Is the virus still there?

Status
This thread has been locked.

RubberYet

Feedback score
5
Posts
45
Reactions
33
Resources
0
What actually happened:
Basically, I downloaded a "something" from a very suspicious site. After that, I ran "something" and my laptop got attacked by the virus.

What the virus did:
The virus mainly took away my administrative rights from my PC as well as Google Chrome. It told me that my PC and my browser was being controlled by my "employer/organization". Certainly I was scared and unfortunately had no anti-virus installed.

What I did:
I installed Malwarebytes through a USB and it tried to kill it, but I wasn't sure if it did or not. The last option I had was to factory reset it.

Result:
I did, but now I'm wondering was it a "soft" reset? Because when it was done, I noticed that only C Drive was reset. "Documents", "Photos" and other files from rest of the drives were intact. But luckily, I got my administrative rights back and Google Chrome is back to normal. Malwarebytes and Kaspersky reported nothing suspicious.

But the question is.. is the virus still there? Because the factory reset I did didn't really wipe out EVERYTHING. And yeah one more thing, it has been a month since this incident. I recently came across a similar post and learnt how dangerous this virus could be.

Answers are appreciated :)
 
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

alice

Supreme
Feedback score
24
Posts
310
Reactions
178
Resources
0
I study computing networking and cybersecurity at college and can tell you for a fact what alice said is true all you gotta do is reformat hard drive and reinstall windows nothing more too it just don't use any files you had from before as they might contain the virus
He can still safely back up his data though such as his images, documents, videos, and whatnot before formatting. Just don't transfer over any dodgy / unverified executable and run them again on your new Windows install.
 

cs_bro

Premium
Feedback score
1
Posts
167
Reactions
68
Resources
0
He can still safely back up his data though such as his images, documents, videos, and whatnot before formatting. Just don't transfer over any dodgy / unverified executable and run them again on your new Windows install.
Yeah he could but I honestly wouldn't risk it as some the virus might have infected the images/videos with some shellcode which could lead to more problems in the future
 

alice

Supreme
Feedback score
24
Posts
310
Reactions
178
Resources
0
Yeah he could but I honestly wouldn't risk it as some the virus might have infected the images/videos with some shellcode which could lead to more problems in the future
Nah, extremely unlikely. No malware author would ever code anything like that, and the shellcode would have to exploit Windows photo viewer.
 

RubberYet

Feedback score
5
Posts
45
Reactions
33
Resources
0
Both of these messages that your browser and/or OS is controlled by your "organization" are very normal and are no indication of a virus. Do some research.

Why are you convinced you're infected? Format your drive and re-install Windows using a bootable USB stick if you want to be sure.
Well first of all thanks a lot for trying to help. You have actually asked me a really crucial question for which I was actually looking an answer for. I assume that it's actually my fault, I couldn't explain my situation perfectly. Well here is my second attempt:


Why am I convinced that I'm infected:
First thing I'd like to note is that my PC is now in a decent state. The following incident happened a month earlier. I opened this thread because I learnt how viruses can hide themselves even after formatting.

The malware I downloaded immediately made some changes. The first one I noticed is when I opened Google Chrome. My default page was changed to a "Russian" page. This point made it quite clear to me that my PC is now infected with some sort of virus. I didn't really care much and tried to open up settings in Chrome. And to my surprise, it said Chrome was being managed by my organization. I was pretty sure this was another one of that malware's job. Then, for my next step, I tried to open up Windows Defender. Now, I was shocked to see that my ENTIRE PC was being controlled by some "organization". These 3 factors convinced me that my PC was infected by a virus.

Moreover, I managed to install Malwarebytes and Kaspersky (Free version) through a USB. And as far as I remember, both identified the malware, but unfortunately, I'm not sure whether it could successfully quarantine it or not.

What steps I took:
Since the two could not kill the virus, I was bound to take the ultimate step: Reset my PC. Here is what I did: I clicked on "Keep my files". And the rest of the day I was biting my nails while Windows reset itself.
TItvDmy.png


Why I'm still worried:
When it finished, I nervously opened Windows Defender, and I gave big smile since there wasn't any message saying my PC was managed by an organization/administrator.
BUT, did the reset REALLY fix my issue? Is it REALLY gone? I have been scanning nearly everyday with Malwarebytes, tried rKILL, TDSSkiller, but they all reported nothing suspicious. Though these results make me feel a bit relieved, but still there might be a chance that it's still there, waiting for an opportunity![DOUBLEPOST=1574434071][/DOUBLEPOST]
all you gotta do is reformat hard drive and reinstall windows nothing more too it just don't use any files you had from before as they might contain the virus
Man, that really eased my nerves. I was worrying over getting a new motherboard and a new hard drive. Guess I'll just do what you're advising.
 
Last edited:

alice

Supreme
Feedback score
24
Posts
310
Reactions
178
Resources
0
BUT, did the reset REALLY fix my issue? Is it REALLY gone? I have been scanning nearly everyday with Malwarebytes, tried rKILL, TDSSkiller, but they all reported nothing suspicious.
Yes, you're safe, assuming you even had any malware before. If you can send me the file you downloaded/ran that you think is infected I could look at it.
 

Lucian929

CEO of Hibiscuses
Premium
Feedback score
5
Posts
108
Reactions
47
Resources
4
Oh I will, thanks for the reminder!

I'd highly recommend getting a good password manager, I use Avast password manager, but Dashlane and LastPass are very useful, and can generate very secure passwords for you, Avast has a free manager but if you get the paid version they add a dark web monitor, which I highly recommend. Glad your PC is running fine now!
 

RubberYet

Feedback score
5
Posts
45
Reactions
33
Resources
0
I'd highly recommend getting a good password manager, I use Avast password manager, but Dashlane and LastPass are very useful, and can generate very secure passwords for you, Avast has a free manager but if you get the paid version they add a dark web monitor, which I highly recommend. Glad your PC is running fine now!
Password managers sound interesting. Will try them. Well TBH my PC was in a decent state ever since that reset I did. But still, this "decent state" kinda makes me feel uncomfortable like the virus is planning something, that's why I opened this thread! :p
 

alice

Supreme
Feedback score
24
Posts
310
Reactions
178
Resources
0
Password managers sound interesting. Will try them. Well TBH my PC was in a decent state ever since that reset I did. But still, this "decent state" kinda makes me feel uncomfortable like the virus is planning something, that's why I opened this thread! :p
The important thing is to never use the same password across multiple websites in case of potential database breaches. If website X's database gets breached, and you use the same password on websites Y and Z, then people will hijack your accounts on those websites as well. Check https://haveibeenpwned.com/ to see if you've had your information leaked in any database breaches.

But yeah, you should definitely change all of your passwords that could have gotten keylogged, particularly if you used autofill on your browser and had your browser store your passwords. Malware can very easily scrape and decrypt all of your passwords since the browser stores them locally and the only authentication you need to decrypt them is access to the PC itself, which malware has.
 

RubberYet

Feedback score
5
Posts
45
Reactions
33
Resources
0
The important thing is to never use the same password across multiple websites in case of potential database breaches. If website X's database gets breached, and you use the same password on websites Y and Z, then people will hijack your accounts on those websites as well. Check https://haveibeenpwned.com/ to see if you've had your information leaked in any database breaches.

But yeah, you should definitely change all of your passwords that could have gotten keylogged, particularly if you used autofill on your browser and had your browser store your passwords. Malware can very easily scrape and decrypt all of your passwords since the browser stores them locally and the only authentication you need to decrypt them is access to the PC itself, which malware has.
Oof, now I can't sleep without changing all of me passwords..!
 
Status
This thread has been locked.
Top