Strange Files Appearing Even after Clean Virus Scan

[sammieEclectic]

I made the mistake of allowing another person (my now ex-boyfriend) to use my home computer, and he clicked and downloaded an infection to my computer. This infection downloaded a bunch of folders names Facebook_Files and others that were named after my Instagram handle and his Instagram handle. These folders contained a ton of JavaScript files with keyloggers, and other information from my social media accounts and his, including profile pictures from friends. I found these files in random places all over my computer. Our social media accounts were compromised (both his and mine) and we encountered all kinds of suspicious activities. My PayPal and Venmo accounts were also compromised. (I have since changed all my passwords via my work computer so that the infection doesn't have access to the updated passwords.)

I did my best to delete all the files, but I don't know if I've found them all. I ran scans from 3 different anti-virus scanners including Malware Bytes, but everything is coming up clean. After the clean scans, I continue to find these files. At this time, I am the only one who using my computer, so it can't be another person downloading it. I delete them when I find them but the anti-virus software seems to be overlooking the infection, as I keep getting clean scans.

Any advice?

[treed]

If three different anti-virus scanners aren't finding anything, there's probably nothing to find. Where are you seeing these folders? What leads you to believe these folders contain keyloggers?

[sammieEclectic]

Just now, treed said:

If three different anti-virus scanners aren't finding anything, there's probably nothing to find. Where are you seeing these folders? What leads you to believe these folders contain keyloggers?

After our accounts were compromised, I used Finder to search for the phrase "keylogger" and hundreds of JavaScript files came up in my search. These JavaScript files were saved inside folders named "Facebook_Files" and other folders that were named after our Instagram handles. They are/were saved to different locations throughout my computer. A few were on my desktop. Some were inside other folders several levels deep. None of them were in my downloads folder. I continued finding these files even after the clean scan.

[David H. Lipman]

If someone saves a web page to disk, a folder will be created that may be named upon the site and content saved.  In that folder may be a myriad of files that may be .JS, HTML, .GZ, .CSS, PNG and others.

I just saved this thread from Firefox and I got...

Spoiler

 

This is not indicative of malware but something you are just not familiar with and as @treed indicated, if you used multiple anti malware scanners with nothing found then most likely there was nothing to find.

 

Edited October 31, 2022 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[treed]

36 minutes ago, sammieEclectic said:

After our accounts were compromised, I used Finder to search for the phrase "keylogger" and hundreds of JavaScript files came up in my search. 

That is not a valid method for finding keyloggers. Very few keyloggers, if any, will contain the text "keylogger." What I suspect you are finding are things like files from your web browser's cache and other such things, which contain the text "keylogger" because you've been looking at pages that contain that term.

Also, as David points out, there are plenty of opportunities for accidentally saving the contents of web pages to your computer, by pressing command-S (File -> Save) within your web browser. There are reports that doing this can generate a folder with the name "Facebook_files".

Although I hesitate to tell anyone to delete random folders from their hard drives, because that can cause all kinds of problems if the folders belong to legitimate software you have installed, I think it's probably safe to delete the "Facebook_files" folders. For anything else, we'd need more information before we could confirm whether a folder is okay to delete.

[sammieEclectic]

Just now, treed said:

That is not a valid method for finding keyloggers. Very few keyloggers, if any, will contain the text "keylogger." What I suspect you are finding are things like files from your web browser's cache and other such things, which contain the text "keylogger" because you've been looking at pages that contain that term.

Also, as David points out, there are plenty of opportunities for accidentally saving the contents of web pages to your computer, by pressing command-S (File -> Save) within your web browser. There are reports that doing this can generate a folder with the name "Facebook_files".

Although I hesitate to tell anyone to delete random folders from their hard drives, because that can cause all kinds of problems if the folders belong to legitimate software you have installed, I think it's probably safe to delete the "Facebook_files" folders. For anything else, we'd need more information before we could confirm whether a folder is okay to delete.

I delete the files when I find them, but currently I don't use my home computer to login to anything since I'm not sure if it's safe to login from that device. So would these files still appear if I'm not accessing these websites from that device anymore? 

[treed]

It really depends on exactly what you're seeing, but this is definitely not an indication of malicious activity.

It sounds like you may have had someone access some of your accounts, and changing your passwords would be the right solution to that problem. But this would not require access to your computer, and, in fact, almost never does involve malware these days.