SugarShaun

Hello Kevin, You mentioned it being a compression/decompression bomb. I totally forgot you called it that! Wow! Thank you for letting know how quick I would know the effects and thank you for reassuring me that my system should be fine. I appreciate that a lot. Thank you for letting me know the purpose of such attacks too! You've been very helpful and I appreciate your help and you taking the time to answer my questions. We're very lucky to have volunteers like you providing services! Again, thank you!

That does help, Kevin. Thank you! I will definitely check that latest link you sent me. So, my PC seems like it's in the clear? When I clicked on the .scr file I got the blue spiny wheel like my computer was thinking, but nothing happened after that. Does that mean it didn't download? I wasn't asked if I wanted to make changes to my hard drive. So, that's good. If hackers were to get malware on to someone's computer, how long do they usually wait until they trigger the malware script? Is it instant or do they wait a few days? I figured it would be instant, because it would be written in the code. I don't know if anyone would know that. What type of attack was the .scr that was sent me? A crypto locker or a keystroke logger? Anyhow, I appreciate your help, Kevin. Thank you so much for the service you provide the Malwarebytes community!

Hello Kevin! Again, you are really amazing and I really appreciate what you do. After I post this, I will be donating to your PayPal, because I do appreciate what you do for me and others. Also, would you mind if I asked a few questions about malware? I'm interested in knowing more and you seem very knowledgable! Anyhow, I don't know if I could remove quicktime, because I use protool and I think protools uses that for Mp3s or something. I will have to look into that. I remember it wanting me to download quicktime, but that was years ago. There maybe another solution to that. I told Malwarebytes to check for updates. Or do I have to download a new version of Malwarebytes from their website? I updated Winrar. Wondershare Helper Compact is part of Filmora's Wondershare program. I use it to edit videos. I don't know if I can remove it without it causing me difficulties. As for passwords, I use a program to create crazy passwords. I should definitely download Malwarebytes browser extension. Good looking out there! What does patch my PC do? Also, I'm afraid to update my operating system. Sometimes, it causes problems. But, I do understand the security threat. Here is the report from kpmr: # Run at 12/1/2021 8:36:14 PM # KpRm (Kernel-panik) version 2.9.2 # Website https://kernel-panik.me/tool/kprm/ # Run by steal from C:\Users\steal\Downloads # Computer Name: DESKTOP-JE2FCR1 # OS: Windows 10 X64 (19042) # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines after 7 days - Create Registry Backup - ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\steal\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2021-12-01-20-36-13 - Delete Tools - ## AdwCleaner [OK] C:\Users\steal\Downloads\adwcleaner_8.3.1.exe deleted ## FRST [OK] C:\Users\steal\Downloads\Addition.txt deleted [OK] C:\Users\steal\Downloads\FRST.txt deleted [OK] C:\Users\steal\Downloads\FRST64.exe deleted ## SecurityCheck [OK] C:\Users\steal\Downloads\SecurityCheck.exe deleted - Other Lines - ## Quarantines that will be deleted in 7 days (2021/12/08) ~ C:\AdwCleaner (AdwCleaner) ~ C:\FRST (FRST) - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named Scheduled Checkpoint created at 11/20/2021 23:14:49 deleted ~ [OK] RP named Scheduled Checkpoint created at 11/29/2021 01:43:36 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 12/02/2021 04:36:24 -- KPRM finished in 22.65s --

