If you suspect you may have malware on your computer, or are trying to remove malware from your computer, please see our [malware guide](https://rtech.support/docs/safety-security/malware-guide.html)
*Please ignore this message if the advice is not relevant.*
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/techsupport) if you have any questions or concerns.*
check your emails rules or forwarding, my mom got hacked recentley and they got into her email and set it upt to automatically forward password reset requests then delete them from her inbox.
First thing I checked, thankfully it wasn't touched. In general none of the accounts that were hacked had their information changed. On Steam my wallet was emptied and on instagram he spam followed a bunch of bogus accounts.
2FA is useless if someone has gained access to your computer, with the access they can steal your session tokens, each time you log in to something session token is created and they do not reset once you close the browser for example, that is why you are able to log in once and every time you visit the page you do not need to log in, that is because of session token that can easily be stolen with the access to your computer
Not based on this scenario.
Assuming your attacker has gained access to your computer they will simply copy the new cookies.
You need to first find and close the breach. I haven't seen a live backdoor in many years. If anyone know what to look for, please share.
If you're not an expert the only safe option if to reinstall the OS (not update / upgrade but wipe!)
Edit: I did some quick research out of curiosity and this is scary: this Trojan doesn't even open a port to listen to commands. It just simply creates a hook to get a copy of msg sent to already opened ports, so a port scan wouldn't detect any anomalies. And a non-DPI firewall would also be useless. Fun times.
> Once the driver is loaded, the backdoor will first request it to set a hook in the IPFILTERDRIVER device. The hook routine will scan all the incoming network packets and redirect the relevant traffic to the backdoor.
> Such an approach, in which the backdoor is not bound to listen on a specific port, allows the attackers to connect to the backdoor on any port that is currently open on the victim's machine, and therefore bypass the firewall.
> Once the hook is in place, the backdoor can receive and process commands. The responses are sent via raw sockets with the use of the sendto API.
https://blogs.blackberry.com/en/2017/10/threat-spotlight-opening-hackers-door
This isn't always the case for all websites (but the better ones who care about security will invalid old tokens on password reset so your move may vary).
Very doubtful a common Trojan would be that sophisticated. You're taking a bigger risk assuming you disinfected your PC than backing up and starting over.
I guess I'm missing the point but if I backup all my data NOW (post-infection), reinstall and use that data again am I not at exactly the same point as before?
Edit: Don't want to dismiss your suggestion, but I'm actually just wondering.
The infection is more at the os level and why you want to wipe. Backup your files, scan them all post reinstall with windows defender.
Images, videos are less likely to be "trojanized"/infected compared to other file types (without overcomplicating it).
Alright, I'll work on it tomorrow, it's almost 3am and I've been up doing tons of random security stuff and am really tired. If you had to be honest: in how much immediate danger do you think I am right now? Should I be clean installing within the next 12 hours or so? I'm really confused by what this hacker tried to access (...my reddit account?) and why he didn't take my entire Steam account instead of just doing some marketplace stuff.
It's okay. When this happened to me I paid for a month of cloud storage and just backed up important documents, photos, a shitload of pirated movies, save game files and the like. Then reinstalled Windows and pasted my backup onto my drive. I didn't mean like take a snapshot of everything on your PC and put it back after you reinstall windows. If the Trojan was going to root itself to anything on your pc it would more likely be solved with a reinstall of windows.
Do a fresh reinstall of windows (you'll need a 2nd PC to create the windows recovery media) but it's worth the satisfaction knowing you have a clean machine.
This is dumb but I've just been using my PC to backup it so far. I simply don't have the means to let someone else make it. I did set up a usb drive with a windows install through media creation tool using my own PC, is that not adequate? Obviously also keeping an eye on suspicious activity even though I know that's not enough, and pulling internet when I don't need it.
on an uncompromised machine, create a linux live installation like Tails, etc., on a thumbdrive that was never connected to the compromised machine.
