How to remove stealthily installed LogMeIn remote access software

What kind of software is LogMeIn?

LogMeIn Resolve (formerly GoToAssist, GoTo Resolve) is a legitimate remote access software. It enables remote access and control over devices. LogMeIn has been noted being abused by scammers and cyber criminals to carry out various fraudulent and nefarious activities. This application has been spread disguised as a variant of Sora – a generative AI text-to-video model.

Overview of LogMeIn remote access software abuse

Genuine remote access tools, such as LogMeIn, are often abused by cyber criminals. These programs allow for a level of control that is close to user-level; hence, by exploiting them – criminals can perform a wide variety of harmful activities. LogMeIn could be used stealthily, or victims may be asked to download/install it under false pretenses.

Tricking users into allowing remote access is the scenario in technical support and refund scams. The former deceives victims into believing that their computer is infected, hacked, or otherwise compromised. Tech support scammers claim to provide help with removing threats or fixing issues through remote access.

Refund scams use invoices and payment confirmations for purchases victims have not made. When they try to receive a refund, users are asked for remote access and subsequently convinced that they made a mistake – thus being transferred a significantly larger (nonexistent) sum that they must return.

Regardless of whether the connection is maintained with or without the users' knowledge, the cyber criminals can cause various severe issues. They may disable or remove genuine security software, install fake antivirus tools, extract sensitive data, and infiltrate malware (e.g., trojans, ransomware, cryptominers, etc.).

Targeted information can include log-in credentials (e.g., emails, social networking, e-commerce, online banking, cryptocurrency wallets, etc.), personally identifiable data (e.g., passport photos/scans, ID card details, etc.), and financial data (e.g., banking account details, credit/debit card numbers, etc.). Victims' funds can be obtained directly or indirectly, such as through trickery or by utilizing stolen finance-related accounts or information.

In summary, the presence of infiltrated remote access programs on devices can lead to system infections, severe privacy issues, financial losses, and identity theft.

Examples of remote access software abuse

"TeamViewer tech support scam", "ScreenConnect (ConnectWise) Client scam", "UltraViewer tech support scam", and "Imminent Monitor RAT" are just a few of our articles on remote access tool abuse by scammers.

Relying on genuine products and services is a common tactic in scams, as it lends credibility to false claims. Likewise, cyber criminals can use legitimate content for malicious activities rather than utilizing bespoke or open-source malware.

Remember that the presence of suspicious software on a system endangers device integrity and user safety, regardless of its legitimacy or functionality.

How did LogMeIn install on my computer?

LogMeIn has been observed being distributed under the guise of "SoraXpertAI" – a supposed variant of the Sora generative AI – through a deceptive webpage.

The promotion of this site is unknown. Generally, these pages are endorsed via malvertising (intrusive ads), websites utilizing rogue advertising networks (redirects), SEO poisoning, spam (e.g., browser notifications, emails, social media posts, PMs/DMs, etc.), typosquatting (misspelled URLs), and adware.

However, LogMeIn could wear other disguises or be distributed using different methods. Potential proliferation methods include: bundling (packing into ordinary program installers), drive-by (stealthy/deceptive) downloads, untrustworthy download sources (e.g., freeware and free file-hosting sites, Peer-to-Peer sharing networks, etc.), online scams, pirated programs/media, illegal software activation tools ("cracks"), and fake updates.

It is pertinent to mention that since remote access programs are commonly used by scammers, victims can be tricked into downloading LogMeIn from official sources.

How to avoid installation of unwanted software?

Caution is key to device and user safety. Therefore, research software before downloading or purchasing. Download only from official and verified channels. When installing, read terms, study available options, use "Custom/Advanced" settings, and opt out of supplementary apps, extensions, tools, etc.

Additionally, be vigilant when browsing, as the Internet is full of deceptive and malicious content. Pay attention to URLs and be attentive when entering them. Be wary of sites, ads, notifications, and messages that urge immediate action against threats or make unbelievable promises. Ignore or block browser notification requests. Do not open attachments or links present in suspicious/irrelevant communications (e.g., emails, DMs/PMs, SMSes, etc.).

It is paramount to have a reputable antivirus installed and kept updated. Security software must be used to run regular system scans and to remove detected threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated threats.

Screenshot of a website distributing LogMeIn as "SoraXpertAI":

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

• What is LogMeIn?
• STEP 1. Uninstall deceptive applications using Control Panel.
• STEP 2. Remove rogue extensions from Google Chrome.
• STEP 3. Remove potentially unwanted plug-ins from Mozilla Firefox.
• STEP 4. Remove rogue extensions from Safari.
• STEP 5. Remove rogue plug-ins from Microsoft Edge.

Removal of potentially unwanted applications:

Windows 11 users:

Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.

Windows 10 users:

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Windows 7 users:

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

macOS (OSX) users:

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

In the uninstall programs window, look for "LogMeIn" and other suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

At time of research, LogMeIn did not install any unwanted browser extensions, however, some unwanted applications can be installed together with adware and browser hijackers. If you experience unwanted ads or redirects when browsing the Internet, continue with the removal guide below.

Video showing how to remove potentially unwanted browser add-ons:

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

Optional method:

If you continue to have problems with removal of the logmein remote access tool, reset your Google Chrome browser settings. Click the Chrome menu icon  (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Remove malicious plugins from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window), select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

Optional method:

Computer users who have problems with logmein remote access tool removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.

Select Troubleshooting Information.

In the opened window, click the Refresh Firefox button.

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Remove malicious extensions from Safari:

Make sure your Safari browser is active, click Safari menu, and select Preferences....

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

In the opened window select all history and click the Clear History button.

Remove malicious extensions from Microsoft Edge:

Click the Edge menu icon  (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Optional method:

If you continue to have problems with removal of the logmein remote access tool, reset your Microsoft Edge browser settings. Click the Edge menu icon  (at the top right corner of Microsoft Edge) and select Settings.

In the opened settings menu select Reset settings.

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

• If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Frequently Asked Questions (FAQ)

What are the biggest issues that LogMeIn can cause?

LogMeIn is a remote access tool that allows remote access and control over devices. Cyber criminals can utilize this program to steal sensitive information and infiltrate malware. Hence, LogMeIn could be exploited to cause system infections, severe privacy issues, financial losses, and identity theft.

How did LogMeIn infiltrate my computer?

LogMeIn has been distributed as "SoraXpertAI" – a supposed variant of Sora. Other disguises and distribution techniques are possible. In general, prevalent proliferation methods include: dubious download channels, online scams, drive-by downloads, bundled installers, malvertising, spam, pirated content, illegal program activation ("cracking") tools, and fake updates. Scammers may even deceive victims into downloading LogMeIn from official sources.

I have allowed cyber criminals to remotely access my computer, what should I do?

If you have allowed scammers to access your device remotely – disconnect it from the Internet. Afterward, uninstall the remote access tool (e.g., LogMeIn), as they might not need your permission to reconnect. Lastly, perform a complete system scan and eliminate all detected threats.

Will Combo Cleaner protect me from online scams and the malware they proliferate?

Combo Cleaner is designed to eliminate all kinds of threats. It can scan visited websites for deceptive/malicious content and restrict further access to these pages. It can also detect and remove practically all known malware infections. Remember that performing a full system scan is crucial, as sophisticated malicious software usually hides deep within systems.