Two weeks ago I bought a new computer off Amazon. It’s a basic offbrand windows 11 computer but was clearly cheaper than most others with the same specs because the company behind it cut a lot of corners (not even sure my windows is authentic). It did not come with Office like my last computer did. I set out to see if there was a free option. A website said to click a link. Clicked it. There was a 15 second countdown then an allow deny prompt came up. The instructions said to click allow…. I’m been on the inernet since the 90’s I 100% know better than to do it… But i clicked allow. A cmd prompt screen popped up for a fraction of a second then went away. I had a bad feeling but went on with my day. This was last Saturday.
On Monday – I started getting email spammed on my work email (which i can’t access from a personal computer but it is the email I have registered to my amazon account which I access regularly on this computer). A quick google told me someone was most likely about to try to purchase something and was flooding my email so I wouldn’t notice. Sure enough someone was in my amazon account saying I didn’t receive this very same laptop I had purchased (and received). The refund was issued in account credit but had not yet been used. I logged everyone out of amazon and changed my password. Then let Amazon know what happened so they could take the credit back.
That same day – when I tried to log into gmail I got a message saying there was suspicious activity on my account and I most likely had malware. I tried doing a virus scan and windows found something, but wouldn’t do anything when I asked it to clean it (button wouldn’t work). I tried doing a factory reset of computer, but my computer was locked from doing a factory reset. So I did a safe start then a complete reboot factory reset. Fresh computer.
Thought issue was over.
Tuesday – someone purchased 2 PS5 game codes on my ebay account. Ebay refunded me and closed my account.
Wednesday – My bank statement showed 4 debit card authorizations of $0.00 from Microsoft xbox. I called my bank and they told me they were pre-authorizations by a system verifying it was a valid debit card but nothing had been purchased. They cancelled my card and are sending me a new one. I also cancelled all my credit cards and am having new ones sent as well. My bank said my ACH clearing house hasn’t been used in a while; and they will monitor it to make sure it isn’t used for the next few weeks.
I downloaded Avast free. I ran a scan of the freshly booted computer and Avast found nothing. So I figured the purchases from Tuesday and Wednesday had to have been made using information from the previous breach. I also changed every password to every account to something completely unique for each account (all passwords I’ve never used before; all complex passwords). I have the passwords stored in a handwritten notebook. And turned on 2FA for everything.
Nothing weird has happened since. I check all my accounts every day and no unauthorized activity since.
But this morning – I went to log into my gmail account and it once again said I have suspicious activity and to run malware software and that someone most likely has my login information (this is after I changed all my password after the fresh reboot).
I ran Avast and it found nothing.
I then downloaded AVG – AVG found nothing.
I then downloaded Malware bytes – it found something in my system settings it recommended by cleaned up – so I let it (it didn’t tell me what it was; and not even sure it was malware; just something it recommended be removed).
I then downloaded Kaspersky – it found nothing…
I wanted one more. Tried Norton Power Eraser – but got an error that it couldn’t run on my computer because I have WIMBoot enabled.
Is it possible the reboot didn’t clean the virus from my system? Is it also possible I have malware but none of the malware detectors are detecting it? Maybe the notice by gmail was false and it’s really what triggered my fears. But nothing compromising has really happened since Wednesday. All passwords have been reset; all accounts have been 2FA’s, All cards have been cancelled.
But now I’m basically scared to even use this computer.
TLDR since this is long: All my accounts online were compromised from what I believe to be malware. I did a factory reset of my computer. Reset all my passwords. Turned on 2FA everywhere. Nothing has happened financially since Wednesday but this morning Gmail told me it believed someone had my password (that I had reset) and that I likely had malware. Is it possible the factory reset didn’t remove the malware? And is it possible running 5-6 virus scans that didn’t find anything major could all be wrong?
submitted by /u/mound_maker
[link] [comments]
