Virus

[medar]

Today I downloaded a virus by accident. Imma be honest rn, I wanted to download a hack for a game just to have fun and for that you have to turn off your windows defender which I did. I downloaded the file it was just called setup.exe . I am always sceptical about files like this because both the rar file and the exe file were just called Setup, my mind told me not to open it but I did anyways. Then my pc started bugging out, random powershell windows kept opening and closing and cmd windows as if someone was running a commands for something. I go over to my windows defender to turn it back on but I can't it just stuck on refreshing something. I restart the pc and go to windows defender again and it still does the refreshing thing without allowing me to scan threats or enable it. Then I realised that Im fucked, I got scared cuz I had a lot of valuable stuff on this pc so I went to task manager because if there waas someonr trying to use a program to control my PC  it would be for sure there. And I was right. But before that I tried opening chrome and installing an antivirus called avast but what happened was the guy who was controlling it closed my window every time I tried to download it. And he even sent an alertbox saying "Stop" it rly scared me bcs I never had a virus before and idk how they even do it. Then I went to task manager and saw a bunch of programs that werent usual to me they were called a bunch of random numbers and stuff and one of them was windowscontroller something program like that. I kept turning it off and when i turn it off my pc would be ok but it just comes back on after 5s so I would have to keep doing it. So What I did was as I was end task that program I also at the same time downloaded Avast Antivirus through microsoft edge cuz somehow he managed to fuck up my chrome and put my search thing into some indian bullshit so i cant find anytjing. It took like 5 minutes to download and after I finally did I clicked scan and boy there were lik 5000x threats quarantined. Now why I came here to say all this is to ask is that enough? Cuz all i did was scanned my pc with Avast and it said it deleted a bunch of threats, Do i Have to format my PC so something bad doesnt happen or is avast good enough?

[WhitetailAni]

Unplug your network cable. That will prevent remote access.

[da na]

Also use Malwarebytes, it's one of the best antivirus softwares out there

[TetraSky]

Unplug the internet already!

Boot into safe mode with internet! Then you can plug the internet back in and download the anti virus and install it.

 

Honestly, I would personally reformat that computer. Wouldn't even take any chances. Who knows what those powershells scripts did.
If you have access to another computer, take out your drive and put it in the other PC, (don't boot to it...) and save your important files.

 

Also, you really bought that onto yourself.
The only "hacks" I would trust from a website, are Cheat Engine tables or trainers derived from those, like the ones on VGtrainers. That's it.

Everything else and you're taking a huge gamble, especially if these are hacks for an online game. You're better off opening the so called "hack" in a virtual machine first (or enable Windows Sandbox and use that to test shady softwares, which is basically a VM that deletes everything you did in it once closed)

[trag1c]

Run every AV under the sun as they may detect different things. Personally I would go into safe mode (or live boot into linux) grab the files I need and torch the rest. Avast may have caught a ton of stuff but that doesn't mean it caught everything. It's stuff like keyloggers or remote access that you really need to worry about. They give an attacker the greatest chance of compromising stuff like your identity.

[medar]

4 minutes ago, trag1c said:

Run every AV under the sun as they may detect different things. Personally I would go into safe mode (or live boot into linux) grab the files I need and torch the rest. Avast may have caught a ton of stuff but that doesn't mean it caught everything. It's stuff like keyloggers or remote access that you really need to worry about. They give an attacker the greatest chance of compromising stuff like your identity.

I even bought the premium version of avast just for this, Ill download also other antiviruses, Formatting the PC right now I don't really feel like, if there are any keyloggers in the background and they do get my password its still all connected to my gmail and my phone number and I can get them back easily but I think that avast is a good program and it can detect anything. It looked like a simple virus if it was something more serious i wouldnt get the option to go and download avast and close their things my pc would be dead and they would have everything they need so I dont worry too much. 

