nickg5
asked on
Malware
For my hotmail accounts one has been hacked using malware. They say they know two of my passwords. One they know is accurate. One they have 6 of 9 characters correct. What free program can we use to remove any malware. The person warns on a daily basis but never acts on their intentions with a deadline they give of 3 days.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Bill is correct in that there are enough breaches out there that you may receive an email stating that the sender has you password (and list the password) and the most common ploy is to say that they got it by you visiting a porn site where they turned you webcam on and have pictures of you perusing the porn. So if you got something like that - you can probably ignore it. That said, if the password is something that is important, it means it is available on a breach site - so it would be wise to change it and turn on 2FA.
ASKER
Thomas:
Yes some of what you say was in the text of the email I got.
Unless a webcam is built into my Acer monitor or Lenovo pc tower they got no webcam.
What is 2FA
Yes some of what you say was in the text of the email I got.
Unless a webcam is built into my Acer monitor or Lenovo pc tower they got no webcam.
What is 2FA
Hotmail is web mail, so change all your web passwords (Hotmail, Bank, Investments, Facebook and so on - All). Use something complex (one or two special characters, upper and lower case, numbers). Make up something you can remember.
Do a full scan with Windows Defender on your machine and see what it comes up with.
Do a full scan with Windows Defender on your machine and see what it comes up with.
2FA is two-factor authentication, also known as multifactor authentication. It just means that there is at least one other way to authenticate beyond your username and password. For instance, if you log into a website using your username/password, you might need to enter a code from your phone, either text or one generated by a 2fa app like Authy - better - or Google Authenticator, as a second authentication factor. FIDO devices are also very good for this.
Personally, I would do a full scan with multiple applications *before* changing passwords. If they do have access to your computer (through Malware), you change your password and then scan ... they have your new password and you have to do another round of password changes to lock them out ...
there are several things you might do after the scan
1. use a password manager
2. use 2FA anywhere possible
3. let the password manager create the complex passwords for you (see this article on PMs and this one)
4. Use a cloud syncing 2FA app on your phone - like authy
5. Buy either a random number generator or a FIDO device
1. use a password manager
2. use 2FA anywhere possible
3. let the password manager create the complex passwords for you (see this article on PMs and this one)
4. Use a cloud syncing 2FA app on your phone - like authy
5. Buy either a random number generator or a FIDO device
Sir you can use AVG or Avast they are good for removing malware.
You indicated that they have one password correctly. Did you use that password on any other site? One common source of this sort of threat is that a different site's passwords will get hacked and they'll use those to convince you that they have your password for another site.
ASKER
CompProbSolv
Unfortunately yes but I am in the process of changing all passwords and run Malwarebytes
The common password were to sites of no critical importance requiring a stronger password.
Unfortunately yes but I am in the process of changing all passwords and run Malwarebytes
The common password were to sites of no critical importance requiring a stronger password.
If this is true...
This almost certainly means you reused a password somewhere, which is... well... you just can't do this + expect to keep your accounts safe.
Everywhere you've used the password they ransomer mentions, change you password to a unique 16-32 byte random string.
Going forward, use unique 16-32 unique, random strings for every account.
Just change all your passwords + ignore the ransom request.
Tip: This has nothing to do with Yahoo. If it did, there'd be 1,000,000s of ranting Yahoo users. This almost certainly has to do with you using the same password across many accounts + somewhere your password was used has been hacked.
For my hotmail accounts one has been hacked using malware. They say they know two of my passwords. One they know is accurate. One they have 6 of 9 characters correct. What free program can we use to remove any malware. The person warns on a daily basis but never acts on their intentions with a deadline they give of 3 days.
This almost certainly means you reused a password somewhere, which is... well... you just can't do this + expect to keep your accounts safe.
Everywhere you've used the password they ransomer mentions, change you password to a unique 16-32 byte random string.
Going forward, use unique 16-32 unique, random strings for every account.
Just change all your passwords + ignore the ransom request.
Tip: This has nothing to do with Yahoo. If it did, there'd be 1,000,000s of ranting Yahoo users. This almost certainly has to do with you using the same password across many accounts + somewhere your password was used has been hacked.
And if you are not aware of them, it's a bit after the fact, but here are a couple of sites that can tell you if your email accounts have been involved in a known data breach, and the same for passwords. It's not foolproof, but if it tells you there is a known problem then for sure you need to get on that. Just because it doesn't know of a problem doesn't guarantee that no one has gotten you password, etc. But some useful tools and info to take a look at.
