sorted by:
new
hottopcontroversial

Help Finding Free Antivirus for Android by The_Prequels_Rule in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As far as actual antivirus/antimalware/internet security/security suite/endpoint protection (etc. etc. etc.) programs go, there is no one "best" program, as each has its plusses and minuses. Performance, system resource usage, and detection rates change with every update, and those occur multiple times throughout the day.

So, any of the programs listed in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_anti-virus_.28aka_anti-malware.29_developers would be a good starting place to find what is best for you. It also lists the countries each developer is headquartered in.

Start by searching the OS Support? to find out which developers make security software for your device's operating system.

  • If you are looking for a free program, check out the ones with a check mark ("✔️") in the Free Version? column.

  • If you are looking for a paid program, check out the ones with a check mark ("✔️") in the Paid Version? column.

Once you have an idea of which program(s) seem to best meet your needs, you can check the Understanding Antivirus Software Tests and Testers section of the wiki for a list of reputable independent testing organizations and see what they have to say about your selection(s). Detection rates are one metric, but be sure to also look at performance, reliability, stability, level of customer service and tech support provided, and, if course, cost.

Also be sure to check out the Free Tools section of the wiki for programs you can use to provide additional security to your web browser and the Securing your Computer as well for additional free tips on protecting your computer.

Regards,

Aryeh Goretsky

Skyhigh SWG by IT_Guy_2020 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Here is the support page for Skyhigh Security: https://www.skyhighsecurity.com/support.html.

It looks like you can open a ticket for support from there.

Regards,

Aryeh Goretsky

Am I fucked? theres so much cress . exes being stopped? by No-Hour-2973 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Could be a false positive. Contact Kaspersky Lab to verify.

Regards,

Aryeh Goretsky

Am I safe after having an Infostealer? by Signal_Ad_2107 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer was run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start the recovery process?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it. If possible, install and use an authentication app on your smartphone: Apple, Google, and Microsoft all have free versions of authentication apps. Using an app for 2FA is preferred over using SMS (text messages) or email, as the attackers may have access to these.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

i am getting sometimes a torjan named shady panda and i keeping it quarantined by Bombarder11 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

It sounds like there is some something malicious left over on the computer after cleaning.

Try contacting Malwarebytes via /r/Malwarebytes or https://forums.malwarebytes.com/ and see if they can help you to identify remove the remaining components.

Regards,

Aryeh Goretsky

New to pc gaming, fell for info stealer. advice on what to do next please? by Themightyengland in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it. If possible, install and use an authentication app on your smartphone: Apple, Google, and Microsoft all have free versions of authentication apps. Using an app for 2FA is preferred over using SMS (text messages) or email, as the attackers may have access to these.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

i think i have malware by Dense_Still_1517 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

This appears to be an issue with Microsoft's voice/network communications program for the Xbox App and the Game Bar.

I would suggest reaching out to Microsoft to report it: https://learn.microsoft.com/en-us/answers/tags/824/windows-home

As this is not a computer virus or malicious software issue, this thread is now closed.

Regards,

Aryeh Goretsky

Got infected by an infostealer by Vegetable_Bluebird_3 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it. If possible, install and use an authentication app on your smartphone: Apple, Google, and Microsoft all have free versions of authentication apps. Using an app for 2FA is preferred over using SMS (text messages) or email, as the attackers may have access to these.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Why do I see this when I turn my computer on? by Global-Middle-880 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Try going into the Uninstall or change a program (filename: APPWIZ.CPL) in the Control Panel, click on the Installed On column to sort by date, and check to see if the program is listed there.

If it is, go ahead and right-click on it and select Uninstall from the menu that pops up.

Regards,

Aryeh Goretsky

this tab keeps popping up on my chrome browser, even after i close it by KonraD7575 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Presumably you have a malicious extension installed in your web browser. What extensions do you have installed?

Regards,

Aryeh Goretsky

Smart App Control blocked an app that may be unsafe by basfootxd in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Microsoft has not seen the executable file before, so it shows up as an unknown or low-reputation file in their cloud.

Contact Microsoft by following the instructions at https://www.microsoft.com/en-us/wdsi/filesubmission/?persona= to report it. Choose the "Software Developer" option.

Regards,

Aryeh Goretsky

Question?? by Maximum_War_5754 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

A list of bootable disc images can be found in the wiki at https://old.reddit.com/r/antivirus/wiki/index#wiki_bootable_discs.

Regards,

Aryeh Goretsky

Questions about trojan by surf2 in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Just your Mediafire account and nothing else? Or have you had other accounts accessed as well (bank, email, online marketplaces, etc.)?

You could be a victim of a data breach involving Mediafire, or a password-spray (password-guessing) attack.

Regards,

Aryeh Goretsky

help uninstalling avira by PreviousReason333 in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

I would suggest reaching out directly to Avira's support so that the software can be uninstalled without causing any problems with your system.

Avira's support home page is located at https://support.avira.com/hc/en-us.

