ProctorU...hell in a handbasket Part 1

[benjenkinsv95]

Hey Cypster,

You might try to delete the file via the command line. An article explaining how to do it is found here.

I don't personally know if this suggestion will work as I cannot reproduce it, but best of luck.

[cypster]

I didn't have these issues when I took a TECEP a couple of weeks ago.

My first exam with them was admittedly not as horrible as this second day with them Sanantone. I was so frustrated after having 3 representatives in the same day conducted the same behavior of not asking for my permission before performing actions on my computer. I have contacted the appropriate channels... I suppose I was just really more worried now than anything that my computer may still be vulnerable due to this rahook.dll file that I have been unable to remove even after multiple reboots and in the session log that I have saved there is actually an entry that shows the applet injecting itself to be restarted with my computer. I have contacted their Birmingham office and filed a complaint. They have promised that they will be contacting me with information showing me exactly what files were pulled from my computer and at what times. I am really hoping that they will keep their word and let me know what happened on that day... All of the supervisors that I spoke with also shared with me that the representative on that day broke protocol in several respects and that they are investigating the matter. Let's hope that I will actually hear from them and that this will never happen again!

[cypster]

I've used proctoru 14 times in the past 6 weeks and haven't had any problems.

Glad it's working out well for you really I am. Be sure to check your user app data folder for residue just to be on the safe side after your session is complete.....

[cypster]

Just out of curiosity, did you uninstall logmein using the windows uninstall utility? Rahook.dll is part of the logmein program. It is very likely the sites you are looking at online that claim this is a trojan are trying to sell you software to fix a problem that is non-existent. Just uninstall the program and if for some reason rahook.dll is still there, boot your system into safe mode and you should be able to delete it.

Thanks for the caution Upton. As I've mentioned however, I'm somewhat familiar with the deceptive gimmicks to sell junk software... The issue that I am facing is with a file that is acting in every way like a virus due to it's startup activity. My session logs revealed an applet setting itself to run everytime my computer restarts. It does not appear in the obvious places like my start up folder and the program was never installed in my Control Panel Programs list so it could not be uninstalled from there. This day of testing was just beyond strange...

[cypster]

Actually, there are versions of remote access software that will let people do that.

Thanks for the feedback ajs1976. I am finding that many people are completely unaware of this.... Many assume that Proctur U is using the vanilla version of Log Me In to access their machines. This is not the case. The software has been rebranded and altered in some ways to meet their needs... The application that is installed as a part of the collection that we get when we start a session with them that worries me the most is the LM_rescue.exe application. I am currently do all I can to find out of there is any relation between this application and the rahook.dll file that I am currently unable to install. Others of course are completely blinded at times by how "cool" it is to have someone take over their mouse from another part of the country....

[Onlinestudydeg]

Reboot the system in safe mode try to rename to .dll file to like .dat or .bat. if this does not work, than you would need unlocker.

search google for file unlocker tool, use it to unlock the file and than you should be able to delete it.

you could also use https://www.malwarebytes.org it has free version i have found it to be very reliable.

[cypster]

Hey Cypster,

You might try to delete the file via the command line. An article explaining how to do it is found here.

I don't personally know if this suggestion will work as I cannot reproduce it, but best of luck.

Can't thank you enough for a tip directly related to the issue at hand benjenkins! I have been so frustrated over this experience that I completely forgot about trying good old CMD to delete locked file! Thank you 10 million times!!

[cypster]

Reboot the system in safe mode try to rename to .dll file to like .dat or .bat. if this does not work, than you would need unlocker.

search google for file unlocker tool, use it to unlock the file and than you should be able to delete it.

you could also use https://www.malwarebytes.org it has free version i have found it to be very reliable.

Thanks Onlinestudydeg! I saw Benjenkins post right before yours and that actually worked. I was just so devastated with all the stress before my final that I forgot the basics... Thanks so much for caring enough to help! Folks like you guys make experiences like this become nothing more than memories really quickly!

[cypster]

A big heartfelt thank you to BenJenkins and Onlinestudydeg for pointing me in the right direction! And a big thank you to each and every one of you who have tried to share encouraging replies during a very frustrating experience. This issue is now resovled. After this experience I will do all that I can to either avoid this company by using onsite testing or I will create a dedicated computer that will only be used for proctored exams. I am glad that Proctor U has been working out great for some of you. I would encourage everyone to go to their user folder on their computers after every proctored exam and to be sure to delete any and all residual files found in this directory; "AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp" This is where the rahook.dll file was inserted on my computer along with what appeared to have been a nonstandard version of the LogMeIn software since everyone else seems to have found their's in their Control Panel Programs list which was not the case after my Proctoring sessions on this day.

[laughter]

Glad you got it worked out, OP! Seems like the proctor you had had acted outside business protocols. The proctor I had last month was really different... she would ask permission before performing any action. Even when shutting down open applications, she would just right click "quit" without viewing them. Guess we'd just have to be careful when using ProctorU as they might have a couple bad apples in the pile.