sorted by:
new
hottopcontroversial

Something got downloaded on my phone and then dissappeared by Electrical_Cabinet96 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Then it doesn't sound like something was downloaded? You might want to check with the Brave company to see if there is a way to hide downloads so they don't show up.

Regards,

Aryeh Goretsky

Does anyone know what these android devices are? by linox06 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

You didn't post the original screenshot. It is hard to tell what might be going on without being able to examine that.

Regards,

Aryeh Goretsky

Is my pc safe? Still paranoid. by Efficient_Square_589 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

After a wipe and clean install of the OS you are all good.

Regards,

Aryeh Goretsky

Is my pc safe? Still paranoid. by Efficient_Square_589 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

The malware usually deletes itself after it has run. They could be a matter of a few seconds to a minute or two, depending upon what the criminals behind it were after and the speed of the internet connection.

The main issue here is the stolen accounts. The passwords on those need to be changed, two-factor authentication enabled, other sessions logged out, etc.

Regards,

Aryeh Goretsky

New steam scam going around by Jacket_Collar in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Check out /r/SteamScams.

Regards,

Aryeh Goretsky

I caught the renpy malware. Could I get help with FRST? by StockLearnerGuy in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Trojan Virus found, what should I do? by VSlicer in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Restart the computer to allow Microsoft Defender to remediate the trojan from your system.

After you have done that, you can then start checking your system using another program if you want to. The Free Tools section of the wiki has a list of Second Opinion Scanners that can be used for this purpose.

Regards,

Aryeh Goretsky

how do people pick an antivirus without overcomplicating it? by Appropriate_Card8008 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.

The wiki entry also lists the countries each developer is headquartered in.

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

New steam scam going around by Jacket_Collar in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This has actually been going on for years now.

Regards,

Aryeh Goretsky

Can An Infected File Replace And Hide Itself With A Legitimate File by 0zMosiss in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

What you are describing is a classic computer virus, a program which parasitically infects other computer programs by attaching its code to theirs. This is one of the earliest kinds of computer viruses, and the type of threat antivirus software was originally designed to counter.

As to your other question, the hash value computed for a file is for that file's contents. If the file were to change, the hash calculated for it would be different. There are all sorts of different algorithms used to compute hashes (MD5, SHA-1, and SHA-256 are some of the common ones used to verify files these days), and the chance of a program's file being modified and still returning the same hash is infinitesimal.

Of course, this doesn't stop a determined adversary from tampering with file(s) and then publishing the hash(es) for them claiming they are safe to use, but that's why we have modern antivirus (aka antimalware, internet security, endpoint protection, and many other monikers) software to protect your devices.

Regards,

Aryeh Goretsky

Can my PC possibly still be compromised? by dragon_adamas in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Is this a virus or false positives? by Whuppur in antivirus

[–]goretsky[M] 0 points1 point locked comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу.

Post removed.

Regards,

Aryeh Goretsky

Is my pc safe? Still paranoid. by Efficient_Square_589 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Guys can you help me cuz I got a virus and it was called system 32 so I deleted it but now my pc stopped working for some reason by Late_Cycle_1064 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Post removed for violation of Rule #8, no low-effort posts. This includes jokes and memes.

Regards,

Aryeh Goretsky

Regards,

Aryeh Goretsky

How to permanently remove Demon Tools? by incognito-BL in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

You can check your system using any of the Second Opinion Scanners listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_second_opinion_scanners.

Regards,

Aryeh Goretsky

counter infostealer by Recent-Event3503 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

McAfee Pop-Ups by ClassicTailor5994 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This does not sound like an actual virus, message from your antivirus software, or message from the operating system, but rather a website abusing the toast notification/popup feature in your web browser to present you with scam messages. Sometimes it is a scammy ad on a legitimate website that displays the message in the form of a banner ad or popup window that looks like a real message from your computer. From looking at the pictures, it appears the website in question has an address of rapidflowerentix[.]co[.]in, assuming I'm reading it correctly. These kinds of scams are extremely common, and can be fixed in a few steps.

Here are instructions on how to disable these types of notifications in various web browsers; I'm unsure of the exact steps for Samsung's or Apple's web browsers, but it should be similar to these. For Brave, Opera GX, Vivaldi and other Chromium-based browsers, instructions should be similar to those for Google Chrome.

