Jump to content

Malware Suspected in this Downloaded Font Folder with Font Files Within It


Recommended Posts

I downloaded this group of fonts from the Internet for my Adobe CS6 software and ever since I implemented the fonts on two Windows systems, my systems are having issues. One is desktop on Windows 10 and the other a laptop on Windows 11. Things are slow. I get notifications about PowerShell activities that I've had to shut down entirely. I've never used PowerShell before and didn't even know what it was. It's evidently a Windows tool that allows a third-party to take control over your PC. There was a PowerShell extension that was trying install itself on my laptop which I stopped. I've shut down PowerShell in my registry. Now, I'm getting strange emails from off-shore ransomware thugs claiming they have access to my system and asking that I send bit-coin payments to their wallets abroad. I've ignored them, but I suspect it all started with this file that I downloaded and implemented on two systems. They're sending me emails with my own email as the sender. I've changed my email password on my servers, but I suspect they're spoofing the send from email address to force me to read their crap. It's disgusting that people would dedicate themselves to these activities as a career, but such is life. 

Can you guys please take a close look at the files and let me know if the font files are ok? Do they have any execution codes within them that could lead to a third-party abuser to use PowerShell to access my systems?

I've scanned the folder and files with Malwarebytes but nothing has come up. However, I suspect this must have led to a lot of the unusual things occurring on both of my systems. 

Thaks so much for your kind input and assistance. 

arno-pro.zip

Link to post
Share on other sites

18 minutes ago, MikeD777 said:

I'm getting strange emails from off-shore ransomware thugs claiming they have access to my system and asking that I send bit-coin payments to their wallets abroad. I've ignored them, but I suspect it all started with this file that I downloaded and implemented on two systems.

These fonts are harmless.

I get a dozen of those emails some months. I would check your email here for breaches. https://haveibeenpwned.com/

18 minutes ago, MikeD777 said:

I suspect this must have led to a lot of the unusual things occurring on both of my systems. 

I am going to move your post to malware removal so it can be checked out.

 

Edited by Porthos
Link to post
Share on other sites

@MikeD777

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove pesky malware.

Please respond to all future instructions from your helper in a timely manner.

Please do the following so that we may take a closer look at your system for any possible infections.

Do these 2 steps FIRST so that files and folders are set to SHOW, plus also, Turn OFF Windows Fast Start.
Show-Hidden-Folders-Files-Extensions
https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

Then please restart the computer and then do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool. The tool also downloads and runs a file called FRSTEnglish. Please allow it to run.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • image.png.79d4442a821713608fa60808a98c2e69.png
  • image.png.98d86a6c3017d2bbba48877ea4f6ba45.png
  • A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply

    Then be patient for the next expert to take your case.

Thank you

Link to post
Share on other sites

  • Root Admin

Hello @MikeD777 and :welcome:

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

Posted (edited)

Dear MalwareBytes Associate:

Attached please find my post scan txt files from my desktop system. I'll send you my laptop ones separately. 

The reason I had contacted you is because I was concerned about the points raised in this article below. As a lot of the issues with my two systems started after I downloaded some font files from the Internet. They were offered for free and in retrospect, nothing is free in this world, so I got suspicious that these "free" fonts may have been infected with something. 

Thanks for your assistance. 

Article: 

https://reasonlabs.com/blog/3-reasons-why-the-fonts-you-use-affect-your-cybersecurity

Particularly these points: 

  • Exploiting software vulnerabilities: Encrypted malicious fonts can be designed to exploit vulnerabilities in font rendering engines of operating systems and software applications. When the font is opened or rendered by a vulnerable program, it can trigger the execution of malicious code.
  • Installation of malware: If a software vulnerability is successfully exploited, the malicious font can install malware on your system. This could include viruses, Trojans, ransomware, spyware, or other forms of malicious software.
  • Remote code execution: Cybercriminals can design malicious fonts to execute arbitrary code on your system. This means that an attacker could potentially gain control over your computer, allowing them to steal your personal data, monitor your activities, or use your computer as part of a botnet for further attacks.
  • Keylogging and data theft: Some malicious fonts may be used to capture your keystrokes, including sensitive information such as passwords, credit card numbers, or other confidential data. This information can then be transmitted to the attacker's server through an attack known as ‘keylogging’.
  • System compromise: Encrypted malicious fonts can compromise your system's integrity and stability. They can lead to crashes, slow performance, and other disruptions that negatively impact your computer's functionality.
  • Data manipulation: An attacker might use malicious fonts to manipulate the display of text on your computer, altering the content of web pages, documents, or other files.

