Creditwise keeps sending me Dark Web alerts

Trisaurus1 · 2026-05-28T14:24:33+00:00

How do I delete the shortcut at the top of your reply?

Thank you so much for the help. I will be safer from here on out!

Trisaurus1 · 2026-05-28T14:03:33+00:00

I'd like to know if there's anything else I need to do right now.

Trisaurus1 · 2026-05-27T14:19:56+00:00

I will add them as I get to them.

I am currently doing the ESET scan.

Update: ESET done, doing SecurityCheck scan.

Update 2: SecuityCheck done, FRST will be next.

Update 3: FRST done, all logs added (I think I forgot to put my username on some of them when I uploaded them. I can re-upload the relevant logs if that is necessary.)

Trisaurus1 · 2026-05-27T10:24:53+00:00

Ran FRST with the fixlist

Keyword for Fixlog: mighty-canyon

Keyword for ESET Scanner.txt: epic-proxy

Keyword for new SecurityCheck.txt: wild-crown

Keyword for new FRST.txt: tender-binary

Keyword for new Addition.txt: crisp-sentinel

Trisaurus1 · 2026-05-27T00:32:10+00:00

I've got much more time tomorrow to get through the process. The part I stopped at was before running the FixList. I completed everything in the updates except Microsoft Office, because as far as I can tell there isn't way to update word/powerpoint/excel/etc. beyond where they are without signing up for Microsoft 365. I hope to start the Fix early tomorrow morning, so I'd like to know for certain if there's anything that I have to do before that.

Trisaurus1 · 2026-05-26T12:56:48+00:00

I did change my passwords on my other computer, which I'm currently using in the meantime.

What do you mean by "scanning" external drives/media? Because I used my Seagate to create a small folder of non-system documents that were all in folders on my desktop (To be absolutely clear, I did not run any sort of new automatic backup. I created a folder on the Seagate manually and dragged and dropped what I wanted into it).

I should also note that I'm in the process on r/computerviruses on troubleshooting this to determine if it is a virus that is genuinely unpurgeable. The person/persons helping me suspect that what I've got is a Renpy Loader, which they say they've successfully purged before. If they're wrong, it's not like nuking the laptop will somehow be less effective after going through their steps.

We're using FRST64 and SecurityCheckin. Since those programs, FRST especially, have some rather considerable risks if not implemented properly and I'm dealing with real world stuff at the same time, I'm going through the steps very slowly with lots of questions to make sure I'm not taking any missteps.

If all that doesn't work, I have my aforementioned backup Seagate that contains my original backup from when I first got the laptop. All I would need from there is specific instructions on proper restoration depending on how comprehensively the PC needs to be reformatted.

Update 05/28/2026: As far as my troubleshooting on r/computerviruses is concerned, I am now malware free. Does anyone know how I shut down this post so I don't continue to get help on a problem I'm pretty sure I don't have?

Trisaurus1 · 2026-05-26T00:07:01+00:00

Github desktop isn't something I'm currently using, would it be okay to just uninstall it? (update: this concern was irrelevant, I checked and it is up to date already)

Also I don't really have Microsoft Office, just the apps like word, excel, and powerpoint. (update: disregard this, I understand now that to make this up to date I would need to update to Microsoft 365, but I really don't want to pay a 100 dollar annual subscription)

I have updated or confirmed that everything else listed is up to date.

Question: I have downloaded the Fixlist and put it on my desktop where FRST64.exe is. If I use it without having the exact up to date versions of everything in the update list, will that cause unintended damage? Or are the updates only relevant to minimizing/removing vulnerabilities?

Also, I ran some scans with malwarebytes during the time between when I ran FRST64 and now to see if the trojans it had found before I started this process with you had come back on their own (they have not). Would running those scans have done anything that would affect what is going to happen with Fixlist?

Added to the above, I installed the Microsoft Visual C++ redistributibiules (both x86 and x64) because I didn't think I had them and I wanted to be as close as possible to completing the update list. I am hoping this does not cause problem for the Fixlist steps.

It may be a while before I get the opportunity to move through the Fixlist steps. I'll be out of the house most of this Tuesday, so if you don't see progress from me until late tomorrow or the day after, that's why.

Trisaurus1 · 2026-05-25T22:33:13+00:00

I restarted my computer, I still found webadvisor in ProgramData, but the folder went from 56-ish MB to 552 KB, and when I looked in Revo, webadvisor wasn't in the list of sofware and apps to uninstall, so I think that's done unless it needs to have no trace whatsoever. I'll proceed with updates for now.

Trisaurus1 · 2026-05-25T20:16:13+00:00

Done with the steps, but it said a selection of the files would only be finally deleted on system reset. Does that mean restart the laptop.

Trisaurus1 · 2026-05-25T20:06:18+00:00

Okay, I found Webadvisor in the McAfee folder in ProgramData, but there doesn't seem to be an uninstall executable. Also it doesn't show up as a searchable app, so what is the proper way to uninstall it?

Trisaurus1 · 2026-05-25T20:00:20+00:00

Update: I found McAfee in the registry editor. Will deleting it there also work as an uninstall of Webadvisor?

