I installed a malware 5 minutes ago
May 14, 2024 11:36 AM Subscribe
Like a big dumbass. I have never had a virus or malware in my 40 years of computing I feel like a total idiot and my brain has instantly shut down. What's the best course of action re removing, I am changing my mail password from another computer as we speak, but I do also have 2-factor on it. Help fast please!
Did you turn the computer off, or at least disconnect it from the internet?
(Don't feel like an idiot, it can happen to anyone.)
posted by trig at 12:14 PM on May 14 [5 favorites]
(Don't feel like an idiot, it can happen to anyone.)
posted by trig at 12:14 PM on May 14 [5 favorites]
Don't feel like an idiot. This is unfortunately more a matter of when, not if, it was going to happen.
I'd power the thing off and then grab a beer (or take a walk, nap, meditate, etc. Whatever works for you).
Is there anything of value that is only on that computer? (You do have off system backups, right?)
If not, great. Nuke it from orbit and reinstall. Some systems have vendor provided recovery procedures. Otherwise, borrow another computer to use that to create an installation usb drive. See this article if you are on Windows or this one from Apple. Use that to reformat / wipe the entire thing and reinstall from scratch.
If there is something that is only on that computer that you really care about and this is not a fancy new Mac with onboard disk, I'd purchase a replacement drive and usb -> drive adapter (typically an M.2 NVMe adapter. About $20 on amazon). I'd pull the original drive out and put a new one in. Then I'd reinstall from scratch using the instructions above. Finally I'd connect the old drive via the usb adapter and then copy only the files you need. (If you are really paranoid, you copy those up to a cloud storage area and then re-install from scratch again).
Note that if the malware started to encrypt stuff on the drive then you only have the 1st option available. There is no real recovery option available.
posted by SegFaultCoreDump at 12:37 PM on May 14 [1 favorite]
I'd power the thing off and then grab a beer (or take a walk, nap, meditate, etc. Whatever works for you).
Is there anything of value that is only on that computer? (You do have off system backups, right?)
If not, great. Nuke it from orbit and reinstall. Some systems have vendor provided recovery procedures. Otherwise, borrow another computer to use that to create an installation usb drive. See this article if you are on Windows or this one from Apple. Use that to reformat / wipe the entire thing and reinstall from scratch.
If there is something that is only on that computer that you really care about and this is not a fancy new Mac with onboard disk, I'd purchase a replacement drive and usb -> drive adapter (typically an M.2 NVMe adapter. About $20 on amazon). I'd pull the original drive out and put a new one in. Then I'd reinstall from scratch using the instructions above. Finally I'd connect the old drive via the usb adapter and then copy only the files you need. (If you are really paranoid, you copy those up to a cloud storage area and then re-install from scratch again).
Note that if the malware started to encrypt stuff on the drive then you only have the 1st option available. There is no real recovery option available.
posted by SegFaultCoreDump at 12:37 PM on May 14 [1 favorite]
Response by poster: Yep, network off within half an hour of running it, which isn't optimal. Am getting Malwarebytes onto a usb now. Windows defender has odentofoed Trojan Wacatac.h!ml and I have let defender remove it. I would really like to avoid trashing the whole install if possible. Am calmed down a little but still ego bruised and concerned about my details.
posted by Iteki at 12:40 PM on May 14 [2 favorites]
posted by Iteki at 12:40 PM on May 14 [2 favorites]
Windows Defender is way better than anyone realizes.
If you let Defender do a full scan of the system and it gives you a clean bill of health you're probably fine, honestly, but it can't hurt to let MalwareBytes do a full scan as well.
posted by mhoye at 12:58 PM on May 14 [12 favorites]
If you let Defender do a full scan of the system and it gives you a clean bill of health you're probably fine, honestly, but it can't hurt to let MalwareBytes do a full scan as well.
posted by mhoye at 12:58 PM on May 14 [12 favorites]
Response by poster: Defender has quarentined a couple of files that were powershell scripts that started a file called build.exe which has also now been quarentined.
posted by Iteki at 12:59 PM on May 14 [2 favorites]
posted by Iteki at 12:59 PM on May 14 [2 favorites]
I recently had something similar happen to me. I lost my STEAM account as a result, fortunately it was recovered, but it was frustrating.
I used a boot disc scanner which found what I'm pretty sure was the culprit. All my other scans came up negative.
Pretty sure I used Kasperky Rescue Disc but Trend micro is probably just as good.
The important thing is they don't load your system up so whatever's causing your problem can't load prior to your scanning.
posted by Silentgoldfish at 7:11 AM on May 15
I used a boot disc scanner which found what I'm pretty sure was the culprit. All my other scans came up negative.
Pretty sure I used Kasperky Rescue Disc but Trend micro is probably just as good.
The important thing is they don't load your system up so whatever's causing your problem can't load prior to your scanning.
posted by Silentgoldfish at 7:11 AM on May 15
Trend micro is probably just as good.
I used to fix PCs for money and I would not ever use or - worse - install a Trend product. They're just awful. Kaspersky's stuff is OK.
If anybody reading this inherited Trend antivirus in their Windows installation as bloatware from the manufacturer, my best advice is to uninstall it, then reboot, then use the Windows Security Centre to make sure Windows Defender is properly on the job.
And do not ever give Trend your credit card number. Just don't do it. It's way harder than it should be to unsubscribe from their "services".
posted by flabdablet at 10:03 PM on May 15
I used to fix PCs for money and I would not ever use or - worse - install a Trend product. They're just awful. Kaspersky's stuff is OK.
If anybody reading this inherited Trend antivirus in their Windows installation as bloatware from the manufacturer, my best advice is to uninstall it, then reboot, then use the Windows Security Centre to make sure Windows Defender is properly on the job.
And do not ever give Trend your credit card number. Just don't do it. It's way harder than it should be to unsubscribe from their "services".
posted by flabdablet at 10:03 PM on May 15
« Older What vendor can build a reporting system for my... | When is it safe to play with a diabetic cat? Newer »
You are not logged in, either login or create an account to post comments
I don't know if it's the same as mentioned in this reddit-post.
posted by Iteki at 11:46 AM on May 14