Post Scan TXT Files.zip

Edited by AdvancedSetup
Disabled hyperlinks
Link to post
Share on other sites

  • Root Admin

Please do not zip up the log files unless requested. Simply attach each one. Thanks

 

Please go ahead and run the following

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

Nothing was found on my desktop. However this software did something I did not like and it took me an hour to figure out how to fix it. It created a whole bunch of non-existing drives in my system. I had to do a lot of searching on the internet to figure out how to fix the issue. So I'm not going to bother downloading it on my laptop. Can you guys please refrain from recommending the use of Russian-company freeware to your US customers? Given the current geopolitical situation, US citizens become very wary of downloading any "scanning" software made by a Russian company on their US computer. Unfortunately, a new cold war has started and there is always suspicion by Americans that any Russian software scans may actually infect their system rather than legitimately scan it. 

Thanks for your assistance. 

desktop.cureit.log

Link to post
Share on other sites

  • Root Admin

Hundreds of people have run the Dr. Web Cureit scanner and NO ONE has ever complained of it creating drives or having any other issues.

I'm sorry but I'm here to help fix your computer not play political games.

Please take the computer to a local computer repair store that specializes in security and have them assist you in cleaning these systems.

Thank you

 

Link to post
Share on other sites

It did create the drives and I had to remove them. If I'm a Malwarebytes paying customer, I naturally expect to receive technical support if your system has failed to detect a specific type of malware. This is customer service + this is how your system improves for all of your customers. Irrespective of the source origin of that software, it indeed did cause that issue for my computer. 

Link to post
Share on other sites

  • Root Admin

I apologize for the issue, but again, hundreds of other members have used the program without issue. We'll refrain from using tools from Russia if you like but have had zero signs of any issues reported and have run these tools on my own systems as well without issues.

The logs don't indicate a specific threat by a font so we need to use other antivirus tools to help verify.

Please run the following scanner.

The canned message may be a little different as I believe they've change the UI some but should be close enough for you to complete the scan.

 

 

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient...

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your next reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result...

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Please attach that log on your next reply

Thank you

 

Link to post
Share on other sites

I continue to suspect that the fonts have some kernel level malware in them. 

Something like what is described here:

malware - How can a font be used for privilege escalation? - Information Security Stack Exchange

As far as the creation of non-existent drives, I've noticed that when I shut the computer and turn it on with the power button, the junk drives don't appear, however, upon restarting the computer, they reappear again. Why? I have no idea? This was never an issue until I ran Dr. Web Cure It on my system. 

Can you guys please double check the code for those font downloads? Why would someone offer free fonts on the Internet? Why would both a laptop and a desktop start acting up after the implementation of such a font together? I did nothing else and I continue to be very suspicious of those font files. After the downloading and implementation of those fonts, act ups started. 

Can someone who has been able to implement a kernel level infection be able to take control of a computer and see what I'm typing or steal data from my system? 

I believe the fonts may have done something at the Kernel level. I could be wrong. I've scanned my systems with every scanner out there and nothing found so far. Even ESET. Nothing. 

Maybe it's something new?

What is kernel level malware? - Quora

Thanks for your assistance. 

Link to post
Share on other sites

  • Root Admin

If You can see here that none of the fonts are detected by any Antivirus scanner.

 

Please run the following again to get me a new set of logs to review and see what else I can possibly locate.

 

Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/

Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

 

 

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

ArnoPro-Bold.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.95
        MD5:    6F3C79344663D955794733AFB9FE8016
        SHA1:   79CA6C25B8521F55FE8D6096153828BB1F9AE738
        PESHA1: 79CA6C25B8521F55FE8D6096153828BB1F9AE738
        PE256:  3256CCA09D7FDC86E4EA9D1A53393DF495DF46BA17CF2465324BDF3C8A8DB58B
        SHA256: 3256CCA09D7FDC86E4EA9D1A53393DF495DF46BA17CF2465324BDF3C8A8DB58B
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/3256cca09d7fdc86e4ea9d1a53393df495df46ba17cf2465324bdf3c8a8db58b/detection

ArnoPro-BoldCaption.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.938
        MD5:    AA55EF805053BF9DF5F275809BDFE6FF
        SHA1:   CA035CD67CE89048BC2F39F42981BACD5B7D854A
        PESHA1: CA035CD67CE89048BC2F39F42981BACD5B7D854A
        PE256:  9559AF4FEFE1CE49E6E09783EA1F9D9205C525E7329E88311A7A6B8F91CC105C
        SHA256: 9559AF4FEFE1CE49E6E09783EA1F9D9205C525E7329E88311A7A6B8F91CC105C
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/9559af4fefe1ce49e6e09783ea1f9d9205c525e7329e88311a7a6b8f91cc105c/detection

ArnoPro-BoldItalic.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.02
        MD5:    475A303BF058D8DADA719AD6D0E434D8
        SHA1:   274FFCA9156DF13CD8D3780E304387A09C430910
        PESHA1: 274FFCA9156DF13CD8D3780E304387A09C430910
        PE256:  C88022A80B1903590F6BABD09F8E01ECE92DEC1930D3CC3E1117591743E74DD4
        SHA256: C88022A80B1903590F6BABD09F8E01ECE92DEC1930D3CC3E1117591743E74DD4
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/c88022a80b1903590f6babd09f8e01ece92dec1930d3cc3e1117591743e74dd4/detection

ArnoPro-BoldItalicSubhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.015
        MD5:    66C2B280458FE32FF29F4C7FF88199A2
        SHA1:   2133AED44F48FBC2B73761CD5F82BB40DE4F03A3
        PESHA1: 2133AED44F48FBC2B73761CD5F82BB40DE4F03A3
        PE256:  47FE7DB39F4A5E0252A6BD0CEA4719C79DCE1295F8768C272D4E01F2236D82CF
        SHA256: 47FE7DB39F4A5E0252A6BD0CEA4719C79DCE1295F8768C272D4E01F2236D82CF
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/47fe7db39f4a5e0252a6bd0cea4719c79dce1295f8768c272d4e01f2236d82cf/detection

ArnoPro-BoldSubhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.939
        MD5:    6EE2FF5A56E30FF116DCD051CE4BB325
        SHA1:   B90B93ABB0003990FAA879C294C4F1121803819D
        PESHA1: B90B93ABB0003990FAA879C294C4F1121803819D
        PE256:  DC42CF80809D39BB9F5BC82EC405A91F005A2484B19784007B120BAAD2E99511
        SHA256: DC42CF80809D39BB9F5BC82EC405A91F005A2484B19784007B120BAAD2E99511
        IMP:    n/a
        VT detection:   0/70
        VT link:        https://www.virustotal.com/gui/file/dc42cf80809d39bb9f5bc82ec405a91f005a2484b19784007b120baad2e99511/detection

ArnoPro-Caption.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.962
        MD5:    B7262A889B8263A8AD546D32EBBA4164
        SHA1:   570A8DB74D3CD095CCF6A0A4CD360759EF06E11B
        PESHA1: 570A8DB74D3CD095CCF6A0A4CD360759EF06E11B
        PE256:  FA6EA947A5CE9D85B83A77A037BF37CF1895C8235045568870C45B200CB9086A
        SHA256: FA6EA947A5CE9D85B83A77A037BF37CF1895C8235045568870C45B200CB9086A
        IMP:    n/a
        VT detection:   0/71
        VT link:        https://www.virustotal.com/gui/file/fa6ea947a5ce9d85b83a77a037bf37cf1895c8235045568870c45b200cb9086a/detection

ArnoPro-Display.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.021
        MD5:    F7620F51AD0D0AB2CDA1A5B3F0CA0B74
        SHA1:   55D9D86DF6BD417B4633C2419AD3CC633C19CC6B
        PESHA1: 55D9D86DF6BD417B4633C2419AD3CC633C19CC6B
        PE256:  3635E94C2784ACA66E7A21397CA9B9F7806016C29C9C3D4CAEB39A7B79ACDC49
        SHA256: 3635E94C2784ACA66E7A21397CA9B9F7806016C29C9C3D4CAEB39A7B79ACDC49
        IMP:    n/a
        VT detection:   0/71
        VT link:        https://www.virustotal.com/gui/file/3635e94c2784aca66e7a21397ca9b9f7806016c29c9c3d4caeb39a7b79acdc49/detection

