Got the Bitcoin Scam email

[okstout4]

Hello!  I got the bitcoin scam email on February 26th. While doing the scans, I did some research and found that the FTC knows of this scam and requests to report it to them for which I will. In the mean time, I want to be fully certain that there isnt anything sketchy on my computer. I do use it for work and log in through a vpn type server before I work, but when not working I do read emails, use facebook and other social media sites. Even though it concerned me that they do have my password (as correctly stated in the email) the FTC says its due to breaches at various establishments that enabled it to be leaked. I'm ensuring that my passwords are changed (I did change them previously but found one unchanged). I do recall getting these types of emails at the email account my isp provided me as well, but those were from a few years ago. Not sure if there are new ones. 

I read about password managers and such and may have to resort to that. I do want to know is the password storage on my PC not a good idea either? Its located under the settings in Chrome. 

Thanks for any help you can provide to ensure my computer is in good shape. I have had no other issues otherwise. Ive had my gmail account for many years and this is the first time Ive gotten such scam email. 

 

Thanks,

Tina

FRST.txt Addition.txt Scan Log.txt

[Porthos]

While we wait on staff, check your email and passwords here. https://haveibeenpwned.com/

You can see all the breaches you were involved in.

[AdvancedSetup]

Hello @okstout4

 

Windows Defender found this on your system and believes it to be a threat.

If it did not remove it then you should remove it on your own manually.

Path: file:_D:\FileHistory - Copy\Patricia Leeth\DESKTOP-S5BQU5P\Data\C\Users\Patricia Leeth\Documents\ReimageRepair (2017_07_25 19_00_09 UTC).exe

file:_D:\FileHistory\Patricia Leeth\DESKTOP-S5BQU5P\Data\C\Users\Patricia Leeth\Documents\ReimageRepair (2017_07_25 19_00_09 UTC).exe

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get it started. 
• When presented with the initial ESET options, click on "Computer Scan".
• Next, when prompted by Windows, allow it to start by clicking Yes 
• When prompted for scan type, Click on Full scan 
• Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
• Have patience.  The entire process may take an hour or more. There is an initial update download.
• There is a progress window display.
• You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log.
• If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
• Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

[okstout4]

Ok So I did the scan and it found 7 items. Could you tell me what these items are (I found out that Pokki is a start menu program)? I don't want to remove something that is needed for work, but Im just seeing Pokki and Patricia Leeth.

As for the Patricia Leeth files, my son made a copy of these files as a back up from a external hard drive. He wanted to use the hard drive. So to ensure files on the drive aren't lost, he made a back up of it on my computer just in case. Should I go ahead and remove the files, then scan the hard drive before making a back up again? This was my mom's hard drive before she passed away. I do have her computer that does have the original files, but she had an external drive to back up her pc hard drive to. 

Thanks!

~Tina

Eset Scan log.txt

[AdvancedSetup]

Those are programs that are typically considered unwanted by most Experts. I'd just let ESET remove them.

They are not an active threat to the system.

We can do another Full scan with Malwarebytes to ensure all is good with  your scanner too.

 

Please do the following.

• Open Malwarebytes and click the cross-hair just above the word Scanner
• Then near the bottom click the Advanced scanners link
• Then under Custom Scan click on the Configure Scan button
• Enable scan for rootkits
• Place a checkmark on your C: volume hard drive and click the Scan button

This scan will take a long while to run but once completed please go to Reports and export the log to text or clipboard and post back the results.

 

Visually

Please open Malwarebytes and click on the cross-hair just above the word Scanner

 

Then click Advanced scanners

 

Then click the Configure Scan button

 

Enable all checked items as shown and select your C: drive and click the Scan button

 

Allow Malwarebytes to remove anything it finds and post back the log once completed.

 

Thanks

 

 

 

[AdvancedSetup]

Only sites that you have used the same password on or where you share a different password but on more than one site.

You should not use the same password on more than one site and don't use these Facebook, Google, etc. methods to log into other sites. Always use a different password for every site.

 

Use Password Management software

Bitwarden
KeePass Password Safe

Make sure you use a strong master password
Then set the key transformation settings (the link below helps provide information on how to choose good settings)
https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing
KeePass Password Manager: Full Detailed Setup (good YouTube video on setup and using Keepass but choose the Argon2 method for Key transformation)

Password Managers Compared: LastPass vs KeePass vs Dashlane vs 1Password

https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

 

 

[okstout4]

Sorry I kinda disappeared. I had to go back to work and my work systems detected the stuff I downloaded so I had to remove them to be able to work. So I will start this last part again and get it cleaned up before I have to remove them again.

 

~Tina

[AdvancedSetup]

No problem, please proceed and post back when ready @okstout4

Cheers

 

[AdvancedSetup]

Are you still with us @okstout4

Please post an update

Thanks

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks