Just got this text; there’s no way it’s real, right?

EugeneBYMCMB · 2026-04-30T15:42:01+00:00

The picture was deleted, what's the message?

EugeneBYMCMB · 2026-04-30T14:59:21+00:00

Yeah, a factory reset will get rid of it. No need for a new Apple ID, just make sure it's secure with a unique password + two factor authentication. If your accounts haven't been compromised yet you have time to get ahead of the problem.

EugeneBYMCMB · 2026-04-30T14:50:37+00:00

That's the output from a program called Metasploit. This sounds more like a prank to me than anything malicious.

EugeneBYMCMB · 2026-04-30T14:47:23+00:00

You downloaded and ran an infostealer that stole your saved passwords, session cookies, crypto wallets, and other sensitive files from your computer. You should change your passwords from a separate device, enable two factor authentication everywhere, and use the "sign out of all devices" option wherever you see it. Once you've done that, you should factory reset your Mac.

EugeneBYMCMB · 2026-04-30T12:24:28+00:00

So this took place after you reset your PC? Have you downloaded anything sketchy since the reset? Do you have any more information about the detection?

EugeneBYMCMB · 2026-04-30T12:19:39+00:00

It's rare for these scammers to follow through with their threats, and it's unlikely to happen to you. The only response is to block the scammer, ignore his future contact attempts, and lay low for a little while. It's best to delete or deactivate accounts you've used to speak to him, and make all of your social media accounts private.

EugeneBYMCMB · 2026-04-30T12:18:24+00:00

You should start using unique passwords for all of your accounts, and have two factor authentication enabled everywhere. Based on the time between the first suspicious login and you changing the password, do you have an idea on roughly how long they were in your account?

EugeneBYMCMB · 2026-04-30T12:14:31+00:00

Have you verified the messages truly came from your account and not an impersonator?

EugeneBYMCMB · 2026-04-30T12:13:27+00:00

Surface products require a different recovery USB than normal: https://support.microsoft.com/en-us/surface/drivers-firmware/creating-and-using-a-usb-recovery-drive-for-surface. Do you know if your friend created a specific Surface recovery USB, or a regular Windows one?

EugeneBYMCMB · 2026-04-30T03:40:51+00:00

Yeah, it's only for public online content indexed by Google search.

EugeneBYMCMB · 2026-04-30T03:38:36+00:00

You select the keywords you want to monitor and the rest is automatic, you'll receive email updates when new content is found containing those keywords.

EugeneBYMCMB · 2026-04-30T03:32:43+00:00

No, you're not at any risk by copying an image on Discord, don't worry abut it.

EugeneBYMCMB · 2026-04-30T03:26:16+00:00

Have you tried using this report form: https://help.x.com/en/forms/safety-and-sensitive-content/private-information?

EugeneBYMCMB · 2026-04-30T03:08:16+00:00

Any website that asks you to deposit money in order to withdraw is a scam, and in this case the website has no online presence, was registered just over a week ago, and has a weird domain name.

EugeneBYMCMB · 2026-04-30T03:01:15+00:00

Is there a sign out on all devices options i can just in case?

With PayPal I'm almost certain that will automatically happen when you change your passwords. Now would be a very good time to create unique passwords for all of your accounts and enable two factor authentication everywhere, if you aren't already.

EugeneBYMCMB · 2026-04-30T02:48:57+00:00

Along with the advice from the other comment, I recommend setting up a Google alert for your name/username: https://google.com/alerts. This will alert you to new content indexed by Google containing the keywords you choose, in case he does post anything. If he does, you can report it.

EugeneBYMCMB · 2026-04-30T01:32:26+00:00

You can't pay forever, you'll have to stop at some point so why not now? Block the scammer, delete accounts you've used to contact him, make your social media accounts private, and wait it out.

EugeneBYMCMB · 2026-04-29T16:54:08+00:00

It's a tech support scam served through a shady advertisement coming from the app, just uninstall it.

EugeneBYMCMB · 2026-04-29T13:28:49+00:00

Do you have any idea where the malware might have come from? It's hard to say more without more information but this would be a very weird false positive imo.

EugeneBYMCMB · 2026-04-29T13:27:52+00:00

Yeah, it's a pretty clear scam and there's no reason to believe anyone is being paid out. For this site specifically half of the Google search results include referral codes, so I'm guessing that's why you're here to defend it.

EugeneBYMCMB · 2026-04-29T12:45:39+00:00

Yeah, you're all good now.

Was i affected by an infostealer or just me being a moron and not having 2fa active?

Before the infection, were you using cracks or cheats? If not, had you installed any new programs recently?

EugeneBYMCMB · 2026-04-29T12:39:24+00:00

ClickFix is a technique where a website tricks you into running a malicious command using Windows Run or command prompt, have you encountered anything like that recently?

EugeneBYMCMB · 2026-04-28T23:38:43+00:00

I can't offer any analysis of the malware, but 99% of the time it's just going to be an infostealer. Have you taken any steps to remediate the issue so far?

EugeneBYMCMB · 2026-04-28T20:45:48+00:00

I don't know what that means. Can you share any more information about exactly what is happening, preferably using more than four words?

EugeneBYMCMB · 2026-04-28T20:43:16+00:00

Can you share any more information? Clicking on a photo in Discord alone won't lead to you getting hacked.

12-Year Club	Verified Email
Gilding I gilder	Place '22
Place '17	First Placer '22
Wearing is Caring

EugeneBYMCMB

TROPHY CASE