Jump to content

Scan for ScreenConnect client.

P3t3rM

By P3t3rM
in Malwarebytes for Windows

 Share

Recommended Posts

P3t3rM

P3t3rM

Posted
Posted

In Australia, scammers are tricking people into installing Connectwise Screen Connect client that does not have an uninstaller.  It would be great if Malwarebytes was able to scan for this and be able to remove it.  Currently this and AnyDesk are the two major tools that scammers use to steal banking information.  Australian's lost ~$500 million to scammers last year.  Currently I have to manually locate the screenconnect client service stop it, and delete the entry from the registry and manually remove the app files.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

@P3t3rM Those programs are also used by legitimate companies as well and they pay good money for the service..

Users need to learn how to not be social engineered into these scams.

1 hour ago, P3t3rM said:

Australian's lost ~$500 million to scammers last year.

Happens everywhere.

You can't just block remote support tools just because people fall for them after seeing a fake scam alert on the computer or fall for a phone scam.

Malwarebytes Browser Guard helps users from seeing those scams.

 

 

Link to post
Share on other sites
P3t3rM

P3t3rM

Posted
  • Author
Posted
3 hours ago, Porthos said:

@P3t3rM Those programs are also used by legitimate companies as well and they pay good money for the service..

Users need to learn how to not be social engineered into these scams.

Happens everywhere.

You can't just block remote support tools just because people fall for them after seeing a fake scam alert on the computer or fall for a phone scam.

Malwarebytes Browser Guard helps users from seeing those scams.

 

 

I'm not asking it to block remote support tools, I'm asking it to detect and warn users that screenconnect client is installed, when there is no clear indication to an average end user that it is on their computer.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
35 minutes ago, P3t3rM said:

I'm asking it to detect and warn users that screenconnect client is installed

So I am guessing you are not an MSP or a computer service provider who services their clients remotely?

If you were, would you want your support tool to show warnings about your tool?

I will say, as one who does 100% of my computer service remotely, I would not want Malwarebytes or any other software to do that.

Link to post
Share on other sites
P3t3rM

P3t3rM

Posted
  • Author
Posted
4 minutes ago, Porthos said:

So I am guessing you are not an MSP or a computer service provider who services their clients remotely?

If you were, would you want your support tool to show warnings about your tool?

I will say, as one who does 100% of my computer service remotely, I would not want Malwarebytes or any other software to do that.

No I am not a MSP, I am a contractor that gets called out to removed screenconnect from victims of scammers who are targeting old aged pensioners who have lost thousands of dollars to POS who use this tool to rip people off, and the only way to remove it is manually as there is no uninstaller.  If I could use Malwarebytes to scan for it and if detected give the option to remove it, I could then advise my clients to purchase a license for Malwarebytes to stop it in future.  If your tool is installed for legitimate purposes, what would the problem be with Malwarebytes warning that it is installed, and giving the end user the option to ignore it on future scans?

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
1 minute ago, P3t3rM said:

If your tool is installed for legitimate purposes, what would the problem be with Malwarebytes warning that it is installed, and giving the end user the option to ignore it on future scans?

It would be lumping legitimate providers in with the scammers.

Next scammers would be abusing Microsoft's own Quick Assist which is included with Windows. Think any software company is going to warn about that?

10 minutes ago, P3t3rM said:

I am a contractor that gets called out to removed screenconnect from victims of scammers who are targeting old aged pensioners who have lost thousands of dollars to POS who use this tool to rip people off, and the only way to remove it is manually as there is no uninstaller. 

If a user has been compromised by a scammer with remote access, You should be backing up user data,  wiping and clean installing Windows, and assisting the user in changing every password for every online account on the computer as the scammers have those now as well.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.