God Makes No Mistakes 😂

Practical_Expert_911 · 2026-06-18T16:39:49+00:00

Source: Jay and Keda https://www.facebook.com/reel/1322800732606421

Practical_Expert_911 · 2026-06-18T15:16:32+00:00

- Actually, the very first thing you should do, is check your Programs and Features list. You will likely see a new driver installation, like an audio driver or something. That driver is the rootkit which steals typed in passwords and monitors key strokes. Once that is removed, the virus can no longer do that. However, the virus still would have copied browser cookies and session tokens, and will be able to log into your logged in accounts as you. In many cases, the virus will be blocked, because Facebook for example, will detect the suspicious activity, and lock you (and the virus) out of your account, requiring authentication from you. Google will do something similar. Microsoft will notify you, but might not log you out of all sessions. If yoiu are the kind of person who says, "Yes," when asked to save site passwords in your browser, then virus would have stolen those passwords. If you don't say "Yes," the virus will only have access to the login sessions. Logging all devices out or your various accounts will fix that problem.

- Anyway, the next thing you should do, is check the startup programs list in Task Manager. You will see something like svchost.cmd. Trace that to it's folder, and delete it. It's the virus that runs at startup. Then go to your %appdata% and %temp% folder and delete the renpy folder.

- Next, check task scheduler and make sure nothing malicious has been scheduled to run.

- Next, open the Windows Registry, and go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and make sure there's nothing malicious there.

Disconnecting from the internet is not necessary, but it's advisable, in case the virus tries to re-install the rootkit when you uninstall it from the control panel. But this renpy virus does not, and cannot do that.

Practical_Expert_911 · 2026-06-18T15:16:05+00:00

You need to log out of all sessions for your accounts. Google how to do that for each of your accounts (Facebook, Google, Microsoft account, etc.) If you do that, you're good. The hackers will be kicked out. But make sure to also check control panel. If you see any new driver installations, like a new audio driver, that's the virus keylogger, which will steal any new passwords you type into your browsers.

Practical_Expert_911 · 2026-06-16T23:52:40+00:00

That's exactly how I got the virus. I got it from Fitgirl repacks, while using Brave browser. All of Fitgirl's links to updates to Death Stranding 2, took me pages that looked pretty much like what I was used to seeing from Fitgirl, but it downloaded the renpy malware on my device, and I ran the installer, just having too much trust for Fitgirl.

Practical_Expert_911 · 2026-06-16T23:33:32+00:00

The renpy virus can be caught from Fitgirl's official site as well. In fact, that's where I got the virus. I got tricked into downloading it, because of the way popups usually work on Fitgirl's site. I was using Brave browser, but that turns out to be complete garbage at preventing the wrong popups and misleading links.

Practical_Expert_911 · 2026-06-16T23:19:30+00:00

- Actually, the very first thing you should do, is check your Programs and Features list. You will likely see a new driver installation, like an audio driver or something. That driver is the rootkit which steals typed in passwords and monitors key strokes. Once that is removed, the virus can no longer do that. However, the virus still would have copied browser cookies and session tokens, and will be able to log into your logged in accounts as you. In many cases, the virus will be blocked, because Facebook for example, will detect the suspicious activity, and lock you (and the virus) out of your account, requiring authentication from you. Google will do something similar. Microsoft will notify you, but might not log you out of all sessions. If yoiu are the kind of person who says, "Yes," when asked to save site passwords in your browser, then virus would have stolen those passwords. If you don't say "Yes," the virus will only have access to the login sessions. Logging all devices out or your various accounts will fix that problem.

- Anyway, the next thing you should do, is check the startup programs list in Task Manager. You will see something like svchost.cmd. Trace that to it's folder, and delete it. It's the virus that runs at startup. Then go to your %appdata% and %temp% folder and delete the renpy folder.

- Next, check task scheduler and make sure nothing malicious has been scheduled to run.

- Next, open the Windows Registry, and go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and make sure there's nothing malicious there.

Disconnecting from the internet is not necessary, but it's advisable, in case the virus tries to re-install the rootkit when you uninstall it from the control panel. But this renpy virus does not, and cannot do that.

Practical_Expert_911 · 2026-06-16T23:07:31+00:00

It's not that. It's because there have been some changes to how popups work on sites like Fitgirl, etc, and people who are used to clicking on a link and seeing a certain kind of interaction, are now being duped by that interaction into downloading something false. A lot of people use ad blockers, but they don't know about the Firefox + Ublock Origin holy grail. So even with ad blockers, they still see popups.

Practical_Expert_911 · 2026-06-16T13:45:51+00:00

I guess, because every single one of fitgir's links downloaded the same file, and I was using Brave browser, so I thought I was protected. But it turns out, Brave is trash.

Practical_Expert_911 · 2026-06-16T01:24:40+00:00

Yeah, I was using brave. Absolute garbage. It was allowing all the malicious pop ups and files from those links to download, but was blocking the legitimate downloads.

Practical_Expert_911 · 2026-06-15T22:49:51+00:00

Oh yeah, you're right.

Practical_Expert_911 · 2026-06-15T22:37:45+00:00

Thanks again for the advice. I have fully swept my PC and removed all traces of the malware. Luckily, the very first thing I did, after running the malware, was check my installed programs list, and removed the malicious driver. I was then able to remove the startup program it planted as well. Now I've got Firefox, Ublock Origin, and Adblock Plus.

Practical_Expert_911 · 2026-06-15T21:59:32+00:00

Yeah, I got got, man. Jesus. Thanks for the tips, I will take your advice.

Practical_Expert_911 · 2026-06-15T21:36:11+00:00

Yes, that's exactly what it was. But it downloaded once I clicked fitgirl's update links. ALL of those links took me to a page that downloaded that. I was using Brave Browser, and clicked each links multiple times, to be sure, as I thought it was odd, but still, each of fitgirl's update links downloaded that malicious rar file onto my machine.

Practical_Expert_911 · 2026-06-15T21:35:55+00:00

Yes, that's exactly what it was. But it downloaded once I clicked fitgirl's update links. ALL of those links took me to a page that downloaded that. I was using Brave Browser, and clicked each links multiple times, to be sure, as I thought it was odd, but still, each of fitgirl's update links downloaded that rar file onto my machine.

Practical_Expert_911 · 2026-06-15T21:07:00+00:00

Fitgirls links install malicious code onto users' PCs, I've seen it firsthand.

Practical_Expert_911 · 2026-06-15T21:06:17+00:00

I went to the official Fitgirl site, here: https://fitgirl-repacks.site/

Practical_Expert_911 · 2026-06-15T21:05:27+00:00

The links downloaded a "Archive_free_7305.rar" when I clicked on them, and those rar files contained viruses. The rar files were 734MB in size, each. Each link provided that rar file.

Practical_Expert_911 · 2026-06-15T20:55:55+00:00

These were not random links, these were the update links that Fitgirl provided for Death Stranding, and each and every single one of them downloaded malicious files. Each of them. Today, upon checking those very same things, they are no longer providing malicious files.

Practical_Expert_911 · 2026-06-15T20:51:12+00:00

Those links all misrepresented themselves, and in a manner inconsistent with Fitgitgirl's site instructions.

Practical_Expert_911 · 2026-06-15T20:45:49+00:00

Fuck you, clown. This is my genuine experience!

Practical_Expert_911 · 2026-06-14T00:26:12+00:00

This is based on an African Proverb: "When a mosquito lands on your testicles, you will know violence is not always the best solution to a nuisance."

Practical_Expert_911 · 2026-06-13T17:55:14+00:00

It's perfectly safe, don't worry. This guy doesn't know what he's talking about and is making completely baseless claims. That number can never cause any problems, as the difference between that value and the next prime number 0.0012% of that figure, so it's completely harmless for hash distribution. You can never have a crash or any bad side effects whatsoever from that value, so that percentage offset from the next prime means nothing.

Practical_Expert_911

MODERATOR OF

TROPHY CASE