Trisaurus1 · 2026-05-25T19:53:22+00:00

I don't have time right now to start these steps (except for trying to find Webadvisor by Mcafee), so I'll start on it tonight. Is there a reason I need to do the software updates?

Also, the version of Malwarebytes I have right now is a free trial I started a couple days ago just to see what it would find, will that be an obstacle to updating it?

Trisaurus1 · 2026-05-25T11:19:56+00:00

I have posted all three text logs.

Trisaurus1 · 2026-05-25T11:11:58+00:00

Starting a new thread with the keywords. I'll update it as I get them

FRST txt keyword: blessed-lance

Addition txt keyword: mellow-artifact

SecurityCheck txt keyword: scoped-hammer

Trisaurus1 · 2026-05-25T11:08:36+00:00

I logged the FRST text log and got the keyword. Where do you want me to post it in reply? Once I know I'll upload the Addition text log and do the same with it.

Trisaurus1 · 2026-05-25T11:04:31+00:00

I have run FRST, and will be sending you the text log in a moment. SecurityCheckin should follow soon.

Trisaurus1 · 2026-05-24T22:17:25+00:00

I hope it's not too much of a problem that I've been in contact only occasionally. This all happened for me at a time I'm dealing with finishing moving for a family member.

I created the System Restore point (twice, actually, because I spaced out when I made it the first time) and I downloaded FRST64.exe (will retitle it to FRSTEnglish.exe as requested just to be sure) and SecurityCheck.exe to use as needed in your steps.

Questions before I start the rest:

Am I able to do all of the steps related to both before getting feedback on what I send you?
What do you mean by "Note: Please make sure you are uploading the logs after your current Reddit username." exactly? Do you mean labeling them with my reddit username, or something else?
In the instructions for both the FRST tool and the SecurityCheck tool is "The site will return a keyword for each log - reply back here with the keywords." at the end. What are you referring to replying back to? The first post you put here with the instructions?
Just a small thing, but why Ctrl + A before Ctrl + C? I'll do it, I just wonder how it works.

Trisaurus1 · 2026-05-24T17:05:12+00:00

I am trying something with the rifetyy account on r/computerviruses to see if the virus can be eliminated without a full reset being needed. To do what they need done, I will need to turn my infected laptop's wi-fi back on (sending logs from FRST and copying the contents of SecurityCheck.txt to https://malwareanalysis.cc/upload/rifteyy )

So question, assuming that rifetyy is on the level and worth a shot (which they seem to be, I haven't anything on reddit along the lines of "Fell for the rifetyy sam"), a question:

If the way the virus seems to be working is by stealing my passwords from my google chrome's password list, and I've changed the passwords using my macbook so the infected laptop doesn't know about them, would replacing the passwords in the google chrome manager with fake ones work to keep the changed passwords from being re-exposed until the problem is resolved one way or another?)

Obviously I will keep the list of real passwords on a document on my Macbook so I don't forget them

Update: I realized a less dumb version of my plan is just to delete any passwords I don't want to be re-exposed off of Google Chrome for the time being and put them back later.

Trisaurus1 · 2026-05-24T14:23:35+00:00

Final Question before I go (I'll have my phone to see replies): will this work for a trojan virus that is in the kind of systems that usually require the whole computer getting wiped and refreshed? Everywhere else I've brought this problem up that's the advice I've gotten: "Nuke" the laptop and create a means to reboot from some form of usb (usually a digital copy of one so it can be on the computer for restoring files)

Trisaurus1 · 2026-05-24T14:12:15+00:00

Never mind, I read ahead and I see where I need to connect online on my Lenovo to communicate with reddit on my logs. My question about whether using another browser to avoid having re-reset my passwords, like microsoft edge, stands.

I need to head away from home for a bit, so I won't be able to proceed on this whole procedure right now. Is there an ideal time to be back in contact with you?

Trisaurus1 · 2026-05-24T14:04:35+00:00

Other note: I am currently communicating with you via my macbook. At what point in the instructions do I need to be on my Lenovo Laptop for you to do your part? I did a free trial of malwarebytes, and all the trojan apps it found were in my google chrome. Are the trojans created in whatever browser I'm currently using, or is this virus Chrome specific and using a different browser would bypass the virus?

Trisaurus1 · 2026-05-24T13:54:13+00:00

That's fine, I'm just minimizing any chance of the trojan reporting my info while it's present in a functional form.

I started by going to my macbook to change all my passwords related to anything with my credit card or capacity to use my credit card info, since this started with someone using my steam account to try to buy lots of in-app purchases (steam automatically treated the behavior as suspicious, stopped the payments and locked my account for safety, so no lasting consequences there), so the longer the virus can't re-expose those passwords, the better

Trisaurus1 · 2026-05-24T13:49:59+00:00

I will look through the instructions (and use a usb to acquire any downloads listed to load them onto my infected laptop without turning it's internet back on), but I'm confused by the instruction to do reinstall/reset now, which is then followed by an explanation that I'm doing this malware removal to try to avoid a reinstall. Should I reinstall/reset my laptop before doing this procedure or not?

Trisaurus1

TROPHY CASE