Tweet
Hello!
I’m in huge troubles.
Yesterday the Valheim Discord was hijacked by hackers, and do not ask me how since I’m embarassed enough, I downloaded the malware and ran the executable.
It was a .ZIP folder with some assets inside, it looked like a game Irongate studio released to Valheim playerbase to try it out.
I ran the executable, the Unity logo appeared, then a black square with “DOWNLOADING LIBRARIES…”.
It didn’t work, so as stupid as I am, I ran it multiple times. Then the server exploded and they called the hacker attack.
I was devastated, so I tried to run Windows Security FULL SCAN and no threates were found.
Then under some panic achieved suggestion, I ran Malwarebytes: something like 3x Trojans were found, quarantined and deleted.
But lots of people mock Malwarebytes, so I still didn’t feel safe and no more news/information/countermeasures were still dispensed: so I went and restarted the PC in Safe Mode.
I tried to run multiple scans of Malwarebytes, nothing was found.
Windows Security won’t open in Safe Mode, for some reason, so again I restarted my PC and awaited while panic was eating me alive some instructions until this came:
[ATTACH type=“full”]13300[/ATTACH]
Needless to say, this put me on a severe state of anxiety. My brain was slowly melting into scrambled eggs.
I was panicking, because I already restarted the PC.
After checking the process tab, I found the culprit: WindowsBootManager.exe and some other affiliated processes parasiting all over.
I tried to open the file location and get rid of them, but I was unable to. It was probably too late and irreversible.
And so I yanked my network connection right away, entered Safe Mode and prepared myself to go through scorched earth: I backupped into an external drive my ( D: ) drive, which is a folder with sub-folders inside full of drawings, video editing projects, family media and .txt files containing my passwords (I’m hella worried about them).
Then I transfered all this sensitive data in my sister’s PC and ran an antivirus scan: no threats were found by either Windows Security nor Malwarebytes in there either.
Meanwhile, I nuke-formatted all my 3 drives supposedly infected with the Trojan, and fresh-reinstalled Windows.
After doing so, my next moves were to FULLY change password to:
[ul]
[li]Discord[/li][li]Steam[/li][li]Epic Games[/li][li]Google Mails[/li][li]Reddit[/li][li]League of Legends[/li][li]Battle.net[/li][li]Amazon[/li][li]Spotify[/li][/ul]
I also want to clarify that yes, I did keep some auto-login in some sites: for example, whenever I log into Reddit or YouTube, it would never ask me credentials each time);
[ATTACH type=“full”]13302[/ATTACH]
but I NEVER allowed passwords to be store in Google’s extension or request. I always declined such actions.
So I think I should be good?
Anyway, people uploaded the Malware some time later to study it, uploading on VirusTotal its properties (which I am unable to read or interprete):
One user in particular truly TERRIFIED me:
[ATTACH type=“full”]13301[/ATTACH]
The things he says makes me feel uneasy and unsafe.
Does a Virus that spreads like this and infect everything irreversibly as described even exist?
Is he telling the truth?
What else could I do to be 100% safe of my sensitive data?
I’m in huge troubles.
Yesterday the Valheim Discord was hijacked by hackers, and do not ask me how since I’m embarassed enough, I downloaded the malware and ran the executable.
It was a .ZIP folder with some assets inside, it looked like a game Irongate studio released to Valheim playerbase to try it out.
I ran the executable, the Unity logo appeared, then a black square with “DOWNLOADING LIBRARIES…”.
It didn’t work, so as stupid as I am, I ran it multiple times. Then the server exploded and they called the hacker attack.
I was devastated, so I tried to run Windows Security FULL SCAN and no threates were found.
Then under some panic achieved suggestion, I ran Malwarebytes: something like 3x Trojans were found, quarantined and deleted.
But lots of people mock Malwarebytes, so I still didn’t feel safe and no more news/information/countermeasures were still dispensed: so I went and restarted the PC in Safe Mode.
I tried to run multiple scans of Malwarebytes, nothing was found.
Windows Security won’t open in Safe Mode, for some reason, so again I restarted my PC and awaited while panic was eating me alive some instructions until this came:
[ATTACH type=“full”]13300[/ATTACH]
Needless to say, this put me on a severe state of anxiety. My brain was slowly melting into scrambled eggs.
I was panicking, because I already restarted the PC.
After checking the process tab, I found the culprit: WindowsBootManager.exe and some other affiliated processes parasiting all over.
I tried to open the file location and get rid of them, but I was unable to. It was probably too late and irreversible.
And so I yanked my network connection right away, entered Safe Mode and prepared myself to go through scorched earth: I backupped into an external drive my ( D: ) drive, which is a folder with sub-folders inside full of drawings, video editing projects, family media and .txt files containing my passwords (I’m hella worried about them).
Then I transfered all this sensitive data in my sister’s PC and ran an antivirus scan: no threats were found by either Windows Security nor Malwarebytes in there either.
Meanwhile, I nuke-formatted all my 3 drives supposedly infected with the Trojan, and fresh-reinstalled Windows.
After doing so, my next moves were to FULLY change password to:
[ul]
[li]Discord[/li][li]Steam[/li][li]Epic Games[/li][li]Google Mails[/li][li]Reddit[/li][li]League of Legends[/li][li]Battle.net[/li][li]Amazon[/li][li]Spotify[/li][/ul]
I also want to clarify that yes, I did keep some auto-login in some sites: for example, whenever I log into Reddit or YouTube, it would never ask me credentials each time);
[ATTACH type=“full”]13302[/ATTACH]
but I NEVER allowed passwords to be store in Google’s extension or request. I always declined such actions.
So I think I should be good?
Anyway, people uploaded the Malware some time later to study it, uploading on VirusTotal its properties (which I am unable to read or interprete):
One user in particular truly TERRIFIED me:
[ATTACH type=“full”]13301[/ATTACH]
The things he says makes me feel uneasy and unsafe.
Does a Virus that spreads like this and infect everything irreversibly as described even exist?
Is he telling the truth?
What else could I do to be 100% safe of my sensitive data?
Comment