Caleb_Westerhout

The computer appears to be running perfectly fine. No other attempts have been made on any of the accounts associated with this computer, and I haven't received any other messages or emails from companies or the suspected individual. Everything seems to be good on my end Thank you, Caleb

The last half of the scan was much more rapid than the first. It's complete. Here is the logs from Dr.Web and Microsoft Safety Scanner. I will wait for any further instruction. Thank you, Caleb cureit.log msert.log

Good afternoon. I just want to confirm that I am going through the processes as outlined, and doing my best to be patient with them. I'm writing this from a different device so that my computer isn't bothered while it scans with Microsoft Safety Scanner. I wasn't able to start it until late last night, but it has been running for 12 hours now, still on Safe Boot with Networking to prevent any programs from interfering just in case. It seems to have made it around 20-25% of the way through my files if the progress bar is accurate. You certainly meant it when you said the scan will take many hours. It should be done in another 36-48 hours or so, if it continues at this rate, and I will have the logs ready for you then. I assume this is a normal rate? I apologize for not being able to attach the logs from the Dr.Web scan yet. I'll have all logs to you as soon as the MSS scan is done. Thank you for your support and patience, Caleb

I still have access to the message, and I recall some details about the order of events. I will try to provide as much information as I can. The message included a link to a Steam game called Dungeon of Destiny. The game appears as if it is in early access. The message requested that I launch the game and play it for a short period of time to give a review before the game launches. I trusted the individual that used to have the account, and so I inspected the steam game. Afterwards, a link to an external site (which should have been my clue) was sent to me and when I followed the link, there was an option to download a file. This file was a .zip locked by an admin password (which should have been hint number 2) which was provided to me as well. Upon downloading and unzipping the file and launching the .exe file, my computer shut off all programs except the executable, and I lost access to my Discord and Google accounts associated with this device. I have two screenshots from Discord that I have provided, as I am unsure if I should provide the links directly to the websites or not. I also included the password for the .zip file that I was sent. There is another screenshot that I can provide after I remove personal information from it that I received from a discord friend of mine after my account was hacked, if you would like to see the messages that lead up to the phishing attempt. I also have a location provided by my Google accounts as to where the individual was when they took my information, somewhere in the country of Turkiye, as well as a Gmail address they contacted me at tin an attempt to extort money out of me for my account and information back. Should I provide the Gmail address as well? Are there any further steps I should take to ensure the safety of my device and account? Thank you for your work, Caleb

I had some difficulty installing the program, as it claimed the program already existed on my computer. I did what I could to remove it, but even when uninstalling the program with the option given by the installer, it still claimed the program was installed. I managed to get the program to install and update to what I assume is the version you required. I restarted my computer, then scanned with the Farbar Recovery Scan Tool. The logs are attached. I'll talk to you tomorrow, then. Thank you for your continued assistance, Caleb. FRST.txt Addition.txt

I ran the fix, and it gave the three logs attached after it restarted. I updated the programs I deemed necessary from that list and uninstalled Wondershare Helper Compact, then restarted my PC again. I checked for Windows updates using the Windows Update Checker service, downloaded and installed the updates, and restarted my computer to apply them fully. Is there anything else I should do, and is it safe to begin logging in to accounts on this computer again? Thank you, Caleb. Fixlog.txt InstalledSoftwareFullList.txt Log-Clear-BrowserCache.txt

I scanned using the programs provided, in the order requested. Farbar Service Scanner is causing issues with Windows Firewall, which I temporarily disabled. Whenever I reenable it, I get rampant alerts about a dangerous file. How should I deal with those errors, and how should I proceed from here? Thank you, Caleb. SecurityCheck.txt FSS.txt FRST.txt Addition.txt

I apologize, I forgot to mention that I cleared the old Java dev kit from my PC. I also do not use Microsoft Teams, and I have no recollection of ever updating it or any installer. Thank you, Caleb.

The scan just finished. One file was discovered. The scanner resolved the issue by deleting the file. Here is the log from the scanner. Where should I go from here? Thank you for your assistance so far, Caleb. esetlog.txt

I followed the instructions you gave in the order you gave them. I enabled system protect and created a system restore point. I disabled Fast Startup, and my hidden files have already been set to show. I installed and scanned with AdwCleaner, following the instructions at the link you sent. I then scanned with Malwarebytes following the instructions at the link you sent. I then shut down my PC, allowing it 30 seconds of rest, before starting it up again. It started with no issue. I then installed Farbar Recovery Scan Tool and ran it, temporarily disabling Microsoft Safescreen to allow the program to run. I reenabled it once the program was complete. I ran Farbar according to the instructions given at the link you sent. I have attached all the log files the programs created to this reply. I will await further instruction. Thank you, Caleb. AdwCleaner[S00].txt Malwarebytes Scan Report 2024-08-12 172702.txt FRST.txt Addition.txt

I received a message from a trusted user of the online platform Discord with a phishing link to a game download they wanted me to review. I stupidly downloaded it and unzipped it, and lost several of my accounts. I have since recovered all the associated accounts, but Malwarebytes comes up empty when I do full all-drive scans including for rootkits, and I'm afraid that the malware is still in my device somewhere. I've scoured my files on all drives for anything modified during the initial attack or immediately after for any .exe, .jar, or .node files that I did not recognize, as well as any files in the key registry and pretty much everything that isn't inside of a Windows folder. I do not want to run a system wipe and reinstall of the OS, as I have text documents and hours of recordings that are unique and not backed up on any other devices. My computer is running Windows 10, and I can launch it in Safe Mode without any issues. It starts and shuts down without problems, and all attempts at fraud on the initially affected accounts have ceased. Any assistance on how to ensure my computer is fully safe without wiping the drives would be greatly appreciated. Thank you, Caleb