Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Suspicious activity. How to find it?
Message
<blockquote data-quote="Parsh" data-source="post: 863177" data-attributes="member: 58090"><p>Hi Zecha, <strong>the threatening message is a fake one</strong> and is common on sub-standard websites or websites that are compromised.</p><p><strong>In such case, you should directly close the popup/browser tab so that it does not come back or redirect you any further again</strong>.</p><p><strong>One should just not press the 'back' or 'home' button on phone</strong>, chances are that that fake alert will stay and come again.</p><p><strong>Have you provided your email ID to that website or any popup that you encountered at that time? Chances are that it is being misused.</strong></p><p></p><p>Also, <strong>keep a spare email id</strong> (not used for important personal or professional work) <strong>to provide to any unknown websites.</strong></p><p>Let's talk about the <strong>future remedies</strong>, assuming you're using <strong>Chrome on phone.</strong></p><ol> <li data-xf-list-type="ol">If you've mistakenly disabled an important Chrome setting, we need to enable it back. Go to Chrome >> Settings >> Site settings >><strong> 'Pop-ups and Redirects' and disable the toggle button (to block popups). </strong>Also, make sure that no sites are allowed. You can confirm this in the 'Pop-ups and Redirects' screen itself.</li> <li data-xf-list-type="ol">Another thing you can do is <strong>use a browser that has ad-blocking</strong> like Opera (built-in), Firefox or Yandex (add-ons available).</li> </ol><p>Also, you could have given your email id through your PC browser, to a malicious page in the few days you didn't have antivirus, or even before that. <strong>Use a good adblocker desktop-browser extension</strong> like Adguard or uBlock Origin to minimize such fake alerts and ads. You can learn from searching this forum.</p><p>You should also <strong>NEVER leave your computer without a good Internet Security program, and always keep your Windows OS and apps updated.</strong></p><p></p><p></p><p>By 'different accounts', do you mean you're receiving emails from different A/Cs OR that you're receiving alerts on your different A/Cs?</p><p><strong>If you're getting that alert from different accounts, do NOT click on any links or buttons in those emails.</strong></p><p><strong></strong></p><p><strong>Malvertisers and phishing pages take your email address (among other data) and try to break in to your mail (and connected services) by various methods</strong>. <strong>You are getting the 'verification codes' and login attempt (alert) mails because some wicked person </strong>(eg. one from Veitnam, or someone using Vietnamese proxy server)<strong> is trying to break in</strong>. That simple. <strong>Just do NOT approve if asked in the mail.</strong></p><p>Whether or not the mail says that login was done, <strong>immediately do the following</strong></p><ol> <li data-xf-list-type="ol"><strong>change your email account password </strong>(and periodically keep changing)</li> <li data-xf-list-type="ol"><strong>backup </strong>(download)<strong> any crucial data and preferrably delete that from the google account </strong>(if it's really that sensitive)</li> <li data-xf-list-type="ol"><strong>always use 2 Factor Authentication.</strong> Add it if you haven't</li> <li data-xf-list-type="ol"><strong>secure your alternate email id and contact number</strong></li> </ol><p>I cannot say if you have 2 FA. The verification code, instead of being 2FA driven, might just be because your login location is different (Vietnam) that usual.</p><p>One cannot directly assume that their account has not been broken in in such case. Possibility is that the hacker broke in and deleted any suspicious login alerts. Do not worry much about it, that is a small possibility. If you carry out the 3 points above and do Not approve logins, you should be good. Good that you're getting verification codes, that's Yahoo's protection for you.</p><p></p><p><strong>A l'il exercise, go to <a href="https://www.avast.com/hackcheck/" target="_blank">this link</a> to check if your account credentials have been leaked earlier.</strong></p><p><strong>Alerting Yahoo about frequent suspicious activities will be very helpful!</strong></p><p></p><p></p><p>I would have asked you to post any available scan result screenshots, but now you're saying that there are no detections.</p><p>I do not remember the kind of detections Malwarebyte makes, but if the results are 'cookies', you need not worry.</p><p><strong>I have a vague suspicion that the Google account issue has to do with cookies. Syncing should do no issue though. Are you syncing Google Drive on your computer (not browser)?</strong></p><p>For peace of mind, let's run a few scans.</p><ol> <li data-xf-list-type="ol">Enable that Google account sync and reboot</li> <li data-xf-list-type="ol"><strong>Download <a href="https://www.emsisoft.com/en/home/emergencykit/" target="_blank">Emsisoft Emergency Kit</a> and run a scan</strong>. Perform the required actions on detections</li> <li data-xf-list-type="ol"><strong>Download <a href="https://www.softpedia.com/get/PORTABLE-SOFTWARE/Antivirus---Antispyware/Zemana-AntiMalware-Portable.shtml" target="_blank">Zemana</a> (semana <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> Portable and run a scan.</strong> Again, do the needful</li> </ol><p>Let us know the results. You might want to run a Zemana scan again after a reboot for verification.