Hi Kevin, Again, thank you so much for sticking with me through this. I totally deleted that file as soon as I realized what it was. I felt so dumb for clicking on it. I appreciate you giving me a piece of mind. I still changed some passwords. LOL. What website do you use for analysis? That's awesome! Here are the results of security check: SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 01.12.2021 04:19:14 Path starting: C:\Users\steal\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: steal VersionXML: 9.29is-27.11.2021 ___________________________________________________________________________ Windows 10(6.3.19042) (x64) Core Release: 2009 Lang: English(0409) Installation date OS: 07.05.2021 06:04:49 LicenseStatus: Windows(R), Core edition The machine is permanently activated. LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Timebased activation will expire :42765 minutes LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [464.6 Gb] Used: [405.9 Gb] Free: [58.7 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.789.19041.0 User Account Control enabled (Level 3) Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (disabled and up to date) Avast Antivirus (enabled and up to date) ---------------------------- [ Firewall_WMI ] ----------------------------- Avast Antivirus (enabled) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avast One v.21.10.2498 Malwarebytes version 4.4.10.144 v.4.4.10.144 Warning! Download Update --------------------------- [ OtherUtilities ] ---------------------------- Microsoft 365 - en-us v.16.0.14527.20276 NVIDIA GeForce Experience 3.24.0.123 v.3.24.0.123 Steam v.2.10.91.91 Epic Games Launcher v.1.1.279.0 ------------------------------- [ Backup ] -------------------------------- Microsoft OneDrive v.21.220.1024.0005 ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 5.90 (64-bit) v.5.90.0 Warning! Download Update ------------------------------- [ Imaging ] ------------------------------- GIMP 2.10.22 v.2.10.22 Warning! Download Update -------------------------- [ IMAndCollaborate ] --------------------------- Discord v.0.0.309 Warning! Download Update Zoom v.5.8.0 (1324) Warning! Download Update -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.16 QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.96.0.4664.45 Microsoft Edge v.96.0.1054.34 ------------------ [ AntivirusFirewallProcessServices ] ------------------- aswbIDSAgent (aswbIDSAgent) - The service is running C:\Program Files\Avast Software\Avast\aswidsagent.exe v.21.10.6772.0 C:\Program Files\Avast Software\Avast\aswEngSrv.exe v.21.10.6772.0 C:\Program Files\Avast Software\Avast\AvastUI.exe v.21.10.6772.0 C:\Program Files\Avast Software\Avast\afwServ.exe v.21.10.6772.0 C:\Program Files\Avast Software\Avast\AvLaunch.exe v.21.10.6772.0 AvastWscReporter (AvastWscReporter) - The service is running C:\Program Files\Avast Software\Avast\wsc_proxy.exe v.21.4.6162.0 aswbIDSAgent (aswbIDSAgent) - The service is running Avast Firewall Service (avast! Firewall) - The service is running Avast Antivirus (avast! Antivirus) - The service is running C:\Program Files\Avast Software\Avast\AvastSvc.exe v.21.10.6772.0 Avast SecureLine VPN (SecureLine) - The service is running C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe v.5.14.5808.0 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1162 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1005 Microsoft Defender Antivirus Service (WinDefend) - The service has stopped Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. ----------------------------- [ End of Log ] ------------------------------

Hey Kevin, Did you look into what the .scr file installs on your computer? Would you give me the file names and where they are located so that I may manually search for them? That is if you could do something like that. I want to be sure there's nothing weird on my computer. I really, really appreciate your assistance! Thank you so much!

Hello Kevin, It's 556mb? WOW! I got it from an email. It was from a person I was talking to about advertisements. Anyhow, I wasn't asked if I wanted to install anything when I clicked it. I clicked it and nothing really happened. You don't see anything in my system? I really hope it didn't install anything then! That would be great! I ran the scan! I attached the logs! Thank you so much! SophosScanAndClean_20211201_0329.log

Sorry, Kevin. They sent me a password protected zip file. I should have included the password, but I forgot. Here it is: Password - magix

Hello Kevin or anyone else interested, Here are the Farbar results! I greatly appreciate your help. I am so grateful for people who are willing to take the time out to help others like this. By the way, my computer name is steal, not because I'm a thief, but because I use the name StealSpeaks. It's based off of a username I have when gaming. FRST.txt Addition.txt

Hello, I greatly appreciate your reply. Thank you so, so much for trying to help! I'm downloading Farbar right now! I had to look into it before downloading it. I'm a bit on edge right now. LOL! But, it seems safe, so thank you! I will let you know the results. I will up load the .zip with the offending file and rest of the stuff I was sent. I really, really appreciate your help! Example_video_integration.zip

Hi, I clicked a .scr file, because it was named .mp4. I feel like such a moron, because I didn't check the file enough. I feel so dumb. Anyhow, I ran a malwarebytes scan before I clicked on it and it said there were no issues. I even ran a malwarebytes scan after I clicked on it and an avast scan, but nothing came up. I even downloaded Adwcleaner and it found nothing. I hit window+R and tried to go through my computer with regedit and I could find anything. I could find anything in the task manager. I read somewhere that some of these .scr trojans aren't in some databases and it's driving me nuts. I feel like I totally messed up and my computer is going to be encrypted and held for ransom. Or other things. Would anyone be willing to look into the file and tell me what it changed on my computer? I could upload the file if need be. I'm so sorry to ask this, but I'm definitely losing sleep over my dumb mistake. It's totally my fault. I should have been more careful.