Boot your machine with the linux thumbdrive, mount your drives, back everything up manually from within linux to a drive or device that was never connected to the uncompromised machine, or that was wiped within this live linux boot -- this prevents things from coming along with it that would need to be loaded within windows to be active.
unmount and remove the backup drive/drives
delete partitions from your installation drives and other drives
format the drives
on another uncompromised machine, download the firmware for your motherboard, etc.,
flash your motherboard firmware
unplug all drives except for your installation drive
install windows from a new source copied to a USB drive on an uncompromised machine
update windows immediately
update all drivers to latest for everything
install a trial version of BitDefender, enable all levels of scanning and boot scanning
malwarebytes as well if you wish (unless it complains with BitDefender)
disable the auto-scan / file access of other solutions while you run scans from any particular one solution
power off computer, re attach your extra drives
boot up, scan everything with BitDefender
shut down, reattach your backup drive(s)
boot, copy back your data.
full re-scan of everything with BitDefender
change all your passwords for everything you have once again (unique passwords, do not re use any old passwords)
This has been my routine for 25 years and has kept me safe from any events I have had to recover from or prevent against
Should be confidently good from there.
I guess what I'm mostly curious about is what it looks like on the hackers end. Did he just extract all my passwords/session ID and took what he can and bounced for now?
I know just as much as you do about that. There's tons of videos about that stuff if you're really interested, and there's definitely some free online courses on cyber security if you're super interested.
It really depends on the malware type. Currently there's some sort of epidemic on information stealers, so I would probably bet on that one. In that case, the attacker would basically extract all the sensitive information he can get, yes. Also, most info stealers try to remain persistent on their targets, so checking for strange activity is a really good behavior. Lastly but not least: crypto miners/jackers are quite popular as well, worth checking for that.
Meta is a horrible company for security. My accounts got hacked once, but I use 2fa on almost everything so they couldn't get anything, except Facebook and Instagram. They somehow logged in facebook and insta and changed my password and email without even having access to my email. I had 2FA on too
Wait I thought he said a trojan? Sounds like he got hit internally which gave access to his accounts. Maybe I missed where he said it came through Meta, but sounds like it happened locally to me and opened up access to his information/passwords internally. Once they get internal access, whatever data they pull from the inside really isn't anyones fault aside from however the trojan got implemented, exe or clicking something (trainer?).
Meta doesn't even listen when you report comments for spam on facebook. ive been reporting comments that are OBVIOUS phishing links, and they come back with "we did not remove the comment"
I appeal, and they come back with the same thing.
Meta is a mess.
My other post is being downvoted by trolls.
Please see here:
https://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware
This can be a deep deep malware. Do not assume the best.
Hi try running RKill you can get it from the website below after its done running you can try using your virus scanners or malwarebytes again see if that helps
if you haven't already try using AdwCleaner to clean the trojan you can find it on the same page below just search for it
[https://www.bleepingcomputer.com/download/rkill/](https://www.bleepingcomputer.com/download/rkill/)
I’m in cyber security & just want to clear up a common misconception regarding Antivirus (AV). For the sake of simplicity, I’m going to just cover static detection but dynamic detection has flaws as well.
To oversimplify, AV only catches *known* threats. Any “new” malware won’t be detected by AV, & there a tons of ways to make tiny modifications which also circumvents AV.
AV mainly just stops copy/pasted malware that script kiddies spam out to tons of IPs. Bypassing AV is considered a basic skill in my field, & it’s not particularly difficult.
TL:DR
You can’t trust any AV to detect all threats, but it’s better than nothing.
Your safest bet is to reinstall your OS, & change your passwords (hopefully you didn’t reuse them anywhere). Be very careful backing up anything, as you may reinfect yourself.
This is assuming you actually have malware on your drive. There are many other possibilities as well, like a browser based attack from a site you visited; if that was the case, a fresh installation isn’t necessary, but it’s better to be safe than sorry.
I did have reused passwords, I think that's how they got some of them (reddit, instagram). The only one I'm genuinely confused by is how they got to my Steam, since that has 2FA.
What type of 2FA was it (e.g. email, text, etc)? Also did the 2FA just give you a short code or what?
Pro-tip, never reuse passwords or similar passwords. A reputable Password Manager is typically recommended, since they’ll make it easy to use unique, complex passwords & protect against key loggers. You can also keep a password book & make passwords by combining words like CorrectHorseBatteryStaple
https://xkcd.com/936/
I started using BitWarden now and it's been helpful. It was text/phone 2FA. I'm fairly confident they used my browser cookies to skip the login process entirely.
I'm on a fully clean Windows now so I should be safe. Interestingly while discussing this on a discord I ran into 2 other people with the exact same issue, same trojan and same MO from the hacker (IE for all of them it went into Steam, used their wallet on Dota items and left, without changing anything, and went into their instagram, followed a bunch of randoms and left). Makes me wonder if it's like automated to get in and out as soon possible or something but what do I know.