ArnoPro-Italic.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.031
        MD5:    F342E0175B3F2F8E22AF2FA67EB88D92
        SHA1:   25DE3A0EFAD9F49E26D33EF2EE92F048E718FD36
        PESHA1: 25DE3A0EFAD9F49E26D33EF2EE92F048E718FD36
        PE256:  6DB7B51FD451A84596BACB334964102F2559036D0C4F6212E8D460DB2D1E78EB
        SHA256: 6DB7B51FD451A84596BACB334964102F2559036D0C4F6212E8D460DB2D1E78EB
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/6db7b51fd451a84596bacb334964102f2559036d0c4f6212e8d460db2d1e78eb/detection

ArnoPro-ItalicCaption.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.006
        MD5:    C2CBA5A5743B81DAF43FE36873CC7E69
        SHA1:   A9CA9B5B59EBA796A04FFD90218E874C93060B18
        PESHA1: A9CA9B5B59EBA796A04FFD90218E874C93060B18
        PE256:  829C0991E7F351811A62E7B4F22D70168EADC77D0934AFA7FC9E27BAE68D6EDB
        SHA256: 829C0991E7F351811A62E7B4F22D70168EADC77D0934AFA7FC9E27BAE68D6EDB
        IMP:    n/a
        VT detection:   0/72
        VT link:        https://www.virustotal.com/gui/file/829c0991e7f351811a62e7b4f22d70168eadc77d0934afa7fc9e27bae68d6edb/detection

ArnoPro-ItalicDisplay.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.012
        MD5:    7A538105A7966A3E55523385F92D5DA9
        SHA1:   BD056960F0969C455D1C1B37A27B965E7629B569
        PESHA1: BD056960F0969C455D1C1B37A27B965E7629B569
        PE256:  03280EFE4E8FB9B21CECE639F2FCCC98227EA5405B8C62F2B39433D6C6F627E6
        SHA256: 03280EFE4E8FB9B21CECE639F2FCCC98227EA5405B8C62F2B39433D6C6F627E6
        IMP:    n/a
        VT detection:   0/72
        VT link:        https://www.virustotal.com/gui/file/03280efe4e8fb9b21cece639f2fccc98227ea5405b8c62f2b39433d6c6f627e6/detection

ArnoPro-ItalicSmText.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.03
        MD5:    95F45474D7970599C5E1C39CDD828211
        SHA1:   C440AE72967ED2EF593BFC63D4301F5AD662F4EC
        PESHA1: C440AE72967ED2EF593BFC63D4301F5AD662F4EC
        PE256:  6BCDA7C38E08E938F2BF9CAFB0083D1C146790F589FE77F52EB2882932FBBF23
        SHA256: 6BCDA7C38E08E938F2BF9CAFB0083D1C146790F589FE77F52EB2882932FBBF23
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/6bcda7c38e08e938f2bf9cafb0083d1c146790f589fe77f52eb2882932fbbf23/detection

ArnoPro-ItalicSubhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.042
        MD5:    C07FECD9F0F5D0C2FD74BAADAAD57168
        SHA1:   CE6BE50C4F806D39790F2E5E5A71D3873E1DB5FE
        PESHA1: CE6BE50C4F806D39790F2E5E5A71D3873E1DB5FE
        PE256:  4A11A177267AC7C2C4D2AA73E96C1CFD347ECAACE87A275730AF1B41CCAA3A78
        SHA256: 4A11A177267AC7C2C4D2AA73E96C1CFD347ECAACE87A275730AF1B41CCAA3A78
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/4a11a177267ac7c2c4d2aa73e96c1cfd347ecaace87a275730af1b41ccaa3a78/detection

