Is the virus still there?

RubberYet · Nov 17, 2019

What actually happened:
Basically, I downloaded a "something" from a very suspicious site. After that, I ran "something" and my laptop got attacked by the virus.

What the virus did:
The virus mainly took away my administrative rights from my PC as well as Google Chrome. It told me that my PC and my browser was being controlled by my "employer/organization". Certainly I was scared and unfortunately had no anti-virus installed.

What I did:
I installed Malwarebytes through a USB and it tried to kill it, but I wasn't sure if it did or not. The last option I had was to factory reset it.

Result:
I did, but now I'm wondering was it a "soft" reset? Because when it was done, I noticed that only C Drive was reset. "Documents", "Photos" and other files from rest of the drives were intact. But luckily, I got my administrative rights back and Google Chrome is back to normal. Malwarebytes and Kaspersky reported nothing suspicious.

But the question is.. is the virus still there? Because the factory reset I did didn't really wipe out EVERYTHING. And yeah one more thing, it has been a month since this incident. I recently came across a similar post and learnt how dangerous this virus could be.

Answers are appreciated

Shizuka · Nov 17, 2019

So. What’s the name of the virus?

RubberYet · Nov 17, 2019

Agadebo said:
So. What’s the name of the virus?

I'm not sure, but according to this thread, it's "Safefinder". I assume this could also be a RAT. Besides, my problem is very similar to the mentioned thread's virus issue.

Em · Nov 17, 2019

If you're so concerned, get a new harddrive. And motherboard. Lol.

RubberYet · Nov 17, 2019

at said:
If you're so concerned, get a new harddrive. And motherboard. Lol.

I would but I have kept that for the last. I still want to know if there is a way to know if I'm clean or not.

Em · Nov 17, 2019

RubberYet said:
I would but I have kept that for the last. I still want to know if there is a way to know if I'm clean or not.

If it's a good coded RAT, there's no way to get rid of it, other than getting a new motherboard, and hard drive.

Ilay A · Nov 17, 2019

RubberYet said:
What actually happened:
Basically, I downloaded a "something" from a very suspicious site. After that, I ran "something" and my laptop got attacked by the virus.

What the virus did:
The virus mainly took away my administrative rights from my PC as well as Google Chrome. It told me that my PC and my browser was being controlled by my "employer/organization". Certainly I was scared and unfortunately had no anti-virus installed.

What I did:
I installed Malwarebytes through a USB and it tried to kill it, but I wasn't sure if it did or not. The last option I had was to factory reset it.

Result:
I did, but now I'm wondering was it a "soft" reset? Because when it was done, I noticed that only C Drive was reset. "Documents", "Photos" and other files from rest of the drives were intact. But luckily, I got my administrative rights back and Google Chrome is back to normal. Malwarebytes and Kaspersky reported nothing suspicious.

But the question is.. is the virus still there? Because the factory reset I did didn't really wipe out EVERYTHING. And yeah one more thing, it has been a month since this incident. I recently came across a similar post and learnt how dangerous this virus could be.

Answers are appreciated

If malwarebytes + windows defender failed you, throw the hard drive away it's cursed

RubberYet · Nov 17, 2019

Ilay A said:
If malwarebytes + windows defender failed you, throw the hard drive away it's cursed

Well I was hoping for a positive message, but looks like I have to get a new hard drive anyways. Thanks everyone.

RubberYet · Nov 18, 2019

Kanova_o said:
and maybe a new motherboard

Oh, about the motherboard, is it really necessary?

roy · Nov 18, 2019

I had something somewhat similar to this about a year and a half ago from a download a friend sent me. It hides itself in the Windows Registry (from my experience) and the only way I could truly get rid of it was downloading a software which specifically scans the Registry for malware. I honestly cannot recall what the name of it was, though it was off a recommendation I got from Tom’s Hardware. I would say look into that and give your PC a scan, then regularly scan it through Malwarebytes’ Free Trial for a week.

RubberYet · Nov 18, 2019

roy said:
I had something somewhat similar to this about a year and a half ago from a download a friend sent me. It hides itself in the Windows Registry (from my experience) and the only way I could truly get rid of it was downloading a software which specifically scans the Registry for malware. I honestly cannot recall what the name of it was, though it was off a recommendation I got from Tom’s Hardware. I would say look into that and give your PC a scan, then regularly scan it through Malwarebytes’ Free Trial for a week.

Alright, I'll try to find that "registry" scanner thing and give it a scan. I assume that asking this question on Tom's Hardware would be a good idea. Thanks to all who have tried to help me!

RubberYet · Nov 18, 2019

Basically, my PC right now is in a decent state. There is no sign of it being infected with a virus (I have full control over it/Malwarebyte scans detect nothing bad/Performance is great). Although there isn't any suspicious behavior, I'm still worried. Is it some sort of lure? Can it suddenly become activated and cause damage?

Kappa · Nov 21, 2019

I'd highly recommend flashing Kaspersky Rescue Disk onto a USB or CD and then booting your computer using it. After that, run a full scan.

RileyN · Nov 21, 2019

MalwareBytes was a good place to start, but I have a few more suggestions. These were the general steps I took to clean out client computers at my old job.

Install rKill, this program kills any programs that aren't required for your PC to function. Specifically, this kills malicious programs.
Run MalwareBytes again, and enable automatic scans.
Run CCleaner to clean out any cookie/browsing history, and perhaps reinstall/wipe our your Google Chrome.

Good luck!

RubberYet · Nov 22, 2019

Kappa said:
I'd highly recommend flashing Kaspersky Rescue Disk onto a USB or CD and then booting your computer using it. After that, run a full scan.

Munchiemouth said:
MalwareBytes was a good place to start, but I have a few more suggestions. These were the general steps I took to clean out client computers at my old job.

Install rKill, this program kills any programs that aren't required for your PC to function. Specifically, this kills malicious programs.

Run MalwareBytes again, and enable automatic scans.

Run CCleaner to clean out any cookie/browsing history, and perhaps reinstall/wipe our your Google Chrome.

Good luck!

Thanks guys, I will definitely try them out ASAP. I'm starting to realize how serious this is.

alice · Nov 22, 2019

RubberYet said:
What actually happened:
Basically, I downloaded a "something" from a very suspicious site. After that, I ran "something" and my laptop got attacked by the virus.

This is why you should never run dolphinscreensaver.exe or hotbabe69.jpg.exe

Never download and run lowkey programs that aren't as popular as say Chrome or Discord.

RubberYet said:
What the virus did:
The virus mainly took away my administrative rights from my PC as well as Google Chrome. It told me that my PC and my browser was being controlled by my "employer/organization". Certainly I was scared and unfortunately had no anti-virus installed.

Both of these messages that your browser and/or OS is controlled by your "organization" are very normal and are no indication of a virus. Do some research.

Why are you convinced you're infected? Format your drive and re-install Windows using a bootable USB stick if you want to be sure.

Edit: Ignore everyone above. None of them have any clue what they're talking about. Looks like they all made you paranoid.

cs_bro · Nov 22, 2019

ally said:
This is why you should never run dolphinscreensaver.exe or hotbabe69.jpg.exe

Never download and run lowkey programs that aren't as popular as say Chrome or Discord.

Both of these messages that your browser and/or OS is controlled by your "organization" are very normal and are no indication of a virus. Do some research.

Why are you convinced you're infected? Format your drive and re-install Windows using a bootable USB stick if you want to be sure.

Edit: Ignore everyone above. None of them have any clue what they're talking about. Looks like they all made you paranoid.

I study computing networking and cybersecurity at college and can tell you for a fact what alice said is true all you gotta do is reformat hard drive and reinstall windows nothing more too it just don't use any files you had from before as they might contain the virus

Is the virus still there?

RubberYet

Shizuka

❀

RubberYet

Em

Server Owner

RubberYet

Em

Server Owner

Ilay A

Epic Mineman Trailer dude

RubberYet

RubberYet

roy

I just exist

RubberYet

RubberYet

Kappa

RileyN

Net Sys Admin | AstroVPN CEO

RubberYet

alice

cs_bro