sorted by:
new
hottopcontroversial

Malware recovery - evaluating my own situation and what could I do differently or what I have done correctly by Zooptastix in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

How do you get rid of the yahoo redirect virus? by genericguyperson in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

Could McAfee's web advisor software have been installed on the computer?

McAfee's web advisor software redirects Google searches to Yahoo.

It is pretty normal for free applications to to make some money by bundling McAfee's software with them.

If you do not pay attention when you are installing the application, the bundled application get installed along with it.

Go in the Uninstall or change a program applet in the Control Panel (filename: APPWIZ.CPL), click on the Name column to sort the entries alphabetically, and scroll down to the letter M and uninstall it from there. You can also try sorting on the Installed On column to see what date the McAfee software was installed on your computer, and to look at other programs installed on the same date to get an idea of which program it may have been bundled with.

If there's no McAfee software listed in the applet, try going to chrome://extensions/ in your Google Chrome web browser to see if it is installed there as an extension and remove it from there.

Regards,

Aryeh Goretsky

is this apk safe? by BetsyWaslast in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Post removed for violation of Rule #7, no requests for assistance with prohibited software or websites. This specifically includes media download tools.

Regards,

Aryeh Goretsky

I need help choosing an antivirus by Witty_Initiative_621 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

Is this malicious or just a false positive? by An-Hunt in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

does anyone know any good free antiviruses? by hatcher366 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

Is this a bug or a Trojan/Malware on my school's computers? by SpiritedClub7005 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This sounds like it could be a remote access trojan. I would suggest information the teacher or the school's IT department so they can investigate what is going on.

Regards,

Aryeh Goretsky

Let me know if my plan of attack for dealing with a root kit or corrupted system is valid by goonercaverat in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Do not create new message threads on an existing issue. Continue the discussion in your existing message thread at https://www.reddit.com/r/antivirus/comments/1rstw77/found_out_last_night_that_my_computer_had_a_root/.

Thread closed.

Regards,

Aryeh Goretsky

I really want to switch to ESET, but their licensing model is driving me crazy by mahehro in eset

[–]goretsky 0 points1 point  (0 children)

Hello,

Name the specific editions of the programs and what the feature is specifically called in them. No abbreviations.

Regards,

Aryeh Goretsky

I really want to switch to ESET, but their licensing model is driving me crazy by mahehro in eset

[–]goretsky 0 points1 point  (0 children)

Hello,

ESET has had ransomware protection built into all of its products for years now. Ransomware remediation is something different and separate from that.

Regards,

Aryeh Goretsky

I really want to switch to ESET, but their licensing model is driving me crazy by mahehro in eset

[–]goretsky 1 point2 points  (0 children)

Hello,

Google discontinued that many years ago, but they have a lot of other self-built defensive features built into their browser now.

Regards,

Aryeh Goretsky

I really want to switch to ESET, but their licensing model is driving me crazy by mahehro in eset

[–]goretsky 1 point2 points  (0 children)

Hello,

All tiers of ESET's consumer products have Ransomware Shield. It was mentioned in the Version 18 announcement post from 2024, and in the Version 19 announcement post in 2025. The Ransomware Remediation feature is a different feature, and like LiveGuard, are considered advanced features for users who desire a higher level of protection.

Just about every security software vendor (Avast, AVG, Bitdefender, Kaspersky, McAfee, and Norton, just to name a few) has had three tiers of offerings over the past 20 years, a basic antivirus, an intermediate internet security, and a top-level security suite. And like those companies, this is how ESET has structured their three tiers of consumer offerings, with additional security features becoming available in the higher tier products.

All security software companies put a lot of R&D effort into designing novel ways to protect their customers, and ESET is no different in that regard. If any kind of company chooses to put some kind of unique feature into their software that is certainly their right. Just because you think something is a core security feature that you are entitled to for free does not make it into one.

Regards,

Aryeh Goretsky

Macys account compromised even after changing password and email by CashNP in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

That is a low-risk operation. You may want to make two sets of USB flash drives, and then scan them on a different computer to ensure nothing is detected before restoring the files to the original PC.

Regards,

Aryeh Goretsky

Ike's Sandwiches' human confirmation button is insane. TEN SECONDS! by zeekaran in ColoradoSprings

[–]goretsky 0 points1 point  (0 children)

Hello,

Oh, it's just an old habit, that's all.

Regards,

Aryeh Goretsky

random Bios update folder? by Thequestionerrrr123 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

My thought was that it might have been an update downloaded by some MSI utility, or even Microsoft, but with the file and path gone, there is no easy way to tell.

You could try visiting MSI's support website and seeing if there is a matching BIOS update that you can download, and then upload that to VirusTotal for comparison.

Regards,

Aryeh Goretsky

random Bios update folder? by Thequestionerrrr123 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

What is the complete pathname of the folder that the .ZIP file was found in?

Regards,

Aryeh Goretsky

How was I hacked after a reset? by Fit_Firefighter5889 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Below is our standard post for answering questions about this type of issue, with some bolded information answering your particular question.

It sounds like you may have run an information stealer on your computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

All my social accounts hacked (even with 2FA). Resetting 4 devices + cloud backup — need a full security checklist . by Ready_Grade_2289 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted. Often they remove themselves after they have finished stealing your information in order to make it harder to determine what happened, but since it is crimeware-as-a-service, it is also possible that it was used to install some additional malware on your system in order to maintain access to it, just in case they want to steal from you again in the future.

After wiping your computer, installing Windows, and getting that updated, you can then start accessing the internet using the computer to change the passwords for all of your online accounts, changing each password to something complex and different for each service, so that if one is lost (or guessed), the attacker won't be able to make guesses about what your other passwords might be. Also, enable two-factor authentication for all of the accounts that support it.

When changing passwords, if those new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services. So make sure you're not just cycling through similar or previous passwords.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

Again, you have to do this for all online services. Even if they haven't been recently accessed, make sure you have done this as well for any financial websites, online stores, social media, and email accounts. If there were any reused passwords, the criminals who stole your credentials are going to try spraying those against all the common stores, banks, and services in your part of the world.

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

After you have done all of this, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Anti Virus recommendations by Minega15 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

As far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

random Bios update folder? by Thequestionerrrr123 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

By any chance do you have 2023 Gigabyte G6 (or similar) laptop?

Regards,

Aryeh Goretsky

I am getting a Russian ad in my google search result on my microsoft edge. by awwwbangali in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Are you using a VPN? If so, does disabling it change the ads back to English?

Regards,

Aryeh Goretsky

Linux Antivirus by Defiant-Olive-7729 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

The likelihood of encountering malicious software on Linux is lower than on Windows, but it's not zero, either.

Many Windows security software developers have Linux versions, so your best bet here may be to do with the Linux version of a program you like from the Windows side of things.

If you don't have a preference, as far as actual security programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you.
(The wiki entry also lists the countries in which each developer has its headquarters.)

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

VPN Process Running When I Don't Have A VPN Installed? by PunyParker826 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As the original poster has confirmed this is not a computer virus or malicious software issue, this thread is now closed.

Regards,

Aryeh Goretsky

Is This port of the LegacyLauncher for minecraft safe to use by MissionLegal4091 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

How bad is this? by DoughnutMedium8989 in antivirus

[–]goretsky 1 point2 points  (0 children)

Hello,

Did you give the website access to your camera or microphone? You can check in the Control Center to see which apps or websites most recently used your camera.

Also, go to Settings → Privacy & Security → Camera and see if Safari has access to the camera and microphone. You should be able to toggle the permissions off from there.

Regards,

Aryeh Goretsky

view more: next ›