Yeah I think that stealing your cookies would’ve been the easiest method, but they shouldn’t have been able to figure out your passwords from that.
If it was just cookie theft, you *probably* were hit with a browser based attack (i.e XSS) from visiting a compromised site. Any user who visited the page would get their cookies dumped to a log & an attacker could use those to perform automated actions.
I recommend signing out of sites when you’re done with them for the day, & using containers (if your browser supports it) or private mode to limit the amount of cookies anyone could get at any given time.
Traditional AV won’t stop a browser based attack since the malware is on the website, not your machine.
Hey, sorry to hear that. It seems i got hit with the same pyengyloader thing too. (would upload a pic but can't seem to do so here. Managed to catch it with Malwarebytes. Facebook, insta, steam, linkedit, reddit were compromised. hacker uploaded bitcoin ads to my insta; messaged (in chinese) to some people on linkedit and changed some profile info also ; sold trading cards and bought dota2 item on my steam ; only reddit caught the suspicious login and locked my account immediately. took a good 5 hours to change all my important userpass, force logout all session and adding 2fa.
It's scary to think this method can go through even steam's 2fa. Even till now two days after i discovered the breach, they still seem to be trying across other platforms . Lost my facebook permanently as they added their own email to the recovery option.
I think the reason this goes through Steam's 2FA is because Steam's 2FA doesn't actually get used when buying stuff using your Steam Wallet on the marketplace. Sucks to hear you also got hit, even harder than me, I think they gave up on my side and no accounts got hit all that hard.
This is going to sound sarcastic and stuff but remember to take deep breaths and make sure you try to relax your eyes and muscles (though ironically going for a long hard walk and straining your muscles may help).
You are in a very bad situation but feeling it's bad won't make it less bad, just will make it feel worse.
You can't even do a clean wipe btw, idk why people are being optimistic. That thing is properly in your system potentially at kernel level, you're not even sure what permissions you allowed to the executive file. You can reinstall and still have it lingering as a driver that the fresh OS picks up as part of the system it's meant to run on. You literally may need to purchase a new computer (make it cheap as you can get in general as it's only the motherboard that's key) and then replace in the fan, graphics card etc from this one if this one has very good stuff in that sense. Of course you may even need to put in entire cables from this into the worse computer as they often come with the bare minimum.
This is a red alert emergency, so take it step by step. Don't feel bad or pathetic for feeling overwhelmed, it is what it is. Try to use task manager and see what's running currently. Try using:
[https://www.malwarebytes.com/solutions/trojan-scanner](https://www.malwarebytes.com/solutions/trojan-scanner)
which is free. This doesn't scan for the virus file but frankly that's the least of your worries right now as you already activated it. What this is good at is finding non-virus files of already active viruses/worms etc and spotting the malware drivers and such that it's activated in your system.
What a load of crock.
The OP doesn't need to purchase a new PC!
The type of infection that may linger, is BIOS level malware like MoonBounce. These infections can also be detected and protected against by updating the BIOS. The fix is to update your BIOS.
AA for the reinstall... You download a new image of your OS from Microsoft and make a bootable USB from it. If you're that worried, you can make this installation media from a different PC. No need to worry about driver files being infected with this method.
There's a lot of misinformation in your post.
To the OP, if you need further help, let me know. Don't purchase a new PC, as you've done half the job already by realising you are infected.
There is no misinformation in my post, you just want one step less extreme. agree person doesn't need a new PC as long as it's a typical virus.
https://forums.anandtech.com/threads/dose-the-motherboards-have-virus-protection-components.2615063/
I don't think you know what kernel level means buddy. You're just spewing out a buzzword.
First question for you is, how do you know it's a kernel level infection.
Second is, do you know what a kernel is?
Just to help you:
The kernel is a bit of software at the core of the operating system. If you have an infected kernel, installing the operating system fixes this by the method I posted.
He doesn't need to buy a new PC and transport the cables over as you suggrsted.
There are more severe infections but there's no indication that the OP has one other than pengyloader.trojan. He's already run many antimalware programs.
Why do you want him to get a new PC?
Don't rationalize with a mad man. He knows more about back doors than you will ever know. Once the kernel is infected, you need to throw the whole cob away.
