Jump to content

Computer hacked, Data stolen and victim of extortion/framing for a crime


Recommended Posts

Hello.  My name is Maurice. I will guide you.

In Malwarebytes for Windows program, we want to do a special scan.

 

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

We will do more, later. 

  • Like 1
Link to post
Share on other sites

Important. Very important. When you get to a quiet moment.

You seem to be logged in with a user-account that does not have Administrator rights. You must LOGOFF.  Restart.  Login with a administrator-level rights.

.

In addition. There appears to be too many active / running antivirus programs.

You need to determine / decide which one to keep as the single resident antivirus.

And uninstall the other 2.

Reports showed these 3 running.

ESET Security 

Kaspersky 

McAfee

 

 

  • Like 1
Link to post
Share on other sites

I had already started a full system scan from the non-Admin account before you had posted this message. It found 2 detections. I am attaching the report as ExportNonAdmin
I am not sure but it seems like there may be 2 false positives in the non-Admin scan. Because the path to the supposed malware were in the Python directory.


However, As mentioned I also ran another threat scan from the admin account. The report is attached as ExportAdmin file. It did not find anything.
Please let me know.

ExportNonAdmin.txt ExportAdmin.txt

Link to post
Share on other sites

I checked the HASH of the 2 detections on virustotal and they say its a clean file:
https://www.virustotal.com/gui/file/75f12ea2f30d9c0d872dade345f30f562e6d93847b6a509ba53beec6d0b2c346/detection
 

I guess this file was detected based on its behaviour. Maybe it tried to edit the registry or something and hence got flagged as malware. Could it be a false positive ? and the actual malware/virus that caused problems for me may still be hidden somewhere ?
Please give your expert opinion & thanks a lot for your help and the time you spend to help others. You are doing god's work by helping those who are victims of crime. Thanks.

Link to post
Share on other sites

The last MB scan found nothing. However the other scan was a Custom scan, which scans the entire drive.  That tagged 2 files in appdata that seem to be related to Phython.

Malware.Sandbox.4, C:\USERS\HP\APPDATA\LOCAL\PROGRAMS\PYTHON\PYTHON37\LIB\SITE-PACKAGES\SETUPTOOLS\CLI.EXE

Bottom line on that: Be real sure you have the latest version of Python.

Let's take time to get a readout.

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

 

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

These are notations from the report that need your attention.

PuTTY release 0.73 (64-bit) v.0.73.0.0 Warning! Download Update

 

Python 3.7.4 (64-bit) v.3.7.4150.0 Warning! Download Update

 

Notepad++ (32-bit x86) v.7.7.1 Warning! Download Update

WinSCP 5.15.4 v.5.15.4 Warning! Download Update

 

WhatsApp v.2.2021.4 Warning! Download Update

Zoom v.5.0 Warning! Download Update

Skype version 8.58 v.8.58 Warning! Download Update

 

Torrent v.3.5.5.45798 Warning! Ad-supported P2P-client. uTorrent Web v.1.1.0 Warning! Ad-supported P2P-client.

Java 8 Update 271 v.8.0.2710.9 Warning! Download Update Uninstall old version and install new one (jre-8u291-windows-i586.exe).

 

VLC media player v.3.0.11 Warning! Download Update HandBrake 1.3.0 v.1.3.0 Warning! Download Update

UnwantedApps :

McAfee Security Scan Plus v.3.11.2160.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.

 

Popcorn Time v.6.1.0.0 Warning! Suspected Adware!

Edited by Maurice Naggar
Link to post
Share on other sites

  • 3 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.