How I got infected last time thread

Ink

Administrator
Verified
Jan 8, 2011
22,490
Happened last night.
  1. Downloaded 2 small executables from the Internet.
  2. I ran the first red-logo executable and the screen flashed black.
  3. It finally returned, but it was taken hostage by "FandaRansomware".
  4. I panicked. I had no backups. All was lost.
Fortuntely this was just a dream and I had not lost any data, or that "Windows Defender Antivirus" failed to detect Malware.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Happened last night.
  1. Downloaded 2 small executables from the Internet.
  2. I ran the first red-logo executable and the screen flashed black.
  3. It finally returned, but it was taken hostage by "FandaRansomware".
  4. I panicked. I had no backups. All was lost.
Fortuntely this was just a dream and I had not lost any data, or that "Windows Defender Antivirus" failed to detect Malware.
Welcome to MalwareTips. :)
 

camo7782

Level 4
Verified
Apr 29, 2019
168
Infected twice many years ago with dial-up connection (no router) old network viruses, probably passed for windows vulnerability or open ports.

One time I had Kaspersky the other time I had ESET. Then switched to GData until this May, GData became really unstable and slowing down my PC. Run a trial of BitDefender, despite the saying it was less heavy than GData but zero support, only canned responses suggesting me to uninstall and reinstall; after weeks with an open ticket I followed the first part of the advice and get rid of it. Installed Emsisoft (Partner NFR License) + CruelComodo and paired with OSA + SH with default settings.
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
I had the last serious infection 9 years ago, maybe even a little more. At the same time, I still didn’t understand where exactly the virus came from, I thought about this question for a long time, but I didn’t find the answer. All the traditional ways of the spread of viruses here have not exactly been used. About 4 years ago I decided to try myself as a tester :) I had one old laptop, on which I decided to conduct tests on a real Windows 7 system (then restore it from a clean image). Naturally, there was no important data in the system, a clean system with antivirus. There were then problems with the permanent Internet, so I connected 3G usb-modem to this computer :) 2 tests went quite well (Kaspersky and Norton), and for the third test I took Eset. And when I checked the web protection and protection against phishing, I began to go on malicious sites and so on. And it seems that Eset has blocked everything. I was already delighted, I think "that's good," and finally decided to click on the advertising banner. Clicked. 3 redirects in a row and I found myself on the site of "shocking news" (this is fake news, more like the delirium of a madman). There are no viruses, no phishing, but since I had a 3G mobile Internet, I was subscribed to this news and my account was automatically charged $ 1 for providing the service in the form of “news” and immediately gave me “news” I was really “shocked,” they wrote to me that one famous person was alive (although this person had definitely died and even showed how he was buried). I had to go to the mobile operator and delete the subscription to these "news" (payment for the news subscription is $ 1 a day), because I could not do this through the personal account of the mobile operator (the function was blocked) only through a computer in the operator’s office (when I stood in a queue at the operator’s office, half of the people in the queue were about subscriptions to these “news”, some were subscribed to a lot of such news at once, and each news cost them from $ 1 or $ 2 a day, so that for the year they lost $ 1000 and more).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
When a malware incident takes place (or almost takes place) on one of the computers in my home, it's always a flash drive that's to blame. A family member comes home with a flash drive that's been used on infected machines.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
All of my malware adventures happened when I was a new user on Windows XP. One time a chat room user sent me some "photographs" with .jpg.exe extensions that caused Norton AV to warn me and block the downloads. Another time I got hit by a drive-by download that bypassed CA antivirus. It was Java RE malware, which didn't affect me because I didn't have Java installed at the time. After that, I started using an ad-blocking Hosts file, a software firewall, and Avast Free AV. I've never had malware since then (according to second-opinion scans) using, at various times, Avast, Webroot, and MSE/WD for AV paired with a Hosts file and/or ad blocker. Then again, I'm a cautious user and I avoid dubious websites and programs.
 

Fuzzfas

Level 3
Verified
Well-known
Jan 8, 2013
109
When a malware incident takes place (or almost takes place) on one of the computers in my home, it's always a flash drive that's to blame. A family member comes home with a flash drive that's been used on infected machines.

You can say that again! (y)(y) Solution: Have them use another PC, preferably with something that stops autorun.inf from the USB.
 

Brye

New Member
Jan 24, 2020
6
The first time I got infected was when I was browsing the web with Windows Vista and an alert from the good old Norton came up. The alert said a possible threat was detected. I looked up the threat and I was immediately hooked. What is a trojan and what does it do? Why is it attacking my computer? What else do I need to know to protect my computer? I have learned a lot since then and I am thankful for the security forums like this one for the knowledge I gained.

The most important thing I learned is the best defense is yourself. You must educate yourself on how to stay safe and secure online. You must keep your computer and programs updated. If you use the computer a lot, you want to stay informed about the latest threats, like ransomware. You don't want give in to paranoia of course. You can relax. Just be watchful. If you let fear control you, you can't enjoy life.
 

Nevi

Level 12
Verified
Top Poster
Well-known
Apr 7, 2016
568
The first time I got infected was when I was browsing the web with Windows Vista and an alert from the good old Norton came up. The alert said a possible threat was detected. I looked up the threat and I was immediately hooked. What is a trojan and what does it do? Why is it attacking my computer? What else do I need to know to protect my computer? I have learned a lot since then and I am thankful for the security forums like this one for the knowledge I gained.
I was in same situation, but it was XP. I had Norton running and felt secure as I was new computer owner. Then somehow I contracted the virus "hybris", where a big spiral drive around on the screen, so it's impossible to use the computer. I have not used Norton since, although it should be pretty good these days.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I have been infected while being protected with Norton, too
despite all the claims and tests about Norton's effectiveness against malware, I still never trust Norton to protect any PC because I and other users found some bugs that can affect Norton's protection that normally it can detect. It still happens recently, doesn't seem to be fixed yet
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Not sure why but I've never been infected bar for a worm that replicated rude words was easily removed, of course lots of malware has been stopped - That's since Windows 3.11, again not sure why I've been OK? :rolleyes::rolleyes:
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
I got a warning from Windows Defender just an hour ago about a file I was trying to download from Github, claiming it was a trojan. Most likely a FP, but I like to play it safe (quarantine/delete).
If it's a new file then it's likely a false positive. WD is known to block new unsigned executables quite a lot. Submitting to Microsoft as false positive usually fixes this very quickly.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I’ve never had confirmed malware on a system. Maybe a stray PUP from an installer back when I was less knowledgeable. I have had a couple browser redirects to shady (or scandalous 😳) sites. Generally I reimage when that happens as an extreme precaution, since I never click anything when the page loads, but you never know. My dad did have his system trashed when I was a kid. I think some kind of virus attachment in the late 90s.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
If it's a new file then it's likely a false positive. WD is known to block new unsigned executables quite a lot. Submitting to Microsoft as false positive usually fixes this very quickly.
WD aborted the download and wouldn't let me handle the file at all, so I didn't pursue it, but it was one of the SAPI5 voices from hxxps://github.com/Olga-Yakovleva/RHVoice/wiki/Latest-version
 

blacksheep

Level 4
Verified
Well-known
Mar 8, 2020
182
To be honest I don't even remember clearly. It was a long time and it had to do to with key hotkeys.
Somehow then I visited website It got installed without any prompt and always showed me picture there I should send my money, if I want to remove it.

Got rid off it quite easily. I had about 15 seconds after a boot to kill the process in windows tasker and then locate taht hotkey program. I really don't remember that was the name of the software, but I think it was part of the windows.

The browser was old Opera.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top