Nefarious Connectwise customer

Last week I reached out to Connectwise because we had a computer come in that has their rmm on it and is being used by a malicious person to control their computer and infect it. We removed the infections but I don’t know a way to remove the RMM because that usually is done by the controller. I’m extremely disappointed that Connectwise isn’t doing the right thing and replying to my inquiries for them to find out who this client is to shut them down and turn them over the authorities. Does anybody know of a script or easy clean up to remove the software? Or does anyone have any sway with Connectwise as a company. Years ago I highly considered them for my RMM but I’m very glad I didn’t if they aren’t responsible enough to mitigate crime. It wouldn’t take much of their time at all to shut this person down.

Did you fill this out?

They have been responsive when we found instance of Connectwise Control being used in malicious ways.

1 Like

I would boot into safemode and uninstall that way.

1 Like

Thanks @LTS_Tom for that URL. I tried submitting their contact form as a security issue but their site is broken and that’s not possible so I called them and they gave me a ticket number but I’ve heard nothing further. I now filled out the form you provided but still haven’t heard anything.

@FredFerrell the issue is that none of the screenconnect or control software shows up in the programs list. I just put the computer back on the net and a new temp folder for screenconnect immediately showed up so it must have control on it to hide and manage all this.

Maybe try this.

1 Like

Thanks for the link. On Friday I had already booted into Linux to erase the screenconnect folders that you can’t while booted. Now I erased the registry stuff and hope it’s good to go. It would’ve been great if Connectwise gathered the info to shut down the account but the client has been too long without their computer.