Recently, a large number of online scams have started occurring with the help of a legitimate software service called and a software tool provided by that service named GoToAssist.exe. This service basically allows tech support operators to gain access to your PC and resolve different problems that you might have. However, dishonest cyber crooks seem to have been able to find a way to exploit and GoToAssist.exe for online scams. Down below, you will learn what the basic scheme of such scams is and what you need to be on the look out for in order to avoid falling prey to this type of shady agendas.

The gist of the scam

Now, we do not know how many groups of people are conducting the scam, it might be just one single group of scammers or there might be several of them. Regardless, the methods seems to be relatively similar in the majority of instances. Here, we have tried to provide you with a general analysis of how this scam works. We have separated it in four stages:

Stage 1

The scammers first need to establish some sort of contact with the targeted user. This might happen in different ways. For instance, you might have some issue with your PC and you might make a google search for the tech-support team that might be able to help you. However, some of the crooks behind the scheme seem to have managed to push their sites’ ratings up Google’s rating system meaning that many users might come across those sites while conducting searches relate to their issue. Some users who have been targeted by the scam even report that the scammers’ sites have been on the top of their Google search. Naturally, the first thing on would do is open the suggested result which would lead them directly to the cyber crook.

Another way that the scammers use in order to connect with potential victims is by utilizing browser hijacking programs and spamming victims with misleading pop-ups urging them to call a phone number and telling them that there’s some sort of issue with their PC while pretending to be representatives of some popular and legitimate company (such as Microsoft). If the user falls for the bait, the scam moves on to Stage 2.


If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

The following guide will help our readers get rid of the unpleasant software. Follow the instructions and complete each step for best results. If you have any questions, feel free to ask them using our comment section down below.

Preparation: Entering Safe Mode and Revealing Hidden Files and Folders

Before you proceed with the actual removal instructions, you will need to take two extra steps in order to ensure that the guide has maximum effect.

For best results, we advise our readers to boot into Safe Mode prior to attempting to remove the virus. If you do not know how to do that, here is a separate How to Enter Safe Mode guide.

Also, in order to be able to see any potentially undesirable files, you should reveal any hidden files and folders on your PC – here is how to do that.


Step 1: Checking the Task Manager

Open your Task Manager by using the Ctrl + Shift + Esc keys and go to the Processes tab. Look for any suspicious processes. For example, any unfamiliar process that uses high amounts of RAM and/or CPU. If you aren’t sure if a certain process comes from malware, tell us in the comments.

Right-click on any process that you consider shady and select Open File Location. Delete anything from the file location of the process. Scam


Step 2: Disabling Startup programs

Use the Winkey + R keyboard combination to open the Run search bar and type msconfig. Hit Enter and in the newly opened window, go to the Startup tab. There, look for suspicious entries with unknown manufacturer or ones that have the name on them. Right-click on those, and select disable. Scam



Step 3: Uninstalling unwanted programs

Go to Start Menu > Control Panel > Uninstall a Program. Click on Installed On to sort the entries by date from most recent to oldest and look through the programs that come at the top of the list. Right-click on any entries that appear shady and unwanted and then select Uninstall to remove them from your PC. If you see the name in the list of programs, be sure to remove the software without hesitation. Scam

Step 4: Checking for shady IP’s

Open your Start Menu and copy-paste notepad %windir%/system32/Drivers/etc/hosts in the search bar. In the notepad file, look below Localhost and see if there are any IP addresses there. If there are some, send them to us in the comments and we will tell you if you should take any action.

Step 5: Cleaning-up the browsers

You will also have to uninstall any undesirable browser extensions from your browser programs. Here’s how to do that for some of the more popular browsers:


Open Chrome and open its main menu. Go to More Tools > Extensions. Look through the list of extensions and uninstall any that you think could be suspicious. To remove them – click on the trash can icon next to each extension.

You can also use a specialized Chrome CleanUp tool if you cannot manually remove a certain extension. Here is an article where you can learn more about the CleanUp tool.


Open Firefox and go to its Menu. Select the Add-ons button.From the left panel, select Extensions and take a look at the different entries. Remove any of the that might be unwanted.


Once you open your IE browser, click on the Tools button at the top-right corner of the program and from the drop-down menu select Manage Add-ons. Check each one of the four different groups of add-ons and search for anything that seems undesirable. If you find anything, click on it and them select Remove.


Open the main menu of Microsoft Edge and go to Extensions. Find the extensions that you believe could be unwanted and right-click on them. Then, select Uninstall.

Step 6: Checking the Registry Editor

Open the Run search bar again and type regedit in it. Hit Enter and once the Registry Editor opens press Ctrl + F. In the search field type and click on Find Next. Tell us in the comments if any results came up when you searched for in your PC’s Registry. Scam


Step 7: Deleting recent entries

For this step, you will have to open your Start Menu and copy-paste the following lines, one by one:

  • %AppData%
  • %LocalAppData%
  • %ProgramData%
  • %WinDir%
  • %Temp%

Hit Enter after each one to open a file directory. In the directories, delete the most recent entries that you find there. In the Temp folder, delete all files. Scam

Step 8: System Restore

In order to be fully sure that the unwanted software has been removed from your machine, you can also try using a Restore Point to roll back your system its last stable configuration. However, in order to do that, you would have to previously had had a restore point created. On most systems, such points get created automatically but this isn’t always the case.

  1. Open your Start Menu and type System Restore.
  2. Click on the first result – a setup wizard should open.
  3. Read the brief description of the process and select Next.
  4. Now, choose a restore from the presented list. You can also check the Show more restore points option in order to reveal any other restore points that might be saved on your PC.
  5. Click on Scan for affected programs to see what programs will get deleted or restored after you use the Restore Point. (optional) Scam
  6. Click on next and take and then select Finish.
  7. A warning window will appear telling you that once the process starts, it shouldn’t be interrupted. Select Yes and be patient as this might take some time. Do not do anything on your PC throughout the duration of the process.

Let us know in the comment sections if you need assistance in any of the steps or would like to share valuable information about  

Stage 2

Here’s where the service and the GoToAssist.exe program come into play. The targeted user is asked to visit this service’s site. Once there, the user is supposed to enter their name and a code that is provided to them by the scammer (note that in most cases, the online crook would be on the phone with their victim, “guiding” them through the process that is to follow while, as we said above, pretending to be a legitimate tech-support operator). Once the name and code have been entered, the user is prompted to download GoToAssist.exe – a software tool that while running provides remote access to the PC for the tech operator (in this case, the scammer). After the tool is downloaded and run on the PC, the customer would be prompted to allow the beginning of a session with the operator where the latter would gain access to the computer. If the victim agrees, Stage 3 is initiated.

Stage 3

Once the crook has gained remote access through the service, they would typically download and install some other software on the targeted PC. According to user reports, the said software downloaded by the scammers has detected certain issues within the PC. This leads us to believe that whatever the crooks download is some sort of fake anti-malware program that is supposed to intimidate the scam’s victims by reporting detected malware or some other type of software-related issues.

Stage 4

Once the (fake) warning about the malware/other problems inside the PC have been shown to the user, the scammer informs them that the only way to resolve the (non-existent) problem is to buy some license from them for some other program (or for the full version of the same program). This last stage is actually a very common practice that many cyber fraudsters use in order to trick users into buying some piece of questionable software that is probably not needed on the PC so that a certain issue with the computer can be resolved – an issue that has never really been there to begin with.

Our advice

More experienced and tech-savvy users should usually have no problem recognizing the scam and shutting it down in its early stages. However, everybody can make a mistake from time to time, especially if you aren’t very well-oriented in the online world. In order to stay safe and make sure that you don’t fall for such scams, it is essential that you use your common sense and only trust people that can verify that they are who they claim to be. For instance, if someone calls you and claims that your PC is in danger and you need to do something about it, it doesn’t matter if this person claims that they work for Microsoft – they cannot verify that and, besides, no reputable software company would ever do that. Just stay smart and do not trust random people online just because they have told you that your machine needs fixing. Also, if you have recently been subjected to such a scam, we advise you to uninstall the GoToAssist.exe program in order to ensure that no one has unauthorized access to your PC. So far, we haven’t received any reports about stolen personal data or computers infected by malware as a result of this fraudulent scheme but it’s still better to be on the safe side and make sure that the crooks no longer have any kind of access to your computer. 


Type PUP
Danger Level Low (Usually nothing too serious, however it all depends on what had been installed on your device.)
Symptoms You might have software on your PC that you definitely do not need and you’d better remove.
Distribution Method Misleading pop-up messages, adverts etc.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.


If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!



About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


  • There are warnings before the fastsupport scam hits. I had Chrome open, when I clicked a link it would open – with an unrelated window opening first that was an ad. I was trying to figure out why this was happening, either before or after I downloaded free files from Cyberlink – a legitimate company/site. I believe they somehow cause this to happen first, to make you think you have a problem. Then all windows locked, a red box, with white text said there’s a Chrome security problem & to call “Microsoft.” I called just to learn what they’re doing – a woman with a heavy accent said she was from Microsoft, asked me to open the “Run” function and enter “iexplore” then a number & I hung up. NEVER allow access to your system from someone contacting you – only if you request it for tech.

  • If you have the time, keep them on the line for as long as you can. Every minute they are talking to you, they are not stealing from somebody’s grandma.

    First I explained all the Apple products I had, an iMac, Macbook Pro, iPad, and Apple watch. I’m very happy with them….Oh yes, I almost forgot, an Apple TV too!

    Next, get them used to repeating themselves; it may because you can’t hear well. or there is a lot of noise in your area, or it’s just a bad connection.

    No matter how slowly they read you the code, invert some of the numbers. Add the letter O when if they say Oh. I even included an ampersand every time he said ‘and’. However, the tone is always that you are sorry and really appreciate his help. Explain you’re just going to take it to the Apple store. They are always so helpful and you’re sorry this is so difficult.

    Tell them you haven’t noticed any issues, but you really appreciate their help and you’re sorry this is so confusing.

    Before you drive them nuts, ask to speak to a manager. Rinse and repeat.

    Kept these liars on the phone for a full 18 minutes today.

  • Seems I’ve been hit with these scammers, after checking for shady IP’s I found this under LocalHost

    # localhost name resolution is handled within DNS itself.
    # localhost
    # ::1 localhost

    What kind of action do I need to take?

    • The IPs you’ve found in the Localhost file are not problematic – they are supposed to be in the file ad you do not need to take any action towards them. Skip this step and proceed with the rest of the guide.

Leave a Comment