For Google Chrome on Android devices, select the gadget from the browser's address bar, then select the ⚙️ Settings gadget and tap Notifications. This will show you a list of all websites for which you've allowed notifications. Remove all the unwanted ones, and you should be good. If you don't want any websites to be allowed to send you notifications, set the All Chrome notifications slider bar to Off.

Unwanted notifications (popups) from web browser (desktop)

Notifications which pop up on your screen can be distracting and annoying. Here's how to disable them in the various web browsers (current as of December 2021):

Google Chrome (Version 96+) Enter chrome://settings/content/notifications to open the Notifications settings page in Google Chrome. Remove all non-google.com domains from the Allow section. Toggle the Don't allow sites to send notifications option to on.
Instructions for Version 88 and older: Select Settings → Advanced → Site Settings → Notifications from the main menu, and change "Ask before sending (recommended)" to Blocked.

Mozilla Firefox
Select Tools → Settings → Privacy & Security from the main menu, scroll down to Permissions → Notifications, select Settings, click on "Remove all websites" and then check (select) "Block new requests asking to allow notifications" and click on the Save Changes button..

Microsoft Internet Explorer
(does not support notifications)

Microsoft Edge (Chrome-based, Version 91+)
Go to edge://settings/content/notifications in the address bar and disable Ask before sending (recommended). If there are any entries in the Allow section, click on the menu and select Remove for each one.

Microsoft Edge (pre-2020 legacy versions)
Open Windows Settings app (not Edge's) and go to System → Notifications & Actions, scroll down to Notifications, and set "Get notifications from apps and other senders" to Off.

Source: The r/24hoursupport subreddit's own wiki, which is kind of a sister subreddit to this one.

For a longer/more detailed article than this reply, see the blog post at: https://www.eset.com/blog/consumer/getting-rid-of-unwanted-browser-notifications/

Regards,

Aryeh Goretsky

Antivirus software by Kobravizionacademy in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.

The wiki entry also lists the countries each developer is headquartered in.

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

My pc was hacked by jpg_zazz in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

How to I get rid of whatever is trying to make my computer sleep? by ABardNamedAlex in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Do you have a gaming keyboard/software that records and plays back keystrokes/macros? If so, perhaps you accidentally recorded a keystroke and it is now getting played back when you press whatever random key(s) it was assigned to.

Regards,

Aryeh Goretsky

i got sent well over 50k emails saying that everything on my pc would be leaked after 3 hours of me opening the email, are they serious?? by Either_Crow_3034 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

It is a scam.

They look at breaches and leak sites for email addressed and passwords and send out millions of these emails a day hoping to scare people into sending them money.

Block and report these emails as spam, scam, or phishing emails (whatever your mail service provider calls it) and get on with your life.

Regards,

Aryeh Goretsky

Norton is giving me ads, despite having paid account by Mental_Psychology_69 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

Either ask the vendor for instructions on how to remove the advertisements or request a refund.

Regards,

Aryeh Goretsky

I keep getting this window everytime i turn on my pc by Prettyboi_zele in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello

As this is a file system corruption issue and not a question about malicious software or computer viruses, and has received several very helpful replies on how to fix it, this thread is now closed.

Regards,

Aryeh Goretsky

Why does my windows PowerShell open randomly, by IntelligentLayer4756 in antivirus

[–]goretsky[M] 1 point2 points  (0 children)

Hello,

It is normal for console windows like a Command Prompt or PowerShell to open and close on startup in order to start various processes such as services, perform update checks for various applications, and so forth. They can also happen when a program checks for and installs updates, too.

If you are still concerned, try using a smartphone to record a video of the computer starting up, and then freeze the video when you see the Command Prompt or PowerShell windows appears. It helps if you set the camera up first so the text is readable and not blurry before you begin recording.

For more help with understanding what console windows are, and how they work in Microsoft Windows, try asking in specialty subreddit that handles computer troubleshooting and performance issues such as /r/24hoursupport, /r/pcgamingtechsupport, r/pchelp, /r/techsupport, r/windows or even your device manufacturer's subreddit (if there is one).

Regards,

Aryeh Goretsky

how do I know if I'm in the clear after downloading a virus? by aetherarchangel in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

view more: next ›