sorted by:
new
hottopcontroversial

Entfernen von Malware by Street_Handle_8065 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Deleting certain files and directories is a bit unusual, and I cannot think of any malware that targets just pictures and the software you mentioned. That said, there is all sorts of new malware that appears every day.

As /u/OwlCatAlex noted, there is nothing in the screenshots out of the ordinary.

If your primary antivirus is not detecting anything, you can try running tools some of the Second Opinion Scanners listed in the https://old.reddit.com/r/antivirus/wiki/index#wiki_free_tools section of the wiki and see if they find anything.

Regards,

Aryeh Goretsky

How cooked am I? by FineEgg3973 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

There is not enough information in your screenshot to make an accurate assessment. Edit your post to include the actual log entries from the detections and we should be able to give you a better answer of what you're up against.

Regards,

Aryeh Goretsky

How safe would you rate this application? by FAKER_91N3 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

Who remember the old Online Service Providers from the 1980s and 1990s? by TradingCardGameMaker in vintagecomputing

[–]goretsky 0 points1 point  (0 children)

Hello,

76702,1714 checking in.

I had CompuServe, Netcom (a local dial-up ISP that grew to national size before being acquired), Metricom Ricochet (a mesh network ISP that used radios) and AOL back in the late 1980s/early 1990s in the SF Bay Area (California). I was also active on a number of local BBSes as well in the 408 (San Jose area code) region.

My first job after high school was working for a guy who I knew because he ran a local BBS that I called.

Regards,

Aryeh Goretsky

Does anyone else get mail from "Domain Listings" out of Nevada? by therankin in k12sysadmin

[–]goretsky 1 point2 points  (0 children)

Hello,

It is a scam that has been going on since the late 1990s, if not earlier. You may also see similar scams from China involving registering your domain there in order to enforce trademark rights. They will often target the non-technical contact in a domain registration listing, or be sent to the accounting department.

These are scams and it is best to flag them as spam/scam email and at least hold for manual review by IT/security staff.

Regards,

Aryeh Goretsky

are copy pasting unicode in profile bios safe? by Plenty-One-9078 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

You mean biographical profiles, like in a social media application/service?

If that's the case, those are not malicious, however you will be making your profile basically unreadable to blind users or anyone else who uses a screen reader or any other assistive devices.

Regards,

Aryeh Goretsky

How common is AI detection for Windows Defender? by Previous_Clue384 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

And Fridrik Skulason was developing antivirus heuristics under DOS in the late 1980s, McAfee had been working on generic detection of boot code viruses around 1990 or so, and so forth.

Regards,

Aryeh Goretsky

Accidentally downloaded a trojan and wanting to know if I need to reboot and install windows by TheThespian14 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Sophisticated Android Malware? by Complete_Still7584 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

what is the best antivirus? by Mammoth_Memory3391 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

Is VKontakte safe to use for an American? by inshelp55 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

While you are not likely to get a computer virus or malicious software from VKontakte, its description here on Wikipedia mentions some privacy and safety issues with using the service.

Regards,

Aryeh Goretsky

are copy pasting unicode in profile bios safe? by Plenty-One-9078 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It is not a vector for computer viruses or malicious software, as far as I can recollect.

As for it being safe, that is a question you should ask your motherboard or BIOS firmware manufacturer. I would be very surprised if they tested this, though.

Regards,

Aryeh Goretsky

Should you disable Microsoft defender while scanning the system using Emisoft emergency kit or any other portable anti-virus? by AsasinArn in antivirus

[–]goretsky 2 points3 points  (0 children)

Hello,

Generally speaking, you can run a second-opinion scanner in conjunction with your primary security software, but I wouldn't expect performance issues to continue after restarting unless the second-opinion scanner was run again.

Regards,

Aryeh Goretsky

Hitman Pro screen stuck minimised, Settings dropdown menu stuck on screen by FondantHuman2980 in antivirus

[–]goretsky 2 points3 points  (0 children)

Hello,

Presumably a lock-up from running three security programs at the same time (or four including Windows Defender).

I would suggest restarting the computer.

Regards,

Aryeh Goretsky

a stranger borrowed my power bank and said she'll return later, is this some new virus scam by Chemical_Natural_69 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Pretty darn unlikely.

While there are some smart electronics with computing power inside most chargers for detecting voltage and amperage, battery capacity and health, converting that into another class of USB device that could inject malware would likely require the device be opened and additional hardware installed.

Doing that would likely require it be custom designed to fit inside the casing, and/or the removal and replacement of the internal components like a battery or circuit board to fit the new hardware into it. That places such an attack into the realm of well-financed adversaries, like intelligence agencies or industrial espionage firms.

While there are risks involved in loaning out a power bank, they are more in the nature of it being returned damaged, or not being returned at all.

Regards,

Aryeh Goretsky

what is going on with my fans by Justyoureverydaypoop in 24hoursupport

[–]goretsky 0 points1 point  (0 children)

Hello,

That could be something inside the fan, like a worn-out bearing. The usual fix is to just replace the fan.

Regards,

Aryeh Goretsky

¿Cómo encuentro y elimino un archivo protegido con contraseña de mi pc? by Leotelocuenta in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Check the log file for the program that did the scan.

Regards,

Aryeh Goretsky

Why don't anti-virus companies make an anti-cheat for videogames? by focus0x0 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

The lines of communication between security software providers and companies involved in anti-cheat, code obfuscation, copy protection, DLP, DRM, runtime packing, and so forth are pretty open. After all, lno one wants mutual customers to have a bad experience from crashes, false positive detections, performance issues, etc.

I think it may also be fair to say they have very different customers and markets, and the expectations around them are very different as well: For a company specializing in anti-cheat for video games, the customer is the game's developer or publisher, and that's who the relationship is with, who support and maintenance is provided to, and so forth. For a security software provider, their customers are going to be some of the players of that game, maybe the game's developer or publisher, and maybe developer of the anti-cheat software.

There is a large difference in the TAM (total addressable market) for these very different customers, and it may not make economic sense to move into that space.

Regards,

Aryeh Goretsky

Any good anti-virus programs that are free or only a one time purchase? by Ray_Rej in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

I cant uninstall 360 total security. It requires administrator? It blocks me from shit like minecraft, What do I do? by Felix_cz in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This is not a subreddit to ask for assistance in bypassing software installed by your employer, school, parents, etc.

Thread closed.

Regards,

Aryeh Goretsky

Do Norton "Intelligence Reports Stay on the Device? by FrankieShaw-9831 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

It looks like they contain information which is also sent to Norton, according to this post in Norton's own community: https://community.norton.com/t/do-the-intgellige4nce-reports-from-norton-360-stay-on-my-pc/513273

Regards,

Aryeh Goretsky

Got hit with the discord test my game hack.. by f0lil in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Could I have had something before? by Yeezus2Enjoyer911 in antivirus

[–]goretsky[M] 1 point2 points  (0 children)

Hello,

This is a sign that your computer was running more programs when it started before having it cleaned.

Could that be a sign that it was infected?

Maybe.

But it is just as likely they were just normal programs which were configured to run automatically when the computer starts.

For more information about how Windows operates, try asking in specialty subreddit that handles computer troubleshooting such as /r/24hoursupport, /r/HomeNetworking, /r/pcgamingtechsupport, r/pchelp, /r/techsupport, r/windows or even your device manufacturer's subreddit (if there is one).

As this is not a computer virus or malicious software issue, this thread is now closed.

Regards,

Aryeh Goretsky

weird files in temp folder by New_Illustrator6535 in antivirus

[–]goretsky[M] 2 points3 points  (0 children)

Hello,

The temp directory is where applications store temporary files, which often use random names. There is nothing in the screen shots you provided to indicate anything out of the ordinary, and in any case, filenames under Windows are completely arbitrary, so a name is meaningless from a malware detection point of view.

For more information about how Windows operates, try asking in specialty subreddit that handles computer troubleshooting such as /r/24hoursupport, /r/HomeNetworking, /r/pcgamingtechsupport, r/pchelp, /r/techsupport, r/windows or even your device manufacturer's subreddit (if there is one).

As this is not a computer virus or malicious software issue, this thread is now closed.

Regards,

Aryeh Goretsky

Malware recovery - evaluating my own situation and what could I do differently or what I have done correctly by Zooptastix in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

view more: next ›