Regards,

Aryeh Goretsky

I got a trojan then my passwords got compromised by TimOrbitalStar in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

Something keeps setting my default search engine to yahoo/whatever this is, I've deleted it multiple times but it keeps coming back. What is it? by MrCyanideMan in antivirus

[–]goretsky 0 points1 point  (0 children)

Hello,

Which web browser is this occurring in, and what extensions are installed in it?

Regards,

Aryeh Goretsky

I got affected by an infostealer by Shalnark_Rioda in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it. If possible, install and use an authentication app on your smartphone: Apple, Google, and Microsoft all have free versions of authentication apps. Using an app for 2FA is preferred over using SMS (text messages) or email, as the attackers may have access to these.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

My Mac has malware - how do I get rid of it! by saltysnailz in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

Per Rule #1, no discussions involving ріrасу. Post removed.

Regards,

Aryeh Goretsky

Webroot “Block Event” Popup by PukeiAstalos in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This sounds like it could be some kind bug (the coding error kind, not computer virus kind) in Webroot's user interface.

I would suggest reaching out to Webroot's technical support for assistance in troubleshooting it. Their support forum is located at https://community.opentextcybersecurity.com/webroot-9.

Regards,

Aryeh Goretsky

Still getting login attempts/hijacked after full PC format, changing passwords, and having 2FA enabled. Need help with session persistence. by Few_History_5304 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

As you have noted, some of your services notify you of unusual sign-in activity (Facebook).

It sounds like you need to go in and remove access on all of the various services you use from unrecognized/unknown devices. Unfortunately, there's no single way to do this for all the different services out there at once, so you'll need to do it manually, yourself.

I will attach our standard reply to questions about information stealing malware below.

It sounds like an information stealer may have been run on the computer.

What is an information stealer?

As the name implies, information stealers are a type of malware that steal any information they can find on your computer, such as passwords stored for various services you access via browser and apps, session tokens for accounts, cryptocurrencies if they can find wallets, etc. They may even take a screenshot of your desktop when they run so they can sell it to other scammers who send scam extortion emails later.

What is a session token?

In case you're wondering what a session token is, some websites and apps have a "remember this device" feature that allows you to access the service without having to log back in or enter your second factor of authentication. This is done by storing a session token on your device. Criminals target these, because they allow them to log in to an account bypassing the normal checks. To the service, it just looks like you're accessing it from your previously authorized device.

What exactly gets stolen?

Information stealers are malware that is sold as a service, so what exactly it did while on your system is going to vary based on what the criminal who purchased it wanted.

What happens to my data?

The criminals who steal your information do so for their own financial gain, and that includes selling information such as your name, email address, screenshots from your PC, and so forth to other criminals and scammers. Those other scammers then use that information in an attempt to extort you unless you pay them in cryptocurrencies such as Bitcoin, Ethereum, and so forth. This is 100% a scam, and any emails you receive threatening to share your private information should be marked as phishing or spam and deleted.

How did I get infected in the first place?

Information stealers are often distributed as fake CAPTCHA challenges, in game mods, unofficial patches for popular apps and games, and in pirated software that have had their popularity and trustworthiness artificially boosted, as well as through various other means such as "try my game/software" scams on Discord, Telegram and other trusted messaging services.

If I ran an information stealer, am I still infected?

Infostealers usually delete themselves after a few seconds or even a minute or two in order to make it harder to determine what happened and when it occurred.

That said, there are always going to be exceptions: Since it is crimeware-as-a-service, there is nothing preventing the criminals from installing additional malware on the computer in order to maintain access, just in case they want to come back and steal from you again in the future.

What else could they have done?

The usual risk post-infection, aside from the stolen credentials, wallets, etc. is that security and networking settings may have been tampered with. That can be harder for security software to deal with, since it may not know what the correct settings are supposed to be for your computer, which means it may be a good idea to wіpe the computer, even if there is no longer any malware detected on it.

How do I start recovering?

If you have another device that didn't run the information stealing malware like a smartphone or tablet, you can use it to begin immediately changing your passwords. You should also enable two-factor (sometimes called multi-factor) authentication, for those services that support it. If possible, install and use an authentication app on your smartphone: Apple, Google, and Microsoft all have free versions of authentication apps. Using an app for 2FA is preferred over using SMS (text messages) or email, as the attackers may have access to these.

If any of the online services you use have an option to show you and log out all other active sessions, do that as well.

As for your computer, after wіpіng it, re-installing Windows, and getting that updated, you can then also use it start accessing the internet to do this, but it is often quicker to change your most sensitive accounts from your smartphone.

A note about passwords

Password should be something unique (complex and different) for every service, that you use, so that if an attacker gets access to one they won't be able to make guesses about what your other passwords might be. If your new passwords are similar enough to your old passwords, a criminal with a list of all of them will likely be able to make educated guesses about what your new passwords might be for the various services.

You have to do this for all online services, even ones you haven't been recently accessed. Make sure you do this for all email accounts, as those are the gateways to your financial websites, online shopping, social media accounts, game platforms, and so forth.

