Jump to content

Fell for a "Try My Game" scam

Tw0d33
 Share
Go to solution Solved by JSntgRvr,

Recommended Posts

Tw0d33

Tw0d33

Posted
Posted

Hey MWB,

I had a distant relation message me about a game project, which required opening a RAR file.  Upon clicking it I was logged out of Discord and charged $100 for a fraudulent Discord Nitro subscription.

I've gone down my password manager and reset every password that comes with a billing option (although I was an idiot and did some of them on the same computer) as well as enabling 2FA everywhere I could.

Norton, Malwarebytes, and Kapersky all turned up nothing (I'm currently running a full scan of Microsoft Safety Scanner, and will update with its findings).

Where do I go from here?

image.png.5ea32e5c646a0c28b6e0b774a4ae741b.png

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

Please download Farbar Recovery Scan Tool and save it to your desktop.

Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe image.png.08b987105a3f991c3bd3c5b02d550ebc.png

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
9 minutes ago, JSntgRvr said:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe image.png.08b987105a3f991c3bd3c5b02d550ebc.png

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Thanks for the prompt response!  They're here:Addition.txtFRST.txt

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

There is nothing of interest in those logs.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Update your software:

SecurityCheck by glax24              
 
I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

image.png.435e92f61a2ec1359ae7912bd7e19f42.png

image.png.e52cdda9ef538097c50a16aa652eb709.png

image.png.feb5e803ad803e7a21c887b1712cd19d.png

 
Thank you.

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
13 minutes ago, JSntgRvr said:

There is nothing of interest in those logs.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Update your software:

SecurityCheck by glax24              
 
I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

image.png.435e92f61a2ec1359ae7912bd7e19f42.png

image.png.e52cdda9ef538097c50a16aa652eb709.png

image.png.feb5e803ad803e7a21c887b1712cd19d.png

 
Thank you.

The FixList is still working, but here are my security check logs:

SecurityCheck.txt

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
16 minutes ago, JSntgRvr said:

There is nothing of interest in those logs.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Update your software:

SecurityCheck by glax24              
 
I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

image.png.435e92f61a2ec1359ae7912bd7e19f42.png

image.png.e52cdda9ef538097c50a16aa652eb709.png

image.png.feb5e803ad803e7a21c887b1712cd19d.png

 
Thank you.

Here we go, reran as Administrator

Fixlog.txt

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

Proceed as indicated.

--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.17425.20146 Warning! Download Update
How Install Office updates?
NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112 Warning! Download Update
Microsoft Visual Studio Code (User) v.1.84.2 Warning! Download Update
Notepad++ (32-bit x86) v.8.4.8 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 v.14.34.31938.0 Warning! Download Update
OpenOffice 4.1.13 v.4.113.9810 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 v.14.34.31938.0 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 22.01 (x64) v.22.01 Warning! Download Update
Uninstall old version and install new one.
------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.30 v.2.10.30 Warning! Download Update
IrfanView 4.58 (64-bit) v.4.58 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning! Download Update
Zoom v.5.16.2 (22807) Warning! Download Update
---------------------------- [ UnwantedApps ] -----------------------------
Driver Easy 5.7.0 v.5.7.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Bonjour v.2.0.2.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
AppNHost 1.0.5.1 v.1.0.5.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

 

How is the computer doings afterwards?

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
26 minutes ago, JSntgRvr said:

Proceed as indicated.

--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.17425.20146 Warning! Download Update
How Install Office updates?
NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112 Warning! Download Update
Microsoft Visual Studio Code (User) v.1.84.2 Warning! Download Update
Notepad++ (32-bit x86) v.8.4.8 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 v.14.34.31938.0 Warning! Download Update
OpenOffice 4.1.13 v.4.113.9810 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 v.14.34.31938.0 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 22.01 (x64) v.22.01 Warning! Download Update
Uninstall old version and install new one.
------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.30 v.2.10.30 Warning! Download Update
IrfanView 4.58 (64-bit) v.4.58 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning! Download Update
Zoom v.5.16.2 (22807) Warning! Download Update
---------------------------- [ UnwantedApps ] -----------------------------
Driver Easy 5.7.0 v.5.7.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Bonjour v.2.0.2.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
AppNHost 1.0.5.1 v.1.0.5.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

 

How is the computer doings afterwards?

I've followed all these instructions.  I've noticed my computer doing things like opening some windows and closing others, but I suspect this may be Microsoft Safety Scanner, which was shut down by the Fixlog program and which I just set to work again.  It does seem to be noticing a ton of infected files, however: 

image.thumb.png.ac509cf77dcf791e183eafa9f1fa784d.png

I plan on letting it finish its scan, then I'm going to restart with all those updates pending.

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted

The system seems to be running reasonably smoothly upon a fresh restart.  Nothing terribly out of the ordinary.  I did get login attempts to some of my passwords, so it looks like the spree of changing passwords and enabling 2FA was well-warranted, however.

Is it safe to log back into Discord et al on my main computer?

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Attach the resulting reports as requested.

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

My fault.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

I guess you will need to rename your screen-name, or close the account. He already have your account name.

Fixlist.txt

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
32 minutes ago, JSntgRvr said:

My fault.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

I guess you will need to rename your screen-name, or close the account. He already have your account name.

Fixlist.txt 1.14 kB · 0 downloads

To clarify, this is the account name for my Windows computer, Microsoft, Discord?

Link to post
Share on other sites
Tw0d33

Tw0d33

Posted
  • Author
Posted
1 minute ago, JSntgRvr said:

The rename for the account is for Discord.

Okay, thank you -- I have already changed my passwords from another device and enabled two-factor, which should have reset access from all devices after he webhooked me.  I haven't had any more crazy purchases on Discord, but I'll ask for an account rename to be safe.

I accidentally just ran the fix without the new list, rerunning it now.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.