Dear Community, I have recently downloaded some files from the Internet, but according to virustotal they were clean. Anyway, I didn't run any of these files. These files are from someone I own
I know from Discord that this was also harmful to me, I happened to be in a call with them. Shortly afterwards I opened the Chrome browser and the browser opens with an ad link (which then brought me to amazon prime) and 5 other small windows with the heading "GUZ" and inside it said "Shuz to me on the GUZ 333 "(Attached picture) . I'm tech-savvy and in my entire 7 years, so since I was 8, I have never seen anything like it. I had seen with my own eyes how a Locky Trojan encrypted my data, a Japanese virus with incomprehensible characters, but never THAT. I wanted to do a system restore first, but then deviated to reset directly. Let it crash 3 times, then select Clean drive in the menu for security options. I should have waited a bit, but that was what I looked into the taskamanger before. "Cloud.Printer.exe (32bit)" ran there. When I opened the file path I noticed that it was set up exactly when I sat down on the laptop. In autostart there were 5 Python files set to activated that I never saw before. Coincidentally, the one with whom I was in the call was such a python freak, moreover happy to damage and said directly "Yes, there's a WebTrojaner on the Internet" (I could not find a single entry in this regard) and when I later found him later wrote that the PC did not have to be reset and everything was tutti frutti, he reacted rather offended, which I also expected. For his part, I was also expected to have a virus on my pc. I'm still wondering how he could have done it. Well, what I found, recently, was a TBRES file. I was able to restore it with Recuva. The file was installed or changed exactly one minute before "Cloud.Printer.exe (32bit)" was installed. According to VirusTotal clean, a file for office programs should not be expected otherwise. I myself have the suspicion that the other person is behind it, but I can't answer for myself how he managed it, if at all.
LG Shmalle
The TBRES file:
https://drive.google.com/...sp=sharing
Format hard drives, put Windows on it again. These virus programs are all garbage
I wanted to know where the virus came from.
Can't tell you from a download, from a pop up, anti virus programs are not recommended
This is a browser hijacker, not a virus or trojan
I do not think that it is a virus or Trojan, they usually do not make themselves felt with messages or pop-up windows. I suspect scareware or something similar. Have you ever had the system checked with Malwarebytes or AdwCleaner? Best in safe mode
That's how I see it too
Okay thanks
Nope, I reset the computer right away. Microsoft Defender did not find anything itself.
I totally agree: most antivirus programs are good, including Malwarebytes and Norton Security.
You can read about how secure virus scanners are here: https://hackenlernen.com/blog.php?t=python_tutorial_reverse_shell
The detection rate is basically terrifying, especially with new malware!
The purpose of malware, however, is to go unnoticed and give someone access to your system or encrypt everything and blackmail you.
Just knocking out a "Hello there I'm" message makes no sense! This is a joke or should just scare you. Still - if you rely on virus scanners, you are left!
Okay, I'm amazed. Thanks for the hint. I was never amazed by virus scanners anyway, but I thought it would make sense to use them again.
Not in practice
Virus scanners detect many known threats - in one of my books I show a technique for changing malware with a hex editor to prevent detection… Just changing a punctuation mark of an embedded string meant that many virus scanners no longer recognized the threat!
https://books.google.cz/books?id=1sI8DwAAQBAJ&pg=PA257&lpg=PA257&dq=hacken+mit+kali+hexeditor&source=bl&ots=H3eb5reKJ_&sig=ACfU3U2JR2gaYAdNc9vk6362T693BTWOIw&hl=de&sa=X&ved=2ahUKEwjYl76yhNjoAhXOzKQKHeR7Df0Q6AEwAHoECAwQLg#v=onepage&q=hacken%20mit%20kali%20hexeditor&f=false