ArnoPro-LightDisplay.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.986
        MD5:    7EF687E17D4DB006B01204F180249AF8
        SHA1:   9A3E18B19DE573584F24726E91246767D7A638E6
        PESHA1: 9A3E18B19DE573584F24726E91246767D7A638E6
        PE256:  8681C9623842C1581D4BC36012E893A346D186CFC20B3045CCEE3E9C7EE08FF0
        SHA256: 8681C9623842C1581D4BC36012E893A346D186CFC20B3045CCEE3E9C7EE08FF0
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/8681c9623842c1581d4bc36012e893a346d186cfc20b3045ccee3e9c7ee08ff0/detection

ArnoPro-LightItalicDisplay.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.994
        MD5:    A931C2D1D3E24E6ABCC47CD3C9163FAE
        SHA1:   3F0E39F6E38938EA3B869221D5D1BEBB2FF68E3E
        PESHA1: 3F0E39F6E38938EA3B869221D5D1BEBB2FF68E3E
        PE256:  7FAC770D8DA5E2410DEE72BC40F5912607228436DACA342AF7C8F513BCFCBEE7
        SHA256: 7FAC770D8DA5E2410DEE72BC40F5912607228436DACA342AF7C8F513BCFCBEE7
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/7fac770d8da5e2410dee72bc40f5912607228436daca342af7c8f513bcfcbee7/detection

ArnoPro-Regular.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.952
        MD5:    B3977FAC9DC9C04726AAB95EB9842C17
        SHA1:   9CCEFE6D3EFE89FDEF92431A52511F81F22FCE94
        PESHA1: 9CCEFE6D3EFE89FDEF92431A52511F81F22FCE94
        PE256:  EB248D02E60FF52AD520BA11E564DDB15630018EF73FE9767FE6E62E052191E8
        SHA256: EB248D02E60FF52AD520BA11E564DDB15630018EF73FE9767FE6E62E052191E8
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/eb248d02e60ff52ad520ba11e564ddb15630018ef73fe9767fe6e62e052191e8/detection

ArnoPro-Smbd.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.949
        MD5:    94F7B2D93D1CACA38EB9226AAAE52180
        SHA1:   0194C28D4CCD9E2B22423E3AF080A165323EC9BB
        PESHA1: 0194C28D4CCD9E2B22423E3AF080A165323EC9BB
        PE256:  37EF4B3DFB8EDEE79ED3819F7DF7E7830A2991344C6D819AA31D0B4D435763E9
        SHA256: 37EF4B3DFB8EDEE79ED3819F7DF7E7830A2991344C6D819AA31D0B4D435763E9
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/37ef4b3dfb8edee79ed3819f7df7e7830a2991344c6d819aa31d0b4d435763e9/detection

ArnoPro-SmbdItalicCaption.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.008
        MD5:    5FB82C654B29B3E702A51ABAEF56D842
        SHA1:   88448FCB150BE3729C1C4B74D9D0AE99682D81E7
        PESHA1: 88448FCB150BE3729C1C4B74D9D0AE99682D81E7
        PE256:  01EFF3B3D1A5BA5F849283BF12B901316C8137C441F9304476EB0FFA61A328AF
        SHA256: 01EFF3B3D1A5BA5F849283BF12B901316C8137C441F9304476EB0FFA61A328AF
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/01eff3b3d1a5ba5f849283bf12b901316c8137c441f9304476eb0ffa61a328af/detection

arno-pro\ArnoPro-SmbdItalicSmText.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.034
        MD5:    183542120DDB03CAEE200460F3F8CEBD
        SHA1:   D4EEA5381A9A6F98F95FDFDF17AD176FC65EDE18
        PESHA1: D4EEA5381A9A6F98F95FDFDF17AD176FC65EDE18
        PE256:  7297EC8281821745118E1A3F0292FD93807B11336B2242EDF2934F3D48286417
        SHA256: 7297EC8281821745118E1A3F0292FD93807B11336B2242EDF2934F3D48286417
        IMP:    n/a
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/7297ec8281821745118e1a3f0292fd93807b11336b2242edf2934f3d48286417/detection

ArnoPro-SmbdItalicSubhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        7.024
        MD5:    C48D32EAA2710FCA78F5C987574ED185
        SHA1:   92F38332549ADA5E169C1BB89151E7F1615FECEE
        PESHA1: 92F38332549ADA5E169C1BB89151E7F1615FECEE
        PE256:  3CDD534AE89B0070903D5A36536490D9F48765434C3D92B43B204B0164930CF4
        SHA256: 3CDD534AE89B0070903D5A36536490D9F48765434C3D92B43B204B0164930CF4
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/3cdd534ae89b0070903d5a36536490d9f48765434c3d92b43b204b0164930cf4/detection

