Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

I'm an idiot and fell for the Discord Itch.io game scam.


jjmfdl
 Share

Recommended Posts

Was talking to a friend on discord who asked me to help him test a game, so I downloaded and ran 'Helpercatss.exe' from a link (original file available if that helps) and discord crashed, shortly after that I was informed by a friend that the person who sent me the file had been hacked himself, and the link was malicious.  Virus Total link here: https://www.virustotal.com/gui/file/174dc6126a6d9ee6a09a1636ebd2545dfc8cc8b4be3910e03f8fdcfb62e21b74/detection

I have seen some strange behavior with discord, and suspect I've been infected.

I do have some trainers for video games, which are safe (from CheatHappens) and are unrelated to this infection; a friend who works in Cyber Security vouched for the safety of these particular files... They show in the initial scan result, but are not quarantined.

FRST log, addition, and scan logs all attached.

 

Thanks :)

initial-MWB-scan.txt Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @jjmfdl

Please temporarily uninstall Discord. Then do a clean up of Google Chrome

 

Please follow the directions from the following topic

 

After you've cleaned up Google Chrome please restart the computer and run the following steps for me. I'll check back on you in the morning.

 

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please temporarily uninstall Avast antivirus. After the removal and restart please download their removal tool and run it too.

https://www.avast.com/uninstall-utility

Then run the following scans for me. Choose the Full scan. It may take several hours to complete depending on how much data you have and how fast your computer is.

 

Also uninstall the following from Control Panel, Programs, Programs and Features

  • Java 8 Update 221

 

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

Thanks @jjmfdl

 

Link to post
Share on other sites

3 hours ago, AdvancedSetup said:

Please temporarily uninstall Avast antivirus. After the removal and restart please download their removal tool and run it too.

https://www.avast.com/uninstall-utility

Then run the following scans for me. Choose the Full scan. It may take several hours to complete depending on how much data you have and how fast your computer is.

 

Also uninstall the following from Control Panel, Programs, Programs and Features

  • Java 8 Update 221

 

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

Thanks @jjmfdl

 

In what program am I selecting the full scan? Malwarebytes?

Link to post
Share on other sites

  • Root Admin

Hmm... did it say nothing was found? @jjmfdl

It kind of looks like the log did not complete but no listed entries either.

 

Let me have you run the following please

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

If you click the triple dots ... on the far right side by the ID: number you should get a menu to edit

image.png

 

Please uninstall, update, or otherwise address the following as appropriate for your system

 


--------------------------- [ OtherUtilities ] ----------------------------

Microsoft 365 Apps for enterprise - en-us v.16.0.13801.21004 Warning! Download Update
How Install Office updates?


PuTTY release 0.70 (64-bit) v.0.70.0.0 Warning! Download Update

FileZilla Client 3.32.0 v.3.32.0 Warning! Download Update

OpenOffice 4.1.5 v.4.15.9789 Warning! Download Update

 

------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 18.01 (x64) v.18.01 Warning! Download Update
Uninstall old version and install new one.


------------------------------- [ Imaging ] -------------------------------

GIMP 2.8.22 v.2.8.22 Warning! Download Update


-------------------------- [ IMAndCollaborate ] ---------------------------

Cisco Webex Meetings v.40.2.8 Warning! Download Update

Microsoft Teams v.1.3.00.30866 Warning! Download Update

Zoom v.5.7.7 (1105) Warning! Download Update

 

--------------------------------- [ P2P ] ---------------------------------

µTorrent v.3.5.5.46096 Warning! Ad-supported P2P-client.
Recommend uninstall


-------------------------------- [ Media ] --------------------------------
Combined Community Codec Pack 64bit 2015-10-18 v.2015.10.19.0 Warning! This software is no longer supported.

K-Lite Codec Pack 15.9.0 Full v.15.9.0 Warning! Download Update


--------------------------- [ AdobeProduction ] ---------------------------

Adobe Flash Player 32 NPAPI v.32.0.0.465 Warning! This software is no longer supported. Please uninstall it.

 

------------------------------- [ Browser ] -------------------------------

Google Chrome v.79.0.3945.130 Warning! Download Update

 

---------------------------- [ UnwantedApps ] -----------------------------

Avast Cleanup Premium v.21.3.10846.5350 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
Avast Driver Updater v.21.3.1930.6640 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
Fable 3 v1.0.0000.131 / RePack by Baracuda Warning! Crack, hacktool or keygen.
Avast Secure Browser v.95.0.12827.70 [+]

 

Link to post
Share on other sites

Unfortunately I am not seeing it

 

 image.thumb.png.6d33305e092de82f542b76ba95238d33.png

 

I have updated/removed all programs except CCCP and the Fable three crack. I use the Fable three crack to make the DLC I do have access to legitmately work because Games for Windows Lives is a vestigial mess now and barely functions. And the DLC is NOT on steam otherwise I would rebuy it there to make it easier on myself

image.thumb.png.c861aa4a6693fd723ad10dc416268de2.png

Link to post
Share on other sites

  • Root Admin

Yes, it should be fine now.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  3. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  4. Install a content blocker for your browser. Malwarebytes Browser Guard (Free)
    Firefoxhttps://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/  
    Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee 
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.