Help, PC infected with malware

[rich.thompson]

I hope I've attached the files correctly

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9063712 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
CHR HomePage: Default -> hxxp://www.goal-nav.com/
CHR StartupUrls: Default -> "hxxp://www.goal-nav.com/"
CHR DefaultSearchURL: Default -> hxxp://www.goal-nav.com/search?q={searchTerms}
C:\Program Files\BOINC
EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[rich.thompson]

Thank you for your reply, I'm not as savvy to this, so please help in finer detail

Go to File -> Save As WHICH FILE?

Make sure that  UTF-8 is selected as Encoding (left side of Save button) I'M HOPING THAT UTF-8 IS OBVIOUS

HOPEFULLY I CAN THEN FIGURE THE REST OUT

Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[Pondus]

Go to File -> Save As WHICH FILE?

Open Notepad (click Start button -> type notepad.exe -> press Enter)
Copy text from code block below and paste it into Notepad

[rich.thompson]

I give up, I'm obviously too thick to figure out your instructions

[Pondus]

Do you know what notepad is and how to open it?

Then see post from @Sass Drake

copy the text inside the code box in to the notpad vindow and save it on your desktop with the name fixlist.txt


EDIT: Have created and attached file here for you, see below ... download it and save to desktop, then run as @Sass Drake instructed

[rich.thompson]

Thank you, I was struggling.
I have attached the file as requested

[Pondus]

@Sass Drake Will Reply when he is back online

Is your problem solved?

[rich.thompson]

I have no idea, it all started with an email from someone listing all my passwords

[Pondus]

That May have Been one of those scam mails

I will post a link when i am online on my computer

[rich.thompson]

The email contained MY passwords, so obviously I'm worried

[Pondus]

Sextortion Scam Uses Recipient’s Hacked Passwords
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

https://www.bleepingcomputer.com/news/security/new-sextortion-scam-pretends-to-come-from-your-hacked-email-account/

https://www.forbes.com/sites/thomasbrewster/2018/07/31/sextortion-scam-with-hacked-passwords-scores-250000-dollars-for-cybercriminals/

https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/



You can check email here:  https://haveibeenpwned.com/
password here:  https://haveibeenpwned.com/Passwords

Password generator:

avast  https://www.avast.com/random-password-generator

Norton  https://my.norton.com/extspa/idsafe?path=pwd-gen

[Sass Drake]

I have no idea, it all started with an email from someone listing all my passwords

Can you copy that mail here?

[rich.thompson]

Funny thing is I DON'T have a web cam lol

Save Yourself <SaveYourself53@7971.com>
Tue 20/08/2019 02:57
Hey, I know your password is: Marlin001

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1600$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible shit that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 194iizBy5K9AVDqTBvzDAWR6t9MrrqvseZ

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 3 days time to transfer the bitcoin.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.





Mail-Client-ID: 3547708280

[Sass Drake]

Fraud mail trying to scam you. Your PC is clean.