»bp
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Have I Been Pwned: Pwned Passwords
»bp
Something to consider once this issue is resolved ... https://www.experts-exchange.com/articles/33630/Proactive-Password-Tracking.html
ASKER
Malwarebytes found 662 threats. Many were pups which it always finds thru use of Google Chrome. There were a few registry key items.
When the system rebooted I went to Facebook and opened a chat window to "retry" to send a photo (see other question) and MB blocked some website at some IP. It left the screen quickly so maybe the program keeps the blocks.
This is Windows 10. Previous was Windows 7.
Is Windows 10 less vulnerable to these types of items found by MB?
When the system rebooted I went to Facebook and opened a chat window to "retry" to send a photo (see other question) and MB blocked some website at some IP. It left the screen quickly so maybe the program keeps the blocks.
This is Windows 10. Previous was Windows 7.
Is Windows 10 less vulnerable to these types of items found by MB?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
look on Process Explorer not Windows Explorer
ASKER
That is Windows (not Process Explorer).
Go to Microsoft Sysinternals and Downloads Find Process Explorer, download it to your folder Downloads. It is a ZIP file. Double click it to open the ZIP file and then run Process Explorer. It will look like what I showed above.
Go to Microsoft Sysinternals and Downloads Find Process Explorer, download it to your folder Downloads. It is a ZIP file. Double click it to open the ZIP file and then run Process Explorer. It will look like what I showed above.
ASKER
ASKER
I do realize this is outside of your comfort zone, but you need to get rid of what is starting and then attempt to eradicate it with Malwarebytes.
Please do not go to websites the cause these issues
Please do not go to websites the cause these issues
ASKER
I do not know what websites cause these issues.
I only know I have not run MB on this system in many months, so it did find 662 items.
I only know I have not run MB on this system in many months, so it did find 662 items.
That is the correct screen shot. Good.
I do not see anything there (limits to the one screen shot). So perhaps look farther down or maybe what is starting is not a process that we are looking for
I do not see anything there (limits to the one screen shot). So perhaps look farther down or maybe what is starting is not a process that we are looking for
Make sure you are using Windows Defender and are on Windows 10 Version 1803 or later.
Double click on the Defender Icon (System Tray) to bring up Defender settings. Go to App and Browser control and make sure Smart Screen is on at Warn or preferably Block.
Make sure the Windows Defender Icon has a green check mark lower right.
Double click on the Defender Icon (System Tray) to bring up Defender settings. Go to App and Browser control and make sure Smart Screen is on at Warn or preferably Block.
Make sure the Windows Defender Icon has a green check mark lower right.
ASKER
The screen shot was as far to the bottom as it would go for the explorer processes.
-------------------------- ---------- -
Make sure you are using Windows Defender and are on Windows 10 Version 1803 or later.
.......... version 1809
Go to App and Browser control and make sure Smart Screen is on at Warn or preferably Block.
........... changed from warn to block
Make sure the Windows Defender Icon has a green check mark lower right.
........... everything has a green mark except a yellow ! for device performance and health. Troubleshoot gets "Windows Store Apps." I did not continue as not interested in that app.
--------------------------
Make sure you are using Windows Defender and are on Windows 10 Version 1803 or later.
.......... version 1809
Go to App and Browser control and make sure Smart Screen is on at Warn or preferably Block.
........... changed from warn to block
Make sure the Windows Defender Icon has a green check mark lower right.
........... everything has a green mark except a yellow ! for device performance and health. Troubleshoot gets "Windows Store Apps." I did not continue as not interested in that app.
Windows Defender in V1809 and above is one of the best anti virus applications going.
ASKER
So on to MB scan in safe mode.
Please let us know if that stops the processes from starting up.
ASKER
What processes?
Anything MB can eradicate.
ASKER
MB in safe mode found nothing. But while the scan was going on in safe mode it blocked FreeEase.net. I do have an MP3 cutter which shows up under Free Ease on Google. They offer video software, etc.
Restart when all done and see if the pop up processes stop.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
ASKER
I expected all sliders that were moved to the right to award more points. In error I did not choose more than one solution which I intended to do.
You can if you wish go back to your question and award additional solutions if you wish
ASKER