[WhitetailAni]

Just now, yagamilight said:

I even bought the premium version of avast just for this, Ill download also other antiviruses, Formatting the PC right now I don't really feel like, if there are any keyloggers in the background and they do get my password its still all connected to my gmail and my phone number and I can get them back easily but I think that avast is a good program and it can detect anything. It looked like a simple virus if it was something more serious i wouldnt get the option to go and download avast and close their things my pc would be dead and they would have everything they need so I dont worry too much. 

Have you unplugged the Ethernet cable?
Please do so to prevent remove access

[Akolyte]

What the hell? Someone really spends the time to wait and control someone's machine when it gets hacked?  

 

I doubt it's actually being controlled - but maybe is automated to do these things.  Either way, as others have said disconnect from the internet immediately.

 

Malware scanners are great for catching generic, wide-spread malware that is designed to hit many birds with one stone - deliberate, targeted attacks (if this guy really Is controlling your machine), aren't a guarantee.  It may detect the remote software he's using, but any custom code he's written to re-download his tools, etc aren't a guaranteed detection.  

 

You say you have valuable data on your machine?  I'm going to be honest, in the time it took you to download Avast and run a scan it's probably all been exfiltrated.  So any personal information saved, any passwords saved, anything like that.  Reset all your passwords from another device, ideally on another network, and make any calls to banks or whatever if you need to, just to FYI in-case any sus transactions come through.

 

Also, you should definitely grab an external hard drive or something.  

 

So, TLDR: 

 

1. Disconnect from the internet, literally unplug your ethernet cable or switch off your router if you're using wifi. 
2. Plug in an external hard drive or USB drive - transfer over the files you need the most. 
3. Switch your machine off.  And keep it off. 
4. Sort out any issues that may come about from any of your personal information, documents, passwords (e.g. credit cards, drivers license, etc) being posted online or sold in marketplaces. 
5. Reinstall your machine, and when you reinstall Windows - ensure Autorun is disabled
6. Plug your USB into your machine, and copy your files - then format it. 

[Akolyte]

3 minutes ago, yagamilight said:

I even bought the premium version of avast just for this, Ill download also other antiviruses, Formatting the PC right now I don't really feel like, if there are any keyloggers in the background and they do get my password its still all connected to my gmail and my phone number and I can get them back easily but I think that avast is a good program and it can detect anything. It looked like a simple virus if it was something more serious i wouldnt get the option to go and download avast and close their things my pc would be dead and they would have everything they need so I dont worry too much. 

What the hell, why would you buy premium Avast. 

 

You need to disconnect from the internet first and foremost.  Avast has a pretty poor reputation nowadays, if you want to use it you can - but if you're looking for recommendations for a reliable antivirus that can detect modern day threats, Avast wouldn't be it. 

[RAS_3885]

6 minutes ago, yagamilight said:

f there are any keyloggers in the background and they do get my password its still all connected to my gmail and my phone number and I can get them back easily

I wouldn't be so sure of that and is a pretty risky stance for cybersecurity. I would not trust anything short of a reformat. 

[medar]

5 minutes ago, FakeKGB said:

Have you unplugged the Ethernet cable?
Please do so to prevent remove access

my PC is turned off rn. I did a quick scan,then I did a full scan on avast it says it scans my PC from top to bottom, and my PC is off. Is it ok if its off or do I still need to unplug the cable

[WhitetailAni]

If you plan to turn it on again to remove the virus, unplug the cable. It will prevent remote access since your computer is disconnected from the Internet.

[medar]

5 minutes ago, Akolyte said:

What the hell? Someone really spends the time to wait and control someone's machine when it gets hacked?  

 

I doubt it's actually being controlled - but maybe is automated to do these things.  Either way, as others have said disconnect from the internet immediately.

 

Malware scanners are great for catching generic, wide-spread malware that is designed to hit many birds with one stone - deliberate, targeted attacks (if this guy really Is controlling your machine), aren't a guarantee.  It may detect the remote software he's using, but any custom code he's written to re-download his tools, etc aren't a guaranteed detection.  