ArnoPro-SmbdSmText.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.959
        MD5:    07E40A58481A222D667742874357D6A4
        SHA1:   06CD2A78CA30578B5EAA52FEAF7D5A9E700684F2
        PESHA1: 06CD2A78CA30578B5EAA52FEAF7D5A9E700684F2
        PE256:  8A21F748E426B246C403C1F7CD1BE5C64F008284D1B6B0B7532E4FEF9493ECBD
        SHA256: 8A21F748E426B246C403C1F7CD1BE5C64F008284D1B6B0B7532E4FEF9493ECBD
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/8a21f748e426b246c403c1f7cd1be5c64f008284d1b6b0b7532e4fef9493ecbd/detection

ArnoPro-SmbdSubhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.948
        MD5:    248462AB27026642AB22BCC18B3AEFC2
        SHA1:   FAE4C596780418829E5A7B00C14CBC4B40DB1468
        PESHA1: FAE4C596780418829E5A7B00C14CBC4B40DB1468
        PE256:  144422AF18DDF589A7FC172A9CD27DCB6FA4F8E538B6C7F481F2AFDC99138D98
        SHA256: 144422AF18DDF589A7FC172A9CD27DCB6FA4F8E538B6C7F481F2AFDC99138D98
        IMP:    n/a
        VT detection:   0/75
        VT link:        https://www.virustotal.com/gui/file/144422af18ddf589a7fc172a9cd27dcb6fa4f8e538b6c7f481f2afdc99138d98/detection

ArnoPro-SmText.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.958
        MD5:    A0B5073D24EACB34B7CD3E6B7B55866D
        SHA1:   789F92203120CBC6BACD781982E4AFBFD88FF730
        PESHA1: 789F92203120CBC6BACD781982E4AFBFD88FF730
        PE256:  33E408C01DEF8EC2F2BC6A336A2CDCFA385C5F9E10A6C63EDC3297758F8F4634
        SHA256: 33E408C01DEF8EC2F2BC6A336A2CDCFA385C5F9E10A6C63EDC3297758F8F4634
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/33e408c01def8ec2f2bc6a336a2cdcfa385c5f9e10a6c63edc3297758f8f4634/detection

ArnoPro-Subhead.otf:
        Verified:       Unsigned
        File date:      1:09 PM 8/26/2021
        Publisher:      n/a
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a
        Binary Version: n/a
        Original Name:  n/a
        Internal Name:  n/a
        Copyright:      n/a
        Comments:       n/a
        Entropy:        6.952
        MD5:    285747C8E3A14E3025D8140A30A9994F
        SHA1:   2A17E541B78440891B9D1011A31001DE53867245
        PESHA1: 2A17E541B78440891B9D1011A31001DE53867245
        PE256:  8BFF5A71A4F0EA6B4F56CF48E6C3C2EE04B52FDEC2E33F5940ABFE34F2E2D614
        SHA256: 8BFF5A71A4F0EA6B4F56CF48E6C3C2EE04B52FDEC2E33F5940ABFE34F2E2D614
        IMP:    n/a
        VT detection:   0/76
        VT link:        https://www.virustotal.com/gui/file/8bff5a71a4f0ea6b4f56cf48e6c3c2ee04b52fdec2e33f5940abfe34f2e2d614/detection

 


 

Link to post
Share on other sites

I've been receiving unsettling emails from overseas individuals claiming to be involved in ransomware activities. They assert that they have gained access to my system and are demanding Bitcoin payments to foreign wallets. Despite my decision to ignore these messages, I suspect that the issues may have originated from a file I downloaded and applied to both of my systems.

 
 
Link to post
Share on other sites

1 hour ago, azhar5435 said:

Despite my decision to ignore these messages, I suspect that the issues may have originated from a file I downloaded and applied to both of my systems.

Coincidence.

One of mine and I have dozens, all that is required is for scammers to have your email address.

Hi there!

