Ideally this should only be shared amongst the Scambait community. No idea how this is possible.
This is insane and truly disgusting. Thank you for sharing this.
And I just want to say that this is now the second time that I have seen a scambait video where scammers had managed to gain access to a PC in a doctor's office which tells me that it must happen more often than we would ever want to believe. That is scary.
Great advice Davy. I followed instructions, and thankfully, nothing like that was on my computer. I wasn't baited or anything like that, just checking. I hear Modder talk about you all the time. Excellent work young man.
It is removable, but not easy. From what Apple has told me, you must reboot from the cloud, NOT your hard drive. You then must completely wipe your hard drive. When that is complete, you reload your operating system from the cloud. Basically, you lose everything to get control of your computer back. The whole process takes about four to six hours, depending on your network speed.
Thank you very much for this video, a scammer got access into my computer and and almost got me and then started to control my computer after days of login off. I followed your steps and I actually find the screen connect. Thanks ❤
By the way this is an awesome service you are doing. Much love and respect from Down Under
Thank you! Great info. I was a victim and found this very helpful.
Orcus on taskbar = approved
Cheers guys. Great work 👍. Thank you so much. Be interesting to know Jim Browning's take on this software too. scammers having to up the ante tells me they're making less money! yaaaay😁
Thanks for a great TH-cam video on how to remove a scammers file. I was scammed a few days ago and spent many days and hours until I came across your video and was able to go to and DISABLED the t file. I feel a great relief and want to thank you for posting this video. If you find a way to delete the screen connect file entirely please do let us know. To be safe while on-line banking and browsing, I have now subscribed to a VPN service as well. Many Many thanks!
One scammer dislikes your video. 🤣
I disabled the ScreenConnect Client service on one of my customer's computers today. The scammers were actually trying to connect to the computer while I was working on it. I'm reloading Windows 11 on the pc to make sure everything related to the remote support software is gone. Thanks for the video.
Thank you for educating people about this new connection type.
I was scammed this and saw screen connect. I did disable. However, im just going to go ahead and reset pc for piece of mind. Thanks for valuable info.
After you disable and stop the service, goto the file location of "path to executable" and delete all the files. Then remove them from the recycle bin. Then open CMD as administrator and run the following command sc delete "ScreenConnect with some GUID", get the exact name from the "Service Name" of the service.
Thanks for doing this! Awesome vid
A friend's computer was infected by clicking on a polar bear image on a website. The alarm was ringing after it, and she called the phone number written on the false scam alarm message. The lady on the phone, from France (We are in Montréal), stay connect for two hours, and at the end asked credit card asking for 300 $ and after another other 400 $. My friend turned off the call. I worked on her computer. In the download folder, there is an AnyDesk installer. So I deleted it, I passed CCleaner, after I cleaned all browner temps and cookies manually. I passed the Norton 360 and Malwarebytes. And I realized that ConncetWise icone was presented in the triangle on the right of the dock. I search in the program list, directly with Win 10, with CCleaner, but nothing. I try with service, but no service either, I try with MSConfig, nothing too. I try with REGEDIT, I deleted some lines without knowing. Maybe this verion of Connect Wise app was a little bit modified. Question can I address the backdoor problem with firewall ?
After a scam call, I installed Anydesk and gave access to my phone for a while. Do you have any recommendations of what to do to ensure that they didn't install anything else on it? What precautions should I take?
I found it on my computer and disabled it. I have multiple computers and was able to isolate the infected compute from the internet while searching and found your video. I have allot of screenshots of what I found. on my computer, in Properties under Dependencies, there are not any. My question is, will it be save to remove it, if I can?
The way they have the file named, Power shell or cmd prompt will not delete or remove the file. Just have to leave it disabled or a complete wipe and reinstall.
i have a question, my ''friend'' asked me to uninstall teamviewer and i didnt know what it was at the time, he said to give me this id and i did, he brought it up on me when we were playing a game and i got really paranoid. I uninstalled Teamviewer from my system and i have never installed anydesk or any other remote software, can he still get into my pc and am i safe from other remote softwares please respond
Great info guys
Thank you Davy❤️
What about ultraviewer? I was instructed to download this one, do I have to conduct these steps?
Appreciate the work that you done to bring this to our attention
basic question on this - if restored from snapshot, is this removed as normal?
@@ShadowHuntersScambait All the more reason to make sure to have a snapshottable VM - thanks
If I factory reset my laptop would that resolve that issue or no?
Yes, complete Windows 10 reset/reinstall solves the issue.
What aboit windows 11?@DaniMar341
What if we do not have windows administrative tool?
Wrong, wrong, wrong. As a connectwise user with many hundreds of installations around the country, users certainly can remove it. What's hard to remove is when it's a silent installation you don't know about that's been made to be incognito.
Thank you for sharing.
A scammer did this to my Mom but wasn't able to get her CC info. I deleted the connectwise file and lock my pc. I saw that the hackers were still on the computer because they were moving the mouse everytime I tried to get into the task manager. I disabled the screen connect and I stopped it from running. I did find the files and manifests (cdf-ms files) - should I delete them and the folder as well?
Anyone found a way to totally remove screensonnect from services as yet?
What if I do not have screen connect?
Mannn Thanks. I needed this
That is so dirty.
Oh my gosh.... can they do anything like that on Android phones?
I have seen android and ios devices pop up on their queue of clients but there is no native builder for these so there must be an extra client they use to get the mobile devices.
@@ShadowHuntersScambait well it has a builder for debian and redhat... and even a generic bash script version one ( hmm... ).
Thank you very much!
Alternative method via command promt (Windows)
sc stop "ScreenConnect"
sc config "ScreenConnect" start=disable
sc qc "ScreenConnect"
Just delete the service in registry thus it does not exist. I guess "the installer" must create the registry values to create a service.
In registry?
@@kirkmara5 yes a service on a computer is basically a registry entry here: HKLM\SYSTEM\CurrentControlSet\Services if the service does not exist here - it doesn't exist.
Actually you can set the start to 4 (disabled) or create your policy to block that service.
I am in registry and I do not see the command you typed there, does that mean I am good?
Holly sht, thank yus for the advice 👊🍻
Wow, I almost got scammed today thinking it was amazon customer service. They made me download anydesk on my phone and started looking at the last 4 digits of my card in my amazon app, the moment he asked me to go to my bank account where I have most funds I was like you're a fucking scammer lol then uninstalled the app. So in other words if I never installed with that second set of codes I'm good to go right? They can only install when I give them the second code you were showing? I already uninstalled the app and put lock on bank accounts and already issued new cards marked as stolen.
Can this be done to a mobile phone as well. If so how do I remove the back door from my android phone.
Thank you! Thank you!
@@ShadowHuntersScambait No because I booted the VM with a snapshot today. But many scammers have connected to me with Connectwise. I will watch next time.
I have it on my phone and cannot get rid of it please help me
if running a VM and restarting from a fresh snapshot should this not be gone?
Yes
VERY HELPFUL!!!!!!!!
What about iphone?
can a factory reset solve this?😲
Wirtiual Machine
❤
did the channel just die lol?
No we had some issues with the scambait community that we had to work out. It s still alive but we have a transfer of ownership as well going on.