 

You say you have valuable data on your machine?  I'm going to be honest, in the time it took you to download Avast and run a scan it's probably all been exfiltrated.  So any personal information saved, any passwords saved, anything like that.  Reset all your passwords from another device, ideally on another network, and make any calls to banks or whatever if you need to, just to FYI in-case any sus transactions come through.

 

Also, you should definitely grab an external hard drive or something.  

 

So, TLDR: 

 

1. Disconnect from the internet, literally unplug your ethernet cable or switch off your router if you're using wifi. 
2. Plug in an external hard drive or USB drive - transfer over the files you need the most. 
3. Switch your machine off.  And keep it off. 
4. Sort out any issues that may come about from any of your personal information, documents, passwords (e.g. credit cards, drivers license, etc) being posted online or sold in marketplaces. 
5. Reinstall your machine, and when you reinstall Windows - ensure Autorun is disabled
6. Plug your USB into your machine, and copy your files - then format it. 

The thing is they had complete control I couldnt do anytjing but fortunately I found the program in task manager that they used to do it, And I just spammed end task so they cant do anything until I installed my antivirus. Im pretty sure it wasnt automated because when I typed avast they turned off my browser and sent alertbox that said STOP

[BlueChinchillaEatingDorito]

13 minutes ago, yagamilight said:

Formatting the PC right now I don't really feel like, if there are any keyloggers in the background and they do get my password its still all connected to my gmail and my phone number and I can get them back easily 

MFA with your phone number and email is not something that's impenetrable. Social engineering has shown time and time again that it can be trivial for people to compromise your phone number by tricking customer service agents transfer the number over to another phone without you knowing. 

 

It has happened to Linus in the past with their twitter and their YouTube channels briefly. 

[medar]

7 minutes ago, Akolyte said:

What the hell? Someone really spends the time to wait and control someone's machine when it gets hacked?  

 

I doubt it's actually being controlled - but maybe is automated to do these things.  Either way, as others have said disconnect from the internet immediately.

 

Malware scanners are great for catching generic, wide-spread malware that is designed to hit many birds with one stone - deliberate, targeted attacks (if this guy really Is controlling your machine), aren't a guarantee.  It may detect the remote software he's using, but any custom code he's written to re-download his tools, etc aren't a guaranteed detection.  

 

You say you have valuable data on your machine?  I'm going to be honest, in the time it took you to download Avast and run a scan it's probably all been exfiltrated.  So any personal information saved, any passwords saved, anything like that.  Reset all your passwords from another device, ideally on another network, and make any calls to banks or whatever if you need to, just to FYI in-case any sus transactions come through.

 

Also, you should definitely grab an external hard drive or something.  

 

So, TLDR: 

 

1. Disconnect from the internet, literally unplug your ethernet cable or switch off your router if you're using wifi. 
2. Plug in an external hard drive or USB drive - transfer over the files you need the most. 
3. Switch your machine off.  And keep it off. 
4. Sort out any issues that may come about from any of your personal information, documents, passwords (e.g. credit cards, drivers license, etc) being posted online or sold in marketplaces. 
5. Reinstall your machine, and when you reinstall Windows - ensure Autorun is disabled
6. Plug your USB into your machine, and copy your files - then format it. 

The great thing abt this is that I used my debit card, it is at 0$ I only use it for free trials for games,twitch prime etc, Since it's a debit card evennif they had its info they can't go into - they can't use it for anything its like they have a random number. I called my bank once because I was worried of things like this and they said as long as it's at 0$ they cant use it since debit cards dont go into minus at least at this bank. Whenever I wanna buy something online I put money on it and buy it instantly so it goes back to 0$ again i never keep money on it. That is the only valuable thing. The other ones would be league of legends account which I hope they take and change the passwords so I can stop being addicted to it and stop playing that toxic sick god forsaken game I hate it but I play it everyday. Anyways I might format my SSD. I have both an SSD AND hddd on my pc I guess I have to do both?