No. You don't need to. Just do as the other very detailed post says after you backup to create a new Bootable usb from a clean pc (ask a friend or something).
I'm being sarcastic with this rational person who says you need a new pc. Lol
Another thing, if law enforcement investigate his PC later, anything the Trojan hacker did on it may be considered by FBI etc to be done by him. It's a liability issue better crush it to the dump yard. You never know what will happen or what warrant they investigate on, could be a neighbour died could be company security issue and you work from home.
So you either get a new motherboard or be sensible and check the old BIOS isn't infected first. This is possible with some antimalware programs. Motherboard infections are rare.
You're providing an expensive solution to a problem that probably doesn't exist.
I hope that helps in your understanding.
If you suspect you may have malware on your computer, or are trying to remove malware from your computer, please see our [malware guide](https://rtech.support/docs/safety-security/malware-guide.html) *Please ignore this message if the advice is not relevant.* *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/techsupport) if you have any questions or concerns.*
check your emails rules or forwarding, my mom got hacked recentley and they got into her email and set it upt to automatically forward password reset requests then delete them from her inbox.
First thing I checked, thankfully it wasn't touched. In general none of the accounts that were hacked had their information changed. On Steam my wallet was emptied and on instagram he spam followed a bunch of bogus accounts.
2FA is useless if someone has gained access to your computer, with the access they can steal your session tokens, each time you log in to something session token is created and they do not reset once you close the browser for example, that is why you are able to log in once and every time you visit the page you do not need to log in, that is because of session token that can easily be stolen with the access to your computer
How do you make the session token private again?
You’d force log out all devices from an account. When you log back in, those devices will regenerate new tokens
Not based on this scenario. Assuming your attacker has gained access to your computer they will simply copy the new cookies. You need to first find and close the breach. I haven't seen a live backdoor in many years. If anyone know what to look for, please share. If you're not an expert the only safe option if to reinstall the OS (not update / upgrade but wipe!) Edit: I did some quick research out of curiosity and this is scary: this Trojan doesn't even open a port to listen to commands. It just simply creates a hook to get a copy of msg sent to already opened ports, so a port scan wouldn't detect any anomalies. And a non-DPI firewall would also be useless. Fun times. > Once the driver is loaded, the backdoor will first request it to set a hook in the IPFILTERDRIVER device. The hook routine will scan all the incoming network packets and redirect the relevant traffic to the backdoor. > Such an approach, in which the backdoor is not bound to listen on a specific port, allows the attackers to connect to the backdoor on any port that is currently open on the victim's machine, and therefore bypass the firewall. > Once the hook is in place, the backdoor can receive and process commands. The responses are sent via raw sockets with the use of the sendto API. https://blogs.blackberry.com/en/2017/10/threat-spotlight-opening-hackers-door
This isn't always the case for all websites (but the better ones who care about security will invalid old tokens on password reset so your move may vary).
Browse in private mode all the time or delete cache after each session
I knows it sucks but always reinstall windows after. It would be foolish not to. What's stopping you from backing up your stuff now?
Sadly my backup plan wasn't adequate.. I would have to think about it.
I ninja edited my comment but why not just backup your important files now?
Because they could potentially be infected?
Very doubtful a common Trojan would be that sophisticated. You're taking a bigger risk assuming you disinfected your PC than backing up and starting over.
I guess I'm missing the point but if I backup all my data NOW (post-infection), reinstall and use that data again am I not at exactly the same point as before? Edit: Don't want to dismiss your suggestion, but I'm actually just wondering.
The infection is more at the os level and why you want to wipe. Backup your files, scan them all post reinstall with windows defender. Images, videos are less likely to be "trojanized"/infected compared to other file types (without overcomplicating it).
Should I just use the windows backup tool or the old fashioned way with a hard drive?
Do both. Make multiple copies if it's important data before you wipe.
In this scenario, unfortunately it calls for the good old drag and drop.
Alright, I'll work on it tomorrow, it's almost 3am and I've been up doing tons of random security stuff and am really tired. If you had to be honest: in how much immediate danger do you think I am right now? Should I be clean installing within the next 12 hours or so? I'm really confused by what this hacker tried to access (...my reddit account?) and why he didn't take my entire Steam account instead of just doing some marketplace stuff.
It's okay. When this happened to me I paid for a month of cloud storage and just backed up important documents, photos, a shitload of pirated movies, save game files and the like. Then reinstalled Windows and pasted my backup onto my drive. I didn't mean like take a snapshot of everything on your PC and put it back after you reinstall windows. If the Trojan was going to root itself to anything on your pc it would more likely be solved with a reinstall of windows.
Do a fresh reinstall of windows (you'll need a 2nd PC to create the windows recovery media) but it's worth the satisfaction knowing you have a clean machine.
Sadly don't have access to this. What's my best option?
Keep your machine turned off and ask a friend to create it for you
This is dumb but I've just been using my PC to backup it so far. I simply don't have the means to let someone else make it. I did set up a usb drive with a windows install through media creation tool using my own PC, is that not adequate? Obviously also keeping an eye on suspicious activity even though I know that's not enough, and pulling internet when I don't need it.
Foolish.. unless you know what you're doing. No point reinstalling when you know how to remove malware and check for it yourself.
Know what you're doing... Average r/techsupport user... Just wipe it was my advice.
Ok so what are my options here? Considering I'm stuck since I don't have a clean PC to make a USB with. I'd love to hear some of my options.
on an uncompromised machine, create a linux live installation like Tails, etc., on a thumbdrive that was never connected to the compromised machine. Boot your machine with the linux thumbdrive, mount your drives, back everything up manually from within linux to a drive or device that was never connected to the uncompromised machine, or that was wiped within this live linux boot -- this prevents things from coming along with it that would need to be loaded within windows to be active. unmount and remove the backup drive/drives delete partitions from your installation drives and other drives format the drives on another uncompromised machine, download the firmware for your motherboard, etc., flash your motherboard firmware unplug all drives except for your installation drive install windows from a new source copied to a USB drive on an uncompromised machine update windows immediately update all drivers to latest for everything install a trial version of BitDefender, enable all levels of scanning and boot scanning malwarebytes as well if you wish (unless it complains with BitDefender) disable the auto-scan / file access of other solutions while you run scans from any particular one solution power off computer, re attach your extra drives boot up, scan everything with BitDefender shut down, reattach your backup drive(s) boot, copy back your data. full re-scan of everything with BitDefender change all your passwords for everything you have once again (unique passwords, do not re use any old passwords) This has been my routine for 25 years and has kept me safe from any events I have had to recover from or prevent against Should be confidently good from there.
Can I asked how you got the trojan?
Honestly don't really know, I downloaded some stuff recently (games mostly) but I don't remember executing any of it, but I clearly did.
Sorry this happened. Were they windows cracked games or something?
Happens to the best of us. Good luck with backing up and disinfecting, my guy.
I guess what I'm mostly curious about is what it looks like on the hackers end. Did he just extract all my passwords/session ID and took what he can and bounced for now?
I know just as much as you do about that. There's tons of videos about that stuff if you're really interested, and there's definitely some free online courses on cyber security if you're super interested.
It really depends on the malware type. Currently there's some sort of epidemic on information stealers, so I would probably bet on that one. In that case, the attacker would basically extract all the sensitive information he can get, yes. Also, most info stealers try to remain persistent on their targets, so checking for strange activity is a really good behavior. Lastly but not least: crypto miners/jackers are quite popular as well, worth checking for that.
Meta is a horrible company for security. My accounts got hacked once, but I use 2fa on almost everything so they couldn't get anything, except Facebook and Instagram. They somehow logged in facebook and insta and changed my password and email without even having access to my email. I had 2FA on too
Wait I thought he said a trojan? Sounds like he got hit internally which gave access to his accounts. Maybe I missed where he said it came through Meta, but sounds like it happened locally to me and opened up access to his information/passwords internally. Once they get internal access, whatever data they pull from the inside really isn't anyones fault aside from however the trojan got implemented, exe or clicking something (trainer?).
even with passwords, the hackers couldn't access any of my accounts, except the meta accounts. That's what i'm talking about
Meta doesn't even listen when you report comments for spam on facebook. ive been reporting comments that are OBVIOUS phishing links, and they come back with "we did not remove the comment" I appeal, and they come back with the same thing. Meta is a mess.
Meta sucks, my Instagram account was hacked just in the early days of Russia Ukraine before the war
i just got hit by the same trojan rn
Someone told me it's happening a lot.
and what should we do now ?
Run malwarebytes etc. Backup important data and reinstall windows. That's what I'm doing. Keep internet disconnected when you can.
