I avoided infecting my computer for over a decade, but a few days ago I broke one of the simple rules you should follow.
I clicked on an unknown .exe file!
I scanned it with Malwarebytes and Windows Defender before clicking on it, and it found nothing. But then as soon as I clicked on it, Windows PowerShell appeared, then Windows Defender said it had detected multiple malware, Trojans including RansomWare, so I panicked and turned off the computer.
When I calmed down, I restarted the computer and ran a deep scan which detected and then quarantined various forms of malware.
Scans no longer detect any malicious files.
However, when I logged into my Twitter account on Firefox, I noticed that someone had tweeted “test” followed by a bunch of numbers on my account.
I have another Twitter account, which is logged in on Chrome, and someone also tweeted “test” and a bunch of numbers on that account, around the same time.
When I look at activity, I can’t find any unknown devices or locations – it’s just me and my computer or phone.
When I look at third-party apps, there’s no new activity or permissions for months.
Then I checked my Instagram account on Firefox and noticed that I was suddenly following +300 random strangers overnight.
I checked my old Instagram account on Chrome and it follows +300 random strangers.
Next time I’ll check the one again on Firefox, it went from 400 to 1100 follows!
I decided to change my password on all these accounts, including Twitter of course.
I’ve also tried to unfollow all these people, but IG’s so-called “spam protection” prevents me from undoing spam because it interprets mass unfollowing as spam.
I looked at activity, devices and third-party apps, nothing unusual, just my location and my devices.
Then I checked my FB account and it says it has been temporarily blocked due to suspicious activity.
I managed to recover it and change the password. I saw no activity on the account.
Same with my Gmail/Google account.
Google identifies an application on my computer as suspicious, but does not specify which application.
Telegram also joins random channels.
But no sign of hacking on WhatsApp, Viber, FB Messenger, Amazon, Reddit.
“Only” Instagram, Twitter, Telegram, then unsuccessful attempts on Google and Facebook.
I’m going to do a clean reinstall of Windows as I no longer trust the system files although scans no longer detect anything uncertain.
But I would like to understand what really happened and if they could have done something else that I am not aware of yet?
My PayPal is intact it seems. Nothing suspicious on my bank account either.
No ransom call.
Edited by zirak_90, February 15, 2022 – 02:17 AM.