[medar]

7 minutes ago, FakeKGB said:

If you plan to turn it on again to remove the virus, unplug the cable. It will prevent remote access since your computer is disconnected from the Internet.

How will I use the antivirus software xD

[IkeaGnome]

Just now, yagamilight said:

How will I use the antivirus software xD

You already have it downloaded. It doesn't require an internet connection. 

[Akolyte]

11 minutes ago, yagamilight said:

The great thing abt this is that I used my debit card, it is at 0$ I only use it for free trials for games,twitch prime etc, Since it's a debit card evennif they had its info they can't go into - they can't use it for anything its like they have a random number. I called my bank once because I was worried of things like this and they said as long as it's at 0$ they cant use it since debit cards dont go into minus at least at this bank. Whenever I wanna buy something online I put money on it and buy it instantly so it goes back to 0$ again i never keep money on it. That is the only valuable thing. The other ones would be league of legends account which I hope they take and change the passwords so I can stop being addicted to it and stop playing that toxic sick god forsaken game I hate it but I play it everyday. Anyways I might format my SSD. I have both an SSD AND hddd on my pc I guess I have to do both?

I would format both, yes.  

 

And they can still use that debit card information for identity theft, as well as social engineering.   Many legacy businesses still use 'confirming credit card digits', or 'confirm your address' as ways of authorising yourself.  

 

Take for example, calling your cell phone provider to transfer numbers (they'd get your 2FA keys), or calling your bank to authorise a transaction, or calling your ISP to downgrade your plan.  Some of these might be useless, but hacking is a means to get what you want - usually that means is information or some kind of leverage, demand.  

 

They can do the exact same thing by tormenting you by redirecting your phone number, taking off your car insurance without you knowing, changing your address on your subscriptions, ordering random pizzas to your house you need to pay for, etc.  All because you didn't take actions to mitigate that NOW. 

 

Besides, they might sign up to some services - use your debit card as proof of identity?  Such as Azure, or AWS - and then use those services to perform illegal activity.   When that account gets suspended or whatever - the authorities will come to you and ask you why you did it? 

 

It's highly insecure, but also very common.  Why would a criminal want to spend your money and raise suspicion directly like that?  when they could use your information to use your identity as a shield for their illegal endeavours. 

 

You can say your debit card got stolen, but usually there's a short period of time you have to actually report it to the bank to avoid any liability that comes from it being stolen.  If you wait for example, a few days to call your bank - they might not give you a refund for any bad transactions, and the law might hold you accountable to any misdeeds someone did with it. 

[medar]

13 minutes ago, Akolyte said:

I would format both, yes.  

 

And they can still use that debit card information for identity theft, as well as social engineering.   Many legacy businesses still use 'confirming credit card digits', or 'confirm your address' as ways of authorising yourself.  

 

Take for example, calling your cell phone provider to transfer numbers (they'd get your 2FA keys), or calling your bank to authorise a transaction, or calling your ISP to downgrade your plan.  Some of these might be useless, but hacking is a means to get what you want - usually that means is information or some kind of leverage, demand.  

 

They can do the exact same thing by tormenting you by redirecting your phone number, taking off your car insurance without you knowing, changing your address on your subscriptions, ordering random pizzas to your house you need to pay for, etc.  All because you didn't take actions to mitigate that NOW. 

 

Besides, they might sign up to some services - use your debit card as proof of identity?  Such as Azure, or AWS - and then use those services to perform illegal activity.   When that account gets suspended or whatever - the authorities will come to you and ask you why you did it? 

 

It's highly insecure, but also very common.  Why would a criminal want to spend your money and raise suspicion directly like that?  when they could use your information to use your identity as a shield for their illegal endeavours. 