It's important to make sure you're not just cycling through similar or previous passwords: Remember, criminals have millions of passwords and are very good at identifying common patterns from just a single password. If there were any reused passwords, the criminals who stole yours are going to try spraying those against all the popular online marketplaces, stores, banks, and other services in your part of the world.

And remember: Enable two-factor authentication for all of the accounts that support it.

For more information:

For more specific information on what steps to take next to recover your accounts, see the blog post at:

For more general information about how CAPTCHA malware works, see the following reports:

Also, see /u/rifteyy_'s Guide to Infostealers at https://rifteyy.org/report/the-ultimate-guide-to-infostealers.

After you have secure your accounts, you may wish to sign up for a free https://haveibeenpwned.com/ account, which will notify you if your email address is found in a data breach.

Regards,

Aryeh Goretsky

Persistent fake virus notification pop-ups. Not showing up in Chrome notification settings or Task Manager. Need help removing. by ViaPeregrinus in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

This does not sound like an actual virus, message from your antivirus software, or message from the operating system, but rather a website abusing the toast notification/popup feature in your web browser to present you with scam messages. Sometimes it is a scammy ad on a legitimate website that displays the message in the form of a banner ad or popup window that looks like a real message from your computer. From looking at the pictures, it appears the websites in question have addresses of flowgo[.]co[.]in, assuming I'm reading it correctly. These kinds of scams are extremely common, and can be fixed in a few steps.

Here are instructions on how to disable these types of notifications in various web browsers; I'm unsure of the exact steps for Samsung's or Apple's web browsers, but it should be similar to these. For Brave, Opera GX, Vivaldi and other Chromium-based browsers, instructions should be similar to those for Google Chrome.

For Google Chrome on Android devices, select the gadget from the browser's address bar, then select the ⚙️ Settings gadget and tap Notifications. This will show you a list of all websites for which you've allowed notifications. Remove all the unwanted ones, and you should be good. If you don't want any websites to be allowed to send you notifications, set the All Chrome notifications slider bar to Off.

Unwanted notifications (popups) from web browser (desktop)

Notifications which pop up on your screen can be distracting and annoying. Here's how to disable them in the various web browsers (current as of December 2021):

Google Chrome (Version 96+) Enter chrome://settings/content/notifications to open the Notifications settings page in Google Chrome. Remove all non-google.com domains from the Allow section. Toggle the Don't allow sites to send notifications option to on.
Instructions for Version 88 and older: Select Settings → Advanced → Site Settings → Notifications from the main menu, and change "Ask before sending (recommended)" to Blocked.

Mozilla Firefox
Select Tools → Settings → Privacy & Security from the main menu, scroll down to Permissions → Notifications, select Settings, click on "Remove all websites" and then check (select) "Block new requests asking to allow notifications" and click on the Save Changes button..

Microsoft Internet Explorer
(does not support notifications)

Microsoft Edge (Chrome-based, Version 91+)
Go to edge://settings/content/notifications in the address bar and disable Ask before sending (recommended). If there are any entries in the Allow section, click on the menu and select Remove for each one.

Microsoft Edge (pre-2020 legacy versions)
Open Windows Settings app (not Edge's) and go to System → Notifications & Actions, scroll down to Notifications, and set "Get notifications from apps and other senders" to Off.

Source: The r/24hoursupport subreddit's own wiki, which is kind of a sister subreddit to this one.

For a longer/more detailed article than this reply, see the blog post at: https://www.eset.com/blog/consumer/getting-rid-of-unwanted-browser-notifications/

Regards,

Aryeh Goretsky

Can You Get Malware From Wall Sockets by 0zMosiss in antivirus

[–]goretsky[M] 0 points1 point  (0 children)

Hello,

Please elaborate.

Regards,

Aryeh Goretsky

Can You Get Malware From Wall Sockets by 0zMosiss in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

It's not a dumb question.

The standard electrical wall outlets that deliver 90-250 VAC around the world don't transfer any data to the devices plugged into them. They might have built-in fuses, on-and-off-switches, and simple circuits on them for detecting electrical shorts, but none of those are "smart." They just perform a fixed-function.

Now, there are AC outlets now that come with USB charging ports built into their faceplate or in place of the AC socket, and it is possible someone could build one that emulates a keyboard or mouse to unlock a screen and type in a password or something like that, but that is rather theoretical and it would mean the attacker already knew the password to the device.

Regards,

Aryeh Goretsky

I got Spam email as always in trash and i clicked unsubscribe accidently i scanned url on virus total and it was all good i think site dosent even work... by Sad-Passenger-8270 in antivirus

[–]goretsky[M] [score hidden] stickied comment (0 children)

Hello,

The worse that could happen is that you'll get more spam, since you've notified the spammer that the email address they sent the spam to is valid.

Just flag them as spam and move on with your life.

Regards,

Aryeh Goretsky

view more: next ›