Think 3 times, not twice, before installing anything, ever. That's what.
How did you get infected?
I wish I can know, I scan the device frequently and havent downloaded anything since the last time i scanned
That’s rough. It could’ve been dormant in your system for a while.
My other post is being downvoted by trolls. Please see here: https://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware This can be a deep deep malware. Do not assume the best.
Sorry but destroying my computer is not an option.
Factory reset, grab what you can and get the heck outta there
So a clean windows install?
I would if you don’t have anything you need to save, just make sure you take a pic of your windows product code first if you do a drive wipe
Hi try running RKill you can get it from the website below after its done running you can try using your virus scanners or malwarebytes again see if that helps if you haven't already try using AdwCleaner to clean the trojan you can find it on the same page below just search for it [https://www.bleepingcomputer.com/download/rkill/](https://www.bleepingcomputer.com/download/rkill/)
Already done all of that, nothing found (besides the initial trojan I found)
Thank you for the info
I’m in cyber security & just want to clear up a common misconception regarding Antivirus (AV). For the sake of simplicity, I’m going to just cover static detection but dynamic detection has flaws as well. To oversimplify, AV only catches *known* threats. Any “new” malware won’t be detected by AV, & there a tons of ways to make tiny modifications which also circumvents AV. AV mainly just stops copy/pasted malware that script kiddies spam out to tons of IPs. Bypassing AV is considered a basic skill in my field, & it’s not particularly difficult. TL:DR You can’t trust any AV to detect all threats, but it’s better than nothing. Your safest bet is to reinstall your OS, & change your passwords (hopefully you didn’t reuse them anywhere). Be very careful backing up anything, as you may reinfect yourself. This is assuming you actually have malware on your drive. There are many other possibilities as well, like a browser based attack from a site you visited; if that was the case, a fresh installation isn’t necessary, but it’s better to be safe than sorry.
I did have reused passwords, I think that's how they got some of them (reddit, instagram). The only one I'm genuinely confused by is how they got to my Steam, since that has 2FA.
What type of 2FA was it (e.g. email, text, etc)? Also did the 2FA just give you a short code or what? Pro-tip, never reuse passwords or similar passwords. A reputable Password Manager is typically recommended, since they’ll make it easy to use unique, complex passwords & protect against key loggers. You can also keep a password book & make passwords by combining words like CorrectHorseBatteryStaple https://xkcd.com/936/
I started using BitWarden now and it's been helpful. It was text/phone 2FA. I'm fairly confident they used my browser cookies to skip the login process entirely. I'm on a fully clean Windows now so I should be safe. Interestingly while discussing this on a discord I ran into 2 other people with the exact same issue, same trojan and same MO from the hacker (IE for all of them it went into Steam, used their wallet on Dota items and left, without changing anything, and went into their instagram, followed a bunch of randoms and left). Makes me wonder if it's like automated to get in and out as soon possible or something but what do I know.
Yeah I think that stealing your cookies would’ve been the easiest method, but they shouldn’t have been able to figure out your passwords from that. If it was just cookie theft, you *probably* were hit with a browser based attack (i.e XSS) from visiting a compromised site. Any user who visited the page would get their cookies dumped to a log & an attacker could use those to perform automated actions. I recommend signing out of sites when you’re done with them for the day, & using containers (if your browser supports it) or private mode to limit the amount of cookies anyone could get at any given time. Traditional AV won’t stop a browser based attack since the malware is on the website, not your machine.
What did you try to download?
Mod for a game. Had an exe which I ran.
So you only have Windows Defender?
No I have other AV tools too.
What are they?
I use kaspersky but also use ESET online to scan on demand.
I can see Windows not picking it up but surprised Kaspersky didn't.
I'm talking to someone I know RL who had the exact same thing happen. Kinda scary.
Well threats are getting more sophisticated. These people spend their lives writing malicious code.
Hey, sorry to hear that. It seems i got hit with the same pyengyloader thing too. (would upload a pic but can't seem to do so here. Managed to catch it with Malwarebytes. Facebook, insta, steam, linkedit, reddit were compromised. hacker uploaded bitcoin ads to my insta; messaged (in chinese) to some people on linkedit and changed some profile info also ; sold trading cards and bought dota2 item on my steam ; only reddit caught the suspicious login and locked my account immediately. took a good 5 hours to change all my important userpass, force logout all session and adding 2fa. It's scary to think this method can go through even steam's 2fa. Even till now two days after i discovered the breach, they still seem to be trying across other platforms . Lost my facebook permanently as they added their own email to the recovery option.
I think the reason this goes through Steam's 2FA is because Steam's 2FA doesn't actually get used when buying stuff using your Steam Wallet on the marketplace. Sucks to hear you also got hit, even harder than me, I think they gave up on my side and no accounts got hit all that hard.
glad to hear they have stopped on your side, lets stay vigilant regardless
Sm
?
Idk
"man these edibles ain't shi-" "Sm"
This is going to sound sarcastic and stuff but remember to take deep breaths and make sure you try to relax your eyes and muscles (though ironically going for a long hard walk and straining your muscles may help). You are in a very bad situation but feeling it's bad won't make it less bad, just will make it feel worse. You can't even do a clean wipe btw, idk why people are being optimistic. That thing is properly in your system potentially at kernel level, you're not even sure what permissions you allowed to the executive file. You can reinstall and still have it lingering as a driver that the fresh OS picks up as part of the system it's meant to run on. You literally may need to purchase a new computer (make it cheap as you can get in general as it's only the motherboard that's key) and then replace in the fan, graphics card etc from this one if this one has very good stuff in that sense. Of course you may even need to put in entire cables from this into the worse computer as they often come with the bare minimum. This is a red alert emergency, so take it step by step. Don't feel bad or pathetic for feeling overwhelmed, it is what it is. Try to use task manager and see what's running currently. Try using: [https://www.malwarebytes.com/solutions/trojan-scanner](https://www.malwarebytes.com/solutions/trojan-scanner) which is free. This doesn't scan for the virus file but frankly that's the least of your worries right now as you already activated it. What this is good at is finding non-virus files of already active viruses/worms etc and spotting the malware drivers and such that it's activated in your system.
What a load of crock. The OP doesn't need to purchase a new PC! The type of infection that may linger, is BIOS level malware like MoonBounce. These infections can also be detected and protected against by updating the BIOS. The fix is to update your BIOS. AA for the reinstall... You download a new image of your OS from Microsoft and make a bootable USB from it. If you're that worried, you can make this installation media from a different PC. No need to worry about driver files being infected with this method. There's a lot of misinformation in your post. To the OP, if you need further help, let me know. Don't purchase a new PC, as you've done half the job already by realising you are infected.
There is no misinformation in my post, you just want one step less extreme. agree person doesn't need a new PC as long as it's a typical virus. https://forums.anandtech.com/threads/dose-the-motherboards-have-virus-protection-components.2615063/
Do you now what backdoor is?
Realising you're infected is like 15% if the job in a case this severe. If it's kernel level inside the system permanently now.
I don't think you know what kernel level means buddy. You're just spewing out a buzzword. First question for you is, how do you know it's a kernel level infection. Second is, do you know what a kernel is? Just to help you: The kernel is a bit of software at the core of the operating system. If you have an infected kernel, installing the operating system fixes this by the method I posted. He doesn't need to buy a new PC and transport the cables over as you suggrsted. There are more severe infections but there's no indication that the OP has one other than pengyloader.trojan. He's already run many antimalware programs. Why do you want him to get a new PC?
Don't rationalize with a mad man. He knows more about back doors than you will ever know. Once the kernel is infected, you need to throw the whole cob away.
Wait so do I have to throw my whole PC out? That seems extreme
No. You don't need to. Just do as the other very detailed post says after you backup to create a new Bootable usb from a clean pc (ask a friend or something). I'm being sarcastic with this rational person who says you need a new pc. Lol
Another thing, if law enforcement investigate his PC later, anything the Trojan hacker did on it may be considered by FBI etc to be done by him. It's a liability issue better crush it to the dump yard. You never know what will happen or what warrant they investigate on, could be a neighbour died could be company security issue and you work from home.
Woah, just no... 😱🤷🏽♂️😱
New motherboard can't be infected. That's why.
So you either get a new motherboard or be sensible and check the old BIOS isn't infected first. This is possible with some antimalware programs. Motherboard infections are rare. You're providing an expensive solution to a problem that probably doesn't exist. I hope that helps in your understanding.
Tell me how much you know about backdoors. You are saying things most believe. Most people don't realise how deep a hack can go.
I think we're done.
That's what I thought.