Possible info theft?

[G0056]

Yesterday, I was searching how to crack a software, and in the process I downloaded a heavy ".exe" (almost 750mb). I did it following this video:


I executed it, but it didn't appear nothing. I started to distrust(A bit late, I know) so I deleted the files, and stopped every task on the task manager using it. I scanned all my pc using malwarebytes and didn't find anything. Also scanned the downloaded file and .exe. As the .exe was very heavy, couldn't upload it to virustotal, so I compressed it on a .rar, and uploaded it.

VirusTotal

VirusTotal

www.virustotal.com

This night, I was on discord and my account started sending spam messages to all my contacts. It happened when I was connected, so I could change the password and it seems to stop, but now I'm worried, because I don't know if this was due to the .exe I talked about, and could be some kind of malware doing more things on my computer, or happened by other means(I didn't install anything more recently, and I think I didn't click anything suspicious).

 

[icotonev]

Hello..! Welcome to MalwareTips..!

My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:

• First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
• It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please attach all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 3 days I will assume it has been abandoned and I will close it.

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[G0056]

Hello..! Welcome to MalwareTips..!

My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:

• First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
• It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please attach all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 3 days I will assume it has been abandoned and I will close it.

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

Thanks for your response! This are the files from the FRST tool:

 

[icotonev]

Thank you..! Please give me some time to examine your logs and I will get back to you as soon as possible.

Ico

 

[icotonev]

No signs of an active infection that I can see in your FRST logs.

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[G0056]

No signs of an active infection that I can see in your FRST logs.

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

Already done, here is the fixlog

 

[icotonev]

Hello,G0056..! Excellent work..!

Next..:

Temporarily disable Smart Screen and your antivirus (if needed) to download and run the following tool. If you are afraid to turn off the antivirus, so as not to download even more viruses, then additionally temporarily disconnect from the Internet. This tool sometimes gets flagged as suspicious/malicious, but it's a false positive.

Furtivex Malware Removal Script by thisisu

Please download FMRS.exe and save it to your desktop.

Note: Please save all your existing work / windows as this tool will attempt to close all non-essential processes during the course of its scan. This includes the internet browser you're currently using to view this message.

• Right-click FMRS.exe and then click Run as administrator.
• Click Yes to the Disclaimer
• The script will begin to run. Be patient.
• When the scan is finished, a log entitled FMRS_final.txt will open.
• Post the contents of the log into your next reply
• A copy of this log is also saved to your desktop

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

Scan with SecurityCheck by glax24

• Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
• Download SecurityCheck by glax24 from here
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

[G0056]

Hello,G0056..! Excellent work..!

Next..:

Temporarily disable Smart Screen and your antivirus (if needed) to download and run the following tool. If you are afraid to turn off the antivirus, so as not to download even more viruses, then additionally temporarily disconnect from the Internet. This tool sometimes gets flagged as suspicious/malicious, but it's a false positive.

Furtivex Malware Removal Script by thisisu

Please download FMRS.exe and save it to your desktop.

Note: Please save all your existing work / windows as this tool will attempt to close all non-essential processes during the course of its scan. This includes the internet browser you're currently using to view this message.

• Right-click FMRS.exe and then click Run as administrator.
• Click Yes to the Disclaimer
• The script will begin to run. Be patient.
• When the scan is finished, a log entitled FMRS_final.txt will open.
• Post the contents of the log into your next reply
• A copy of this log is also saved to your desktop

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

Scan with SecurityCheck by glax24

• Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
• Download SecurityCheck by glax24 from here
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Here I have all the different reports from the softwares:

 

[icotonev]

Hello,G0056..! Your computer is clean..Once again, there are no obvious signs of an active infection in the logs you provided..! Things look good..!

I recommend updating the software in the box below:

Malwarebytes version 5.2.7.167 v.5.2.7.167 Warning! Download Update
Git v.2.47.1.2 Warning! Download Update
LibreOffice 5.4.3.2 v.5.4.3.2 Warning! Download Update
Microsoft Visual Studio Code (User) v.1.97.2 Warning! Download Update
Python 3.11.1 (64-bit) v.3.11.1150.0 Warning! Download Update
CrystalDiskInfo 7.5.2 v.7.5.2 Warning! Download Update
Microsoft OneDrive v.25.031.0217.0003 Warning! Download Update
WinRAR 5.50 (64-bit) v.5.50.0 Warning! Download Update
IrfanView 4.67 (64-bit) v.4.67 Warning! Download Update
Krita (x64) 5.1.5 v.5.1.5.100 Warning! Download Update
Inkscape 0.92.4 v.0.92.4 Warning! Download Update
Discord v.0.0.309 Warning! Download Update
Zoom Workplace v.6.2.6 (49050) Warning! Download Update
qBittorrent 4.3.2 v.4.3.2 Warning! Download Update
Java 8 Update 291 (64-bit) v.8.0.2910.10 Warning! Download Update
Uninstall old version and install new one (jre-8u441-windows-x64.exe).
Spotify v.1.2.58.498.g6afe77b7 Warning! Download Update
Audacity 2.1.0 v.2.1.0 Warning! Download Update
HandBrake 1.2.2 v.1.2.2 Warning! Download Update
K-Lite Mega Codec Pack 17.3.0 v.17.3.0 Warning! Download Update
VLC media player v.3.0.17.4 Warning! Download Update

Google Update Helper v.1.3.99.0 Warning! This software is no longer supported.

• Download the Revo Uninstaller (Free Download) and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

Google Update Helper

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

Next..:

• Double click Frst64.exe to launch it.
• FRSTwill start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box:

Searchall: Google Update Helper

• Press the Search Files button.
• When finished searching a log will open on your Desktop ... Search.txt
• Please post it in your next reply.

In your next reply, please include:

• Search report

 

[icotonev]

Do you still need help..? Are there any questions or concerns so far ..?

 

[icotonev]

Due to lack of activity, this topic is now closed. You requested help but did not respond to follow-up questions or instructions within three days and your topic has been moved here.
If you still need help, open a new topic, and wait for a new helper.