</p><p></p><p>About the Lag, there can be multiple reasons. <strong>Chances are that your PC is not infected but other culprit processes are taking up your resources, or there's too much junk </strong>(lesser chances for such lags). You can use PC cleaners for the latter, though the use is a topic of debate. You could remove any unwanted heavy apps.</p><p>Let's search for culprits</p><p>[ATTACH]234168[/ATTACH]</p><ol> <li data-xf-list-type="ol">Open your <strong>task manager</strong> using Ctrl+Shift+Esc</li> <li data-xf-list-type="ol">Click on Show More details if you do not have a dense view like in <em>the above pic</em></li> <li data-xf-list-type="ol">In Options, select 'Always on Top'</li> <li data-xf-list-type="ol">Now, when you face lags, check this window</li> <li data-xf-list-type="ol">Click on <strong>CPU</strong> (the arrow should be pointing down as purpled in image). This will show what apps/processes are using high amounts of CPU (desc order)</li> <li data-xf-list-type="ol">Do the <strong>same for Memory and Disk columns</strong> too and take a few screenshots when the % numbers are high for each. This will let us know which of the 3 parameters is (if) significantly causing a slowdown and which apps are causing it.</li> </ol> <ul> <li data-xf-list-type="ul"><strong>Gaming will surely keep all of them up, but we can see if there's some other culprit.</strong></li> <li data-xf-list-type="ul">You can also use a tool like <a href="https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer" target="_blank"><strong>SysInternals Process Explorer</strong></a><strong> and check the CPU and Working Set (related to memory) utilization</strong> by sorting in a similar fashion therein.</li> <li data-xf-list-type="ul">Enable <strong>VirusTotal in Process Explorer as shown in <em>below pic</em>. See if any of listed processes have a VirusTotal score of >0. </strong>Let us know here.</li> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns" target="_blank"><strong>SysInternals Autoruns</strong></a><strong> app can also be used to check for any ususual suspicious app starting in your PC, in the 'Logon' section of the app</strong>. You can post a screenshot of the 'Logon' and 'TaskScheduler' tabs here for us to inspect.</li> </ul><p>[ATTACH]234169[/ATTACH]</p><p></p><p></p><p>If you suspect this, ofcourse <strong>run a scan on it</strong>. Please reinstall your antivirus software you own and enable scans on removable media.</p><p><strong>Install <a href="https://www.novirusthanks.org/products/anti-autoexec/" target="_blank">this NoVirusThanks app</a> so as to prevent auto-run virus from connected USB from infecting your PC.</strong> Also, <strong>a reason of USB infection can be that you're running any cracked games/apps or other suspicious applications from that USB.</strong></p><p></p><p>In the end, if you still find any anomaly that affects your PC and you suspect of any viruses, you can post at <a href="https://malwaretips.com/forums/windows-malware-removal-help-support.10/" target="_blank">Malware Removal Support</a> on this site.</p><p>Clean (re-)installing Windows is a good way to make a fresh start. <strong>However, what follows is what kind of applications you run and sites you visit. Your safe or unsafe habits.</strong></p><p>You can explore this site to learn more about how to stay secure online. Good luck <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="Parsh, post: 863177, member: 58090"] Hi Zecha, [B]the threatening message is a fake one[/B] and is common on sub-standard websites or websites that are compromised. [B]In such case, you should directly close the popup/browser tab so that it does not come back or redirect you any further again[/B]. [B]One should just not press the 'back' or 'home' button on phone[/B], chances are that that fake alert will stay and come again. [B]Have you provided your email ID to that website or any popup that you encountered at that time? Chances are that it is being misused.[/B] Also, [B]keep a spare email id[/B] (not used for important personal or professional work) [B]to provide to any unknown websites.[/B] Let's talk about the [B]future remedies[/B], assuming you're using [B]Chrome on phone.[/B] [LIST=1] [*]If you've mistakenly disabled an important Chrome setting, we need to enable it back. Go to Chrome >> Settings >> Site settings >>[B] 'Pop-ups and Redirects' and disable the toggle button (to block popups). [/B]Also, make sure that no sites are allowed. You can confirm this in the 'Pop-ups and Redirects' screen itself. [*]Another thing you can do is [B]use a browser that has ad-blocking[/B] like Opera (built-in), Firefox or Yandex (add-ons available). [/LIST] Also, you could have given your email id through your PC browser, to a malicious page in the few days you didn't have antivirus, or even before that. [B]Use a good adblocker desktop-browser extension[/B] like Adguard or uBlock Origin to minimize such fake alerts and ads. You can learn from searching this forum. You should also [B]NEVER leave your computer without a good Internet Security program, and always keep your Windows OS and apps updated.