 

You can say your debit card got stolen, but usually there's a short period of time you have to actually report it to the bank to avoid any liability that comes from it being stolen.  If you wait for example, a few days to call your bank - they might not give you a refund for any bad transactions, and the law might hold you accountable to any misdeeds someone did with it. 

so what do I do to stop this? My only option is to format my ssd?

[Akolyte]

11 minutes ago, yagamilight said:

so what do I do to stop this? My only option is to format my ssd?

Reinstall Windows and call your bank and tell them that someone might have stolen your Debit card information.  Make sure to tell them you actually purchased Avast, but that you're letting them know just in-case. 

 

Get a new debit card and cancel the old one.  Login to all your accounts from a secure and uncompromised device - change all your passwords, recovery questions, and ensure 2FA is enabled everywhere. 

 

Watch for any activity on your accounts - any account attempted logins from weird places, anything at all.  Keep your windows OS up to date, run antivirus on your desktop and phone - I don't say this to most people, but honestly - after this experience I'm gonna suggest it to you. 

 

Use a good antivirus like Emsisoft - and purchase a reliable password manager like Dashlane or something with dark-web tracking to track your accounts and notify you if your password has been leaked anywhere. 

 

If you have the money, a modern Asus Router with AiProtection+ is good because it brings some commercial features to your home devices.  It gives you an extra layer of network protection.  

 

AiProtection - although not as robust as enterprise firewalls, would have at least been another layer against something like this.  It may have identified the connection as it traversed your router, and cut it.  It may have also scanned the files as it downloaded to your machine and blocked it for being a virus.  

 

Having multi-layered security is incredibly important these day.s 

[medar]

33 minutes ago, Akolyte said:

Reinstall Windows and call your bank and tell them that someone might have stolen your Debit card information.  Make sure to tell them you actually purchased Avast, but that you're letting them know just in-case. 

 

Get a new debit card and cancel the old one.  Login to all your accounts from a secure and uncompromised device - change all your passwords, recovery questions, and ensure 2FA is enabled everywhere. 

 

Watch for any activity on your accounts - any account attempted logins from weird places, anything at all.  Keep your windows OS up to date, run antivirus on your desktop and phone - I don't say this to most people, but honestly - after this experience I'm gonna suggest it to you. 

 

Use a good antivirus like Emsisoft - and purchase a reliable password manager like Dashlane or something with dark-web tracking to track your accounts and notify you if your password has been leaked anywhere. 

 

If you have the money, a modern Asus Router with AiProtection+ is good because it brings some commercial features to your home devices.  It gives you an extra layer of network protection.  

 

AiProtection - although not as robust as enterprise firewalls, would have at least been another layer against something like this.  It may have identified the connection as it traversed your router, and cut it.  It may have also scanned the files as it downloaded to your machine and blocked it for being a virus.  

 

Having multi-layered security is incredibly important these day.s 

HOLY thank you so much for the app dashlane I found that my pw was leaked in 2017 

[medar]

GUYS PLEASE HELP ME, the person who got my pc managed to get into my discord somehow? He sent a link to every one of my friends on disc that takes you to a fake discord gift thing and asks you for a password, HOW CAN HE GER MY PASSWORD WITHOUT MY EMAIL, I changed it but I don't know if that is enough, I am gonna reset my whole PC after this I'm not taking any chances, But how is this possible please someone tell me, I don't want anyone to spy on me

[medar]

pls help, the smiley face part was not sent by me, and it was sent to everyone on my discord. 

[LogicalDrm]

-> Moved to Programs, Apps and Websites

[Needfuldoer]

14 hours ago, yagamilight said:

The thing is they had complete control I couldnt do anytjing

Malware can't stop you from unplugging your Ethernet cable or your router.

 

4 hours ago, yagamilight said:

pls help, the smiley face part was not sent by me, and it was sent to everyone on my discord

Change your passwords on a known clean device. If Discord has a button that lets you force all open sessions to log out, use it. They could be logged in on their own machine.