On my system the downloaded file opened up access to DarkComet RAT. They used that to remote onto my system to try installing other software. In the details of the file it downloaded Dell Datasafe was mentioned. It looks like a service similar to Dropbox.
Chad
Topic: [HELP!] What should I do after being phished? (Read 3402 times)
MOD's- can someone please remove the link from the OP's post - he seems incapable of editing his own post
[EDIT] wouldn't be surprised if this is a sock puppet post
[EDIT2] reported to moderator
[EDIT] wouldn't be surprised if this is a sock puppet post
[EDIT2] reported to moderator
The first thing you should do is remove the link to the phishing page?
I think the link is ok as long as you don't download the actual script... Or I may be wrong...
To be safe, I would just remove it so others don't run the script on accident.
You could go through a long process and remove it or just format, which is what I'd do.
the long process... is so long that I could spend months on it... and still see the mouse move on its own after I hook it back up to the internet... reinstalling is the only safe option... 
You could go through a long process and remove it or just format, which is what I'd do.
The first thing you should do is remove the link to the phishing page?
I think the link is ok as long as you don't download the actual script... Or I may be wrong...
To be safe, I would just remove it so others don't run the script on accident.
I'm ashamed to say I fell for it. I thought it was a wallet file and accidentally clicked on it while I was trying to import the keys. I deleted the file and scanned my computer for problems. I thought I removed the problem and went to bed. I woke up about twenty minutes ago and saw my mouse moving by itself. Someone had messed with my firewall settings, opened up bitcoin-qt, and had just downloaded a file called _DVSoy.exe from plasmon.ghost.ru.
Chad
Chad
The first thing you should do is remove the link to the phishing page?
I think the link is ok as long as you don't download the actual script... Or I may be wrong...
The first thing you should do is remove the link to the phishing page?
Follow up on the "5 coins Raffle scam".
I actually clicked on this link:
[Be cautious! This link is dangerous! Unless you are absolutely sure what you are doing please do NOT click on it]
http://rghost.net/47200539?r=1096
and clicked the Trojan script.....
Now I'm thinking about re-install my whole operational system and change every single password I have...
Could anybody look into the script and see what it does? Or any general suggestions or help would be appreciated!!!
Big lesson from this
I actually clicked on this link:
[Be cautious! This link is dangerous! Unless you are absolutely sure what you are doing please do NOT click on it]
http://rghost.net/47200539?r=1096
and clicked the Trojan script.....
Now I'm thinking about re-install my whole operational system and change every single password I have...
Could anybody look into the script and see what it does? Or any general suggestions or help would be appreciated!!!
Big lesson from this
Jump to: