This page aims to help you remove Scam. Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

The online world is full of scammers that seek to make quick profit on the backs of users who aren’t careful or experienced enough to recognize the scam’s scheme. In the following lines, we will give you information regarding one particular Internet scam model that uses a legitimate and legal site called Scam

The scammers ask you to provide access to the computer using so that they can fix your computer.

Down below, we will give you an overall idea about how the scam works in most cases so that you know how to avoid it in future. Generally, there three distinct phases/stages that this scam model needs to go through in order to be successful. The earlier you notice that there’s something fishy, the lesser the chance of you becoming yet another victim to this fraudulent scheme.

Phase 1 – contacting the user

The scammers first need to establish some form of contact with their potential victim. This can happen in a number of ways. For instance, some users have reported being deceived by a pop-up message to make a call to a person who had claimed to be a representative of Microsoft or of some other major company. The supposed tech operator would typically tell the user that there’s some issue with their PC (security vulnerabilities, malware infection, outdated software, etc.) that need to be taken care of and that the only way for this to happen is to follow the instructions that are given to the user. In other cases, the victim is forced to call a provided phone number (the number of the scammers) because their PC has gotten blocked due to expired Windows license or due to some other legitimately-looking reason. In such a case, a number is given to the user and once they call that number, they’d be in contact with the crooks that are pretending to be tech-support operators that can help with the removal of whatever is blocking their device.

Phase 2 – the website

Once in contact with the scammer, the user is told to visit the website where they are greeted with two blank text boxes – one for the user’s name and one for a code that the user receives from the hacker. Once the request is filed, the user downloads a software tool called GoToAssist.exe. The purpose of this tool is to provide the scammer with remote access to the user’s PC allowing the online crooks to proceed with the next phase of their scheme.

Note that the site is actually a legitimate one and so is the GoToAssist.exe program. However, many web-scammers have found a way to exploit this online service and extort money from users by utilizing it.

Phase 3 – Remote access

Once the user downloads GoToAssist.exe from the site and runs it, they are prompted with a request. If they agree to the request, the crooks would gain remote access to the targeted PC similarly to how the well-known Team Viewer tool works. Once the remote access has been established, there are different things that the crook might try to do depending on the specific case. For instance they might run a scan with some fake malware-detector and tell you that they have found viruses on your machine and later tell you that you need to buy a license to some antivirus program that you’ve never heard about in order to eliminate the non-existent threat. In other cases, they might simple put a new password on your machine and ask you to pay them money if you want to be able to regain access to your machine. There are other possibilities as well but you get the idea. In most cases, such scammers do not seek to steal sensitive information such as banking account credentials, yet this is still within the realm of possibility.

If you get to this phase of the scam, you might still avoid further issues if you immediately block the remote access by closing the GoToAssist.exe program and then conducting a full system scan for any unwanted software that might have gotten inside your PC. Note that in case you initially received some sort of warning or if your PC got blocked by some odd message (as described in Phase 1), it is likely that you have recently downloaded some unwanted piece of software that has set in motion the whole scam scheme that we’ve just described. Therefore, it is a good idea to thoroughly check your PC for any sketchy programs and applications and the suggested anti-malware tool on this page can help you do that so give it a try if you want to.

Future safety

Always use your common sense when browsing the online world and never make any rash decisions out of frustration or panic as this is what such cyber-scammers typically rely on. Most of the components used in the scam model we’ve just described are actually legitimate so sometimes it might not be possible to detect the scam via antivirus programs. That’s why, you must always above all rely on your vigilance and attention if you want to keep your system, your virtual identity and your money safe.


Type PUP
Danger Level Low (if you fall for the scam, you might end up wasting your money for nothing)
Symptoms It’s possible that you have some undesirable program on your computer that has kicked off the whole scamming scheme.
Distribution Method The unwanted software that could set the in motion the scam might come from questionable and/or pirated software downloads, spam e-mails, sketchy web-ads, etc.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall. Scam Removal

If you have a Windows problem, continue with the guide below.

If you have a Mac issue, please use our How to remove Ads on Mac guide. Scam

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it). Scam


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. Scam

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner: Scam
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result ScamClamAV ScamAVG AV ScamMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. Scam

Hold together the Start Key and R. Type appwiz.cpl –> OK. Scam

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up: Scam

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious. Scam

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below: Scam

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK. Scam Scam

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge). Scam

Properties —–> Shortcut. In Target, remove everything after .exe. Scam Scam  Remove from Internet Explorer:

Open IE, click Scam —–> Manage Add-ons. Scam

Find the threat —> Disable. Go to Scam —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply. Scam Remove from Firefox:

Open Firefoxclick Scam  ——-> Add-ons —-> Extensions. Scam

Find the adware/malware —> Remove. ScamRemove from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside: Scam

Rename it to Backup Default. Restart Chrome. Scam

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment