Advice Request Infected Inbox, dodgy threat emails

Please provide comments and solutions that are helpful to the author of this topic.

snadge

New Member
Thread author
Jun 15, 2020
8
Hi

I have removed Panda Dome Anti-Virus (running alongside Comodo) and swapped it for Avira Free (running alongside Comodo Firewall fine) and I use NordVPN, and a 'hardened' Firefox with uBlock, CanvasBlocker, LocalCDN, Skip-Redirect, and a few others like a Password Manager and Containers, to try and increase my security, they all have been getting along just fine for about 12 months since my last reinstallation. But I did this after a dodgy email was sent from my Microsoft account, saying they are using a R.A.T and threatening me for $1600 bitcoin, This is why I put Avira on, Because OD scanners when running the Panda was being disabled when it was scanning Windows folders, as was Windows Defender being stopped, they would auto-restart, or I would start it back up straight after notification, it's done this with a few scanners (ESET. Emsissoft) I also use Trend Micro, Sophos Scan and Clean, F-Secure, Malwarebytes and few other OD scanners.

Anyway, Avira has detected an email PDF infection, and has detected a couple of 'recent' infections in my Inbox/spam, and with the 'Librewolf.exe' itself (I downloaded it from the LW website itself weeks back) which I was using for a few weeks (now I am back to Firefox and have Revo uninstalled Librewolf).

I have read that it's possible for scammers to make emails appear that it's come from your address, for e.g.: 'myemail.com' from (myemail.com) - no indicators of email it came from, after 20 years of using the internet and getting a good deal of spam every day which almost always goes into my SPAM folders (it was auto confined to spam, but I check them sometimes just in-case something I don't want as spam needs Thunderbird trained).

Now, it said: "there ARE some problems for you, I have sent you an email from your own inbox, this proves I have been in your device" (it doesn't state PC or Phone) and makes threats for $1600... threats to put my supposed (non-existent) 'porn watching of me pleasing myself' (lol) with a webcam and MIC (which I don't have on my PC), and I use it every day for hours, my mobile I never use unless out and even then its just messaging with the odd Google News slide to the left from the home screen!

Can anyone offer up some advice please? I have tried moving to Linux (Garuda) but every time I do there are issues (updating or installing certain things) that have massive resolving methods that seem a bit over-whelming as I don't code, I've been informed that Linux Mint and Linux Ubuntu have Telemetry just like windows?? Which are easier to use, I like being able to encrypt the OS too.

Should I ignore the spam? The internet says 99.99% of the time it's possible to do (hiding their real email) and its fake, and there's nothing you can do about it other than ignore and spam it, so I'm expecting more threats, though after the 2 days I did not get any other threats to say they were going ahead, one issue here, I fell out with my son last year, my mother gave him my new mobile number a few weeks back without asking me!! And last time he was in the picture, I was getting a lot of spam flooding INTO my inbox... now he has my mobile, it's happening again, could this be paranoia or coincidence?

Should I be concerned? if so whats the advice? a new install of Windows 10 x64 Home? or what?

thanks in advance....
 

snadge

New Member
Thread author
Jun 15, 2020
8
Thanks, I thought as much, I have the current Windows10 x64 state backed up by Macrium Reflect, so I may jump to a full encrypted Garuda install for a week or two, and if all is OK, then try and create a backup of that in Macrium Reflect, so I can restore to either one...

....do you think these 7 Librewolf entries are FP's...?

Quarantine image.jpg


Thanks again
 
  • Like
Reactions: Dave Russo

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
834
an anyone offer up some advice please? I have tried moving to Linux (Garuda) but every time I do there are issues (updating or installing certain things) that have massive resolving methods that seem a bit over-whelming as I don't code, I've been informed that Linux Mint and Linux Ubuntu have Telemetry just like windows?? Which are easier to use, I like being able to encrypt the OS too.
Try Fedora, its much more polished and well supported for all kinds of users. Use a Dns over https (DoH) service like quad 9 or Nextdns, you can enable it system wide both on windows 11 and fedora and it will provide and added security layer to your setup.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,610
Thanks, I thought as much, I have the current Windows10 x64 state backed up by Macrium Reflect, so I may jump to a full encrypted Garuda install for a week or two, and if all is OK, then try and create a backup of that in Macrium Reflect, so I can restore to either one...

....do you think these 7 Librewolf entries are FP's...?

View attachment 278552

Thanks again
if i recall i have seen similar happening but cannot remember where, there was tons of fps but the threat name was clearly pup. I would just backup ur stuff and do clean install and ditch avira, as harsh as it sounds
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,697
If you want to make sure you are not infected post here:
And read this:
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,388
See this post, Discussion Thread - What’s in your Junk Mail folder? (Mega Thread)
  • The email should be considered as Spam/Scam.
  • If spoofed to appear as yourself, then blocking may not be possible.
    • Deleting the email is the safest option.

I have removed Panda Dome Anti-Virus (running alongside Comodo) and swapped it for Avira Free (running alongside Comodo Firewall fine) and I use NordVPN, and a 'hardened' Firefox with uBlock, CanvasBlocker, LocalCDN, Skip-Redirect, and a few others like a Password Manager and Containers, to try and increase my security, they all have been getting along just fine for about 12 months since my last reinstallation. But I did this after a dodgy email was sent from my Microsoft account, saying they are using a R.A.T and threatening me for $1600 bitcoin, This is why I put Avira on, Because OD scanners when running the Panda was being disabled when it was scanning Windows folders, as was Windows Defender being stopped, they would auto-restart, or I would start it back up straight after notification, it's done this with a few scanners (ESET. Emsissoft) I also use Trend Micro, Sophos Scan and Clean, F-Secure, Malwarebytes and few other OD scanners.
Installing and uninstalling multiple security programs over time can break how Windows works, affect stability and reliability, and even corrupt the OS. Having to many On-demand scanners is not healthy.

Anyway, Avira has detected an email PDF infection, and has detected a couple of 'recent' infections in my Inbox/spam, and with the 'Librewolf.exe' itself (I downloaded it from the LW website itself weeks back) which I was using for a few weeks (now I am back to Firefox and have Revo uninstalled Librewolf).
Flagged attachments by Avira could have come from any email, not specific to the scam email itself.

I don't use Thunderbird to know if there are settings to prevent unsafe downloads, however I did find this add-on: Just Verify It via Just Verify It - Thunderbird Add-on for Malware Scanning that may be of use.

As you use Microsoft, you may benefit from becoming a Microsoft 365 subscriber, where Outlook.com Premium users get additional security protections.
When you receive messages with attachments, Outlook.com scans the attachments for viruses and malware using advanced detection techniques that provide a higher level of protection than the free version of Outlook.com. If Outlook.com detects a dangerous file, it will be removed so you don’t accidentally open it.

When you receive messages with links to web pages, Outlook.com checks whether the links are related to phishing scams or are likely to download viruses or malware onto your computer. If you click a link that is suspicious, you will be redirected to a warning page.

Edit: Your personal email may have been leaked through a security breach, or shared around elsewhere (ie. compromised contacts).

Microsoft supports Alias creation, Add or remove an email alias in Outlook.com - Microsoft Support
 

snadge

New Member
Thread author
Jun 15, 2020
8
Thank you for all the advice guys/gals, much appreciated.

I am aware that installations over time can cause Kernel issues, I do usually do a fresh install every year so it is due, just it takes so long (a good day) installing, updating, setting everything back up and modding the telemetry on OS and Browser, importing bookmarks and add-ons etc, I use Quad 9 D.O.H when not using a VPN on the browser (not TLS, dunno how to set that so its system-wide), DNS leak tests are fine on 'NordVPN / IRE' and other attack vectors tested on browser-leaks and GRC (Steve Gibson Research).

I have Ventoy and a few Linux distros including a Fedora one, isn't that a difficult one for people 'not-so' familiar with Linux?

Can my son hack my mobile (or get someone to do so) if he has the number?

Thanks Very Much

EDIT: Im aware my email IS leaked, its 15 years old, I do have a new non microsoft one (tutanota) that im slowly moving ALL contacts over too, I just used it for a login for sites over the last 15 years, over 200!! so its hard to change them all, however Ive been through all y important accounts and adjusted either the email and password or just the password to a 24 digit one with high entropy, each one unique but easy to remember using a technique
 
Last edited:
  • Like
Reactions: Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top