Got a Google "Critical Security Alert" after connecting an external backup drive to a freshly reset laptop. Pretty sure it's linked to an InfoStealer from a bad repack download. Help
​
Hey everyone,
Looking for some technical insight on a security situation with my laptop. Here is the full backstory and how I got to this point:
The Backstory:
A little while ago, I tried to download a FitGirl repack game but accidentally ended up on a fake/impostor site. I downloaded a malicious file that turned out to be an InfoStealer (Token/Cookie Grabber). Shortly after, my Instagram, Valorant, and Steam accounts were all actively hacked. Fortunately, I managed to successfully recover all of those accounts. To make sure my system was completely clean, I then performed a full factory reset on my Windows gaming laptop, wiping the internal drive.
The Backup & The Trigger:
Before doing the factory reset, I backed up my files and data to an external hard drive.
After getting the laptop back up and running with a completely fresh, clean Windows install, I plugged that external backup hard drive in. I didn't actually copy, open, or install anything back onto the laptop yet—the drive was just physically plugged into the USB port.
Almost immediately, a pop-up appeared on my screen: "Critical Security Alert: Suspicious activity in your account. You were signed out on the device where this activity came from." Google forcefully logged my account out of the Windows device.
Because I already went through the nightmare of losing my gaming accounts once, I panicked. To isolate the threat immediately, I physically unplugged the external hard drive and shut down the laptop completely so it is entirely powered off and disconnected from the internet.
The Technical Theory:
I'm assuming that when I backed up my files before the reset, the InfoStealer malware (or the stolen browser session cookies/tokens it generated) was copied directly onto the external hard drive. The second I plugged that drive back into a live Windows environment, a background process or a dormant script on the drive tried to execute or phone home using those stolen Google session tokens, which instantly tripped Google's automated alarms.
My Questions:
Has anyone experienced a fresh Windows reset combined with plugging in an external backup drive triggering a Critical Security Alert from Google like this?
Since my laptop is currently completely powered off and the external drive is physically disconnected, are my recovered accounts (Steam, Valorant, Insta) and WhatsApp safe for now?
What is the safest protocol to scan and clean this external hard drive without re-infecting my fresh Windows install? I don't want to accidentally trigger the malware executable again just by opening the drive.
Appreciate any advice. Thanks!