Jump to content

Infected with the Itch.io Discord Token Stealing Malware

Recommended Posts

About a week ago, I was sent a message to try a game and an Itch.io link. The theme of the game just happened to coincide with the interests this friend in question sent, as well as the link being legit, and not a phished Itch.io domain site. The game in question was a single .exe in a compressed rar file, with the description "Tanko is a video game", or some such. To nobody's surprise but my own, I got infected, and a lot of my information became compromised. 

I've been working nonstop trying to try and remove any lingering files manually, as Discord was installed on my primary drive, making it hard to reset the volume. Folders related to the term Tanko, as well as WindowsBootManagerExe has been deleted, as well as any folders related to Discord. 

Is there any more things I might need to delete? How is Malwarebytes nor Windows Defender not able to pick it up at all? Is there anything else I can do further to ensure my system is safe? I've ran full scan on both, and nothing is coming up. Thank you very much.

Link to post
Share on other sites

Hello. :welcome: My name is Maurice. I will guide you.

  • Discord is very susceptible to being compromised , also, known to be a means toward infection.
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

    Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start.
    1. Show-Hidden-Folders-Files-Extensions

    2. Disable-Fast-Startup

3. Let us first start with this limited special report.

I would recommend getting a readout report as to update status of some key apps.
Temporarily disable Microsoft SmartScreen to download the next software below 

Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.