[/B] By 'different accounts', do you mean you're receiving emails from different A/Cs OR that you're receiving alerts on your different A/Cs? [B]If you're getting that alert from different accounts, do NOT click on any links or buttons in those emails. Malvertisers and phishing pages take your email address (among other data) and try to break in to your mail (and connected services) by various methods[/B]. [B]You are getting the 'verification codes' and login attempt (alert) mails because some wicked person [/B](eg. one from Veitnam, or someone using Vietnamese proxy server)[B] is trying to break in[/B]. That simple. [B]Just do NOT approve if asked in the mail.[/B] Whether or not the mail says that login was done, [B]immediately do the following[/B] [LIST=1] [*][B]change your email account password [/B](and periodically keep changing) [*][B]backup [/B](download)[B] any crucial data and preferrably delete that from the google account [/B](if it's really that sensitive) [*][B]always use 2 Factor Authentication.[/B] Add it if you haven't [*][B]secure your alternate email id and contact number[/B] [/LIST] I cannot say if you have 2 FA. The verification code, instead of being 2FA driven, might just be because your login location is different (Vietnam) that usual. One cannot directly assume that their account has not been broken in in such case. Possibility is that the hacker broke in and deleted any suspicious login alerts. Do not worry much about it, that is a small possibility. If you carry out the 3 points above and do Not approve logins, you should be good. Good that you're getting verification codes, that's Yahoo's protection for you. [B]A l'il exercise, go to [URL='https://www.avast.com/hackcheck/']this link[/URL] to check if your account credentials have been leaked earlier. Alerting Yahoo about frequent suspicious activities will be very helpful![/B] I would have asked you to post any available scan result screenshots, but now you're saying that there are no detections. I do not remember the kind of detections Malwarebyte makes, but if the results are 'cookies', you need not worry. [B]I have a vague suspicion that the Google account issue has to do with cookies. Syncing should do no issue though. Are you syncing Google Drive on your computer (not browser)?[/B] For peace of mind, let's run a few scans. [LIST=1] [*]Enable that Google account sync and reboot [*][B]Download [URL='https://www.emsisoft.com/en/home/emergencykit/']Emsisoft Emergency Kit[/URL] and run a scan[/B]. Perform the required actions on detections [*][B]Download [URL='https://www.softpedia.com/get/PORTABLE-SOFTWARE/Antivirus---Antispyware/Zemana-AntiMalware-Portable.shtml']Zemana[/URL] (semana :) Portable and run a scan.[/B] Again, do the needful [/LIST] Let us know the results. You might want to run a Zemana scan again after a reboot for verification. About the Lag, there can be multiple reasons. [B]Chances are that your PC is not infected but other culprit processes are taking up your resources, or there's too much junk [/B](lesser chances for such lags). You can use PC cleaners for the latter, though the use is a topic of debate. You could remove any unwanted heavy apps. Let's search for culprits [ATTACH alt="Screenshot (1550).png"]234168[/ATTACH] [LIST=1] [*]Open your [B]task manager[/B] using Ctrl+Shift+Esc [*]Click on Show More details if you do not have a dense view like in [I]the above pic[/I] [*]In Options, select 'Always on Top' [*]Now, when you face lags, check this window [*]Click on [B]CPU[/B] (the arrow should be pointing down as purpled in image). This will show what apps/processes are using high amounts of CPU (desc order) [*]Do the [B]same for Memory and Disk columns[/B] too and take a few screenshots when the % numbers are high for each. This will let us know which of the 3 parameters is (if) significantly causing a slowdown and which apps are causing it. [/LIST] [LIST] [*][B]Gaming will surely keep all of them up, but we can see if there's some other culprit.[/B] [*]You can also use a tool like [URL='https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer'][B]SysInternals Process Explorer[/B][/URL][B] and check the CPU and Working Set (related to memory) utilization[/B] by sorting in a similar fashion therein. [*]Enable [B]VirusTotal in Process Explorer as shown in [I]below pic[/I]. See if any of listed processes have a VirusTotal score of >0. [/B]Let us know here. [*][URL='https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns'][B]SysInternals Autoruns[/B][/URL][B] app can also be used to check for any ususual suspicious app starting in your PC, in the 'Logon' section of the app[/B]. You can post a screenshot of the 'Logon' and 'TaskScheduler' tabs here for us to inspect. [/LIST] [ATTACH alt="Screenshot (1551).png"]234169[/ATTACH] If you suspect this, ofcourse [B]run a scan on it[/B]. Please reinstall your antivirus software you own and enable scans on removable media. [B]Install [URL='https://www.novirusthanks.org/products/anti-autoexec/']this NoVirusThanks app[/URL] so as to prevent auto-run virus from connected USB from infecting your PC.[/B] Also, [B]a reason of USB infection can be that you're running any cracked games/apps or other suspicious applications from that USB.[/B] In the end, if you still find any anomaly that affects your PC and you suspect of any viruses, you can post at [URL='https://malwaretips.com/forums/windows-malware-removal-help-support.10/']Malware Removal Support[/URL] on this site. Clean (re-)installing Windows is a good way to make a fresh start. [B]However, what follows is what kind of applications you run and sites you visit. Your safe or unsafe habits.[/B] You can explore this site to learn more about how to stay secure online. Good luck :) [/QUOTE]
Insert quotes…
Verification
Post reply
Top