IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
I just got notice to contact Microsoft. Last time, July 2021, this was fake but I think it is really Microsoft this time. I spent a long time with their tech person. He said I needed a lost of things done and wanted a large sum to start the process. This sum must be paid every year. I am a 76 year old on limited Social Security and this sum is not possible for me especially since I use the computer so little. I am not sure how to proceed here. Dr. M was superb help to me before and I hope theat the Doctor can save me again. Thank you. PatrickAshfield
No Microsoft persons call to assist anyone and ask for money. Most likely, they tried to steal you.
I strongly recommend you to immediately change all your passwords (emails, bank accounts, your computer sign-in password, and why not, wi-fi password) using another device.
Then, we can check the computer. The procedure is the usual:
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it's safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please attach the content of these two logs in your next reply.
Thanks to Dr. M who saved my worthless butt before. I intend to handle password changes at my library tomorrow. I have no online banking. I had accounts with Ebay, PayPal, and Amazon. I cancelled all three and removed all assigned cards. But I just got FireStick and had to re-establish account with Amazon today. Do I have to change that new password too? There is no way any money or charges can be used through Amazon as no means of charges or payment is permitted to Amazon.
I was assigned a password for my network by Xfinity prepaid. I do not think I can change that. That seems to be needed only when something happens to Network. I do not need to use that password every day.
I have Windows 10 and a screen start up appears asking for my 4 digit pin that I choose. How can I change that as I may be wrong but I think I picked the pin with the installation of Windows 10.
The only antivirus software I have is what came with Windows 10. I think it is Microsoft Defender.
English is my first language, which was clearly not that of the person I spoke to..
I will proceed further with your instructions tomorrow evening after having visited library to change passwords.
I have internet on my phone. I do not want to work through my phone. I do not have passwords on my phone as no one else gets near my phone. I am retired and live alone. Again thanks. Patrick
I realized problems with going to library, which has excellent protections and firewalls, when I change
passwords. I can make changes in passwords with no problem there. But when my computer starts up I am asked for my 4 digit pin, which I originally chose. How can I change this on my computer if I am not on my computer. Plus I will be using the new pin whenever I open my computer. So, if they have access now to this present pin, then they will have access when I change it as I must put in this pin for Windows to start.
Is my phone compromised when I use the internet on it. The person I spoke to said that the baddies were accessing things through my internet connection.
I will be at library this AM after ten. I guess that info can come to me through emails on the phone. I guess that I can access the thread through going to techguy.org and signing in.
Thanks for reply. I went to library and changed all passwords I could think of. I have been trying to remember more. My delay has been due to being under the weather. I will proceed with your instructions. Thanks for help and patience. I am in no hurry with replies. I am making no orders or such involving money. I do not have online banking but have changed my bank accounts. Patrick
I do not understand what to do. I clicked on your May 9 message where it said "Farbar recovery scan tool" but I got "Geeks to go" asking me to create an account. I did that but could not find Farbar. I am dumb at all this, please bear with me. What to do? Regards and thanks, Patrick
Unfortunately, DR.M is not able to continue for the time being due to personal matters but I'll see if I can find someone to help. In the meantime, you don't have to create an account at Geeks to Go, you just click on the green download button at the link DR.M gave you.
Where is green download button? Using Dr. M's message of May 9 I clicked on the Farbar Recovery Scan Tool in the message and got Geeks to Go. What do I do? Thanks for your help. Patrick
Is that your real name or a fictitious one in the upper right (your username at Geek sto Go? If it's your real name please delete it and log out before taking a new screenshot.
Also, please show me the URL of the page you're visiting in the screenshot
OK we'll forget about Geeks to Go. You can get the download from Bleeping Computer at the following link then follow the instructions from DR.M for using it.
As best as I can tell they are on the desktop and not in folders. Thanks for patience. I hope I got it right this time. No hurry on my end. Thanks Patrick
The logs you posted earlier show FRST running from this location:
C:\Users\J Keating\Desktop\Dr M stuff\In New Flash drive
So the program is in a folder called Dr M stuff and a sub-folder called New Flash drive. I see in your screenshot it's on the desktop as well but it looks like you ran it from the one in those folders. Please use the FRST64 that's on the Desktop to create new logs and attach them.
I thought I did that. I used what I did last time with FRST64 as shown in snip. I opened Desktop and then attached files and then opened Addition.txt and FRST.txt as shown attached here. All Dr. M folder was deleted.
You have been most kind and patient with my carelessness. Again thanks. I am in no hurry. May I ask two questions or you can direct me to proper forum? This malware matter began with a person who said I should not use Duck Duck Go. Many of my friends swear by it. I am happy with it. Second question: I am running Windows 10 and am happy with it. Should I move up to Windows 11? Would it protect me better? If these questions are outside your purview, please excuse and advise. Again thanks, Patrick
PS I see you are a dog lover. I have the most fantastic dog image downloaded from my librar, which has excellent protections. You will not regret looking at it. It is not a video an image.
I'm just going to stick my $.02 in where it wasn't asked for ... There is no compelling reason to upgrade to Win11 at this point. You will just be another beta tester for Microsoft. Win11 is a work in progress. Let them iron out the wrinkles first. Win10 will be supported for a few more years ...
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Tech Support Guy
9.9M posts
859.7K members
Since 1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!