Looking for answer

I’m probably overstepping my bounds here, but this is the only place I could find that in all my searching referenced a scam that, hopefully, my mother (in her 80s) avoided.

She got an email for paypal charge from > alisha hall [email protected]
addressed to a TON of similar spelled emails (probably sequential off a list)

The text of that email is below.

They got her to open a browser and open a page gxcare.cc (refering to this url is how I found you guys with some other keywords) that had her enter a code, my guess is that probably gave them access to her computer (like tech support)

She then had a google docs page that honestly was a pretty piss poor paypal looking thing but she entered a lot of personal information there, no routing numbers or anything crazy but still NOT GOOD. (using history i found this again and subsequently reported via google links and its been removed)

They then wanted her to open another tab and log into her bank, she said the whole time she was questioning them, but at this point she hung up on them and got me.

I shut her computer off. Can anyone give me an idea of what exposure she has? It seems that most of the google docs stuff might have been just a part of the ‘confidence game’ and the real damage would have been with logging into bank but could the have been something installed or other issues.

Any help is appreciated.


"PayPal® Alert!!

Date: 01-29-2024

Your Subscription with Geek Squad will Renew Today. This is a receipt for your recent purchase.

Your card linked with your PayPal® account has been auto-debited for $327.86 and your annual subscription has been auto renewed successfully.


Product : Geek Squad Deluxe Protection

Product Key : NQUS-821J-SI82-XIHA
Amount : $327.86


Geek Squad SECURE™

Geek Squad PROTECTION (Including Tax)

TAX RATE : $10.00

Total : $337.86

If you don’t authorised this charges you have 24hrs, to cancel and get an Instant refund of your

annual subscription by contacting our customer support team:+1(866) 898-1667


Case of cancellation reach us here: +1(866) 898-1667

PayPal® Support. 38780, Tempe, Arizona, United States
PayPal® Inc, All right reserved Privacy - Security - Terms of Service

Copyright @ 2024"


866-898-1667 Austin Monday 1-29-24 3:21PM EST

1 Like

866-898-1667 Still Active Kevin Monday 1-29-24 5:19PM EST

1 Like

Make sure there’s no “screen connect/connectwise” software on her pc. It hides when running so below is how to find and remove it from her system. It’s imperative to get rid off as it is NASTY!

  1. Open Program and Features, Control Panel > All Control Panel Items > Programs and Features
  2. Search for “ScreenConnect Client” in the list of software installed.
  3. You should see something similar to “ScreenConnect Client (xxxxxxxxxxxxxxxx)”, where “xxxxxxxxxxxxxxxx” represents the unique thumbprint. Note this thumbprint down somewhere as you will need it for the rest of the steps.

Delete all traces of ScreenConnect Client (xxxxxxxxxxxxxxxx) from C:\

  1. Open File explorer
  2. Search, find and delete any folders named “ScreenConnect Client (xxxxxxxxxxxxxxxx)” in the following directories:

C:\Program Files
C:\Program Files (x86)

  1. Do a search through the c:\ for “ScreenConnect Client (xxxxxxxxxxxxxxxx)” to confirm all traces have been removed.

Delete all traces of ScreenConnect Client (xxxxxxxxxxxxxxxx) from Registry Editor

  1. Open “RegEdit” with Admin privileges
  2. Do a “CTRL+F” to bring up search bar
  3. Search the registry for any traces of the ScreenConnect instance “ScreenConnect Client (xxxxxxxxxxxxxxxx)” & “xxxxxxxxxxxxxxxx”, where “xxxxxxxxxxxxxxxx” represents the unique thumbprint.
  4. Delete these entries from the registry

Delete the ScreenConnect service from Windows Services

  1. Open an elevated command prompt
  2. Run the following command (where “xxxxxxxxxxxxxxxx” represents the unique thumbprint):

sc delete “ScreenConnect Client (xxxxxxxxxxxxxxxx)”

  1. Open Services and confirm the ScreenConnect service has been deleted. This may take a few minutes for the command to process after running it

Remove app from Programs and Features

Confirm that the ScreenConnect app was removed from the Program and Features list. If not try to uninstall it from Program and Features. If you run into an error do the following:

  1. Download Microsoft Uninstaller Tool
  2. Run the tool and use it to check/uninstall the app “ScreenConnect Client (xxxxxxxxxxxxxxxx)”

After this the ScreenConnect app should be fully uninstalled. One reboot for save measure and…

That’s it! ScreenConnect should now be removed and ready for re-installation.


Thank you very much for the assistance. She didn’t have any of this software on her computer nor registry.


Blessings to you and your mom. Welcome to the community! @Mountain_Man

The page gxcare.cc is to specifically download connectwise, so if she input the code, double and triple check that program is off like @Jhawk explained. It is a hidden program and we cannot stress that enough, it’s a dangerous and nasty program.

Thank you for sharing your and your mom’s experience!


gxcare.cc one instance Sept 2023 PayPal scammer Benjamin Watson 844-627-2104


Thank goodness @Mountain_Man, helping each other is what we do here…Welcome to our community btw. If she were my mom, I would also disable the Remote Desktop Services within Control Panel>Admin Tools>Services. It’s what I do for all my elderly neighbors.