Unfortunately, I need to start our conversation with bad news for you.
Around few months back I managed to get full access to all devices of yours,
which are used by you on a daily basis to browse internet.
Afterwards, I could initiate monitoring and tracking of all your activities on the internet.

I am proud to share the sequence of how it happened:
In the past I bought from hackers the access to various email accounts (today, that is rather a simple thing to do online).
Clearly, it was not hard at all for me to log in to your email account (my email).

A week after that, I had already managed to effortlessly install Trojan virus to Operating Systems of all devices that are currently in your use,
and as result gained access to your email.
To be honest, that was not really difficult at all (because you were eagerly opening the links from your inbox emails).
I know, I am a genius. ~-~

With help of that software, I can gain access to all controllers in your devices (such as video camera, keyboard and microphone).
As result, I downloaded to my remote cloud servers all your personal data, photos and other information including web browsing history.
Likewise, I have complete access to all your social networks, messengers, chat history, emails, as well as contacts list.
My intelligent virus unceasingly refreshes its signatures (due to its driver-based nature), and hereby stays unnoticed by your antivirus software.

Herbey, I believe that now you finally start realizing how I could easily remain unnoticed all this while until this very letter...
While collecting information related to you, I had also unveiled that you are a true fan of porn sites.
You truly enjoy browsing through adult sites and watching horny vids, while playing your dirty solo games.
Bingo! I also recorded several filthy scenes with you in the main focus and montaged some dirty videos,
which demonstrate your passionate masturbation and cum sessions.

In case you still don't believe me, all I need is just one-two mouse clicks to make all your unmasking videos become available to your friends,
colleagues, and even relatives.
Well, if you still doubt me, I can easily make recorded videos of your orgasms become a public.
I truly believe that you surely would avoid that from happening, taking in consideration the type of the XXX videos you love watching,
(you are clearly aware of what I mean) it will result in a huge disaster for you.

Well, there is still a way to settle this tricky situation in a peaceful manner:
You will need to transfer $950 USD to my account (refer to Bitcoin equivalent based on the exchange rate at the moment transfer),
so once funds transfer is complete, I will straight away proceed with deleting all that dirty content from servers once and for all.

Afterwards, you can consider that we never met before. You have my honest word,
that all the harmful software will also be deactivated and deleted from all your devices currently in use. Worry not, I keep my promises.
That is truly a win-win solution that comes at a relatively reduced cost,
mostly knowing how much effort I spent on monitoring your profile and traffic for a considerably long time.
In event that you have no idea about means of buying and transferring bitcoins -
don't hesitate to use any search engine for your assistance (e.g., Google, Yahoo, Bing, etc.).

My bitcoin wallet is as follows: 17uRSEYKb-co6kMrEc5a-VCsCPAs-FTVRPtsd
An important notice: I have specified my Bitcoin wallet with "-" symbols,
hence once you carry out a transfer, please make sure that you key-in my bitcoin address without "-" to be sure that your funds successfully reach my wallet.
I have allocated 48 hours for you to do that, and the timer started right after you opened this very email (2 days to be exact).

Don't even think of doing anything of the following:
! Abstain from attempting to reply me (this email was created by me inside your inbox page and the return address was generated accordingly).
! Abstain from attempting to get in touch with police or any other security services. Moreover, don't even think of sharing this to you friends.
Once I discover this (apparently, that is absolutely easy for me, taking in consideration that I have complete control over all systems you use) -
kinky video will straight away be made public.
! Don't even think of attempting to find me - that is completely useless. Don't forget that all cryptocurrency transactions remain completely anonymous.
! Don't attempt reinstalling the OS on all your devices or getting rid of them. That won't lead you to success either,
because I have already saved all videos at my remote servers as a backup.

Things you should not be concerned about:
! That your funds transfer won't reach my wallet.
- Worry not, I can see everything, hence after you finish the transfer, I will get a notification right away
(trojan virus of mine uses a remote-control feature, which functions similarly to TeamViewer).
! That I will still distribute your videos although you make the funds transfer.
- My word, I have no intention or interest in continuing making your life troublesome.
Anyway, If I truly wanted that, it would happen long time ago without me notifying you!

Everything can be settled in a peaceful and just way!
And lastly... make sure you don't get caught afterwards in such type of incidents anymore!
My fair advice - ensure you change all your passwords on a regular basis.

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.