Unfree

new to the forum so dont know if there is a sub for warnings.

problem was solved, threat was removed. just wanted to warn others that the software may have malware bundled in it. thanks.

i was browsing the web after trying to diagnose a flash drive not being recognized, when windows defender (of all things) (dont have MBAM premium) caught some malware. after a scam with malwarebytes, well, ill show you the logs. Log File: 716586a2-865c-11e9-acd4-00ffe6bad8d1.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10890 License: Free -System Information- OS: Windows 10 (Build 17763.503) CPU: x64 File System: NTFS User: CHRISTIANS-ABSO\chris -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 340797 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 14 min, 9 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Hijack.ShellA.Gen, HKU\S-1-5-21-1013403379-1972433991-2537096884-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, No Action By User, [6376], [187664],1.0.10890 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Trojan.StolenData, C:\USERS\CHRIS\APPDATA\ROAMING\DCLOGS, No Action By User, [3609], [250094],1.0.10890 File: 3 Trojan.StolenData, C:\USERS\CHRIS\APPDATA\ROAMING\DCLOGS\2019-06-03-2.dc, No Action By User, [3609], [250094],1.0.10890 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WTR8M8IT.DEFAULT\PREFS.JS, No Action By User, [208], [301520],1.0.10890 MachineLearning/Anomalous.96%, C:\USERS\CHRIS\APPDATA\ROAMING\S1V6BWX0A8CBFXYS\RICZBDZBBGKY.EXE, No Action By User, [0], [392687],1.0.10890 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) here is what the keylogger had got on me, too bad they wont get any passwords as i keep mine stored away. :: Update (8:04:35 PM) :: EaseUS Windows Data Recovery Software - Mozilla Firefox (8:04:41 PM) [<-]lo :: Mozilla Firefox (8:06:36 PM) twi :: Aleis_M_Alpto on Twitter: "I pay 35€ for this. And it's half of what we are supposed to be receiving.… " - Mozilla Firefox (8:07:50 PM) relatable, only move the decimal point to make it 1.107, we spu[<-][<-][<-]supposed to get 10 [<-], welcome to c[<-]rur[<-]al [<-][<-][<-]ral canada *****ing hell :: Mozilla Firefox (8:08:00 PM) [at this time i find out about the malware] trojan.stolenDATA :: Server Not Found - Mozilla Firefox (8:11:00 PM) [<-]to[<-][<-][<-]win34[<-]2/5[<-]64 troka[<-][<-]h[<-]jan.stolendata my password t[<-]for twiiter: usr[<-]ername: *****youhe[<-]ackers69420 password: if you [<-][<-][<-][<-][<-][<-]fyouthoughtiwasthisstupidyou [<-]areretarded :: @Stone_Shovel - Discord (8:18:53 PM) holy ***** i download a program to try to fix a flashd [<-][<-] drive, find out its actually a *****ing [<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-] had a keylogger hidden in it, hijack.shell.a [<-], and a [<-][<-]some machine learning bus[<-][<-][<-]***** on it. if windows defene[<-]der was [<-]nt there i couldve gotten ***** stolen :: Clipboard Change : size = 6 Bytes (8:18:53 PM) cyr666 :: Cortana (8:19:55 PM) instagram :: Instagram (8:20:10 PM) it started logging immediately after i installed the software, and from the tab of the url i was in, it was the official site. it is still logging, but it isnt getting anything useful for now.