Author

Topic: [HELP!] What should I do after being phished? (Read 3425 times)

sr. member
Activity: 672
Merit: 250
On my system the downloaded file opened up access to DarkComet RAT.  They used that to remote onto my system to try installing other software.  In the details of the file it downloaded Dell Datasafe was mentioned.  It looks like a service similar to Dropbox.

Chad
hero member
Activity: 574
Merit: 500
MOD's- can someone please remove the link from the OP's post - he seems incapable of editing his own post

[EDIT] wouldn't be surprised if this is a sock puppet post

[EDIT2] reported to moderator
full member
Activity: 140
Merit: 100
Mining FTW
The first thing you should do is remove the link to the phishing page?

I think the link is ok as long as you don't download the actual script... Or I may be wrong...

To be safe, I would just remove it so others don't run the script on accident.
Put it between spoiler tags, and put alerts notifications around it, people wanting to help still like the link Smiley

You could go through a long process and remove it or just format, which is what I'd do.
the long process... is so long that I could spend months on it... and still see the mouse move on its own after I hook it back up to the internet... reinstalling is the only safe option...
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
You could go through a long process and remove it or just format, which is what I'd do.
hero member
Activity: 672
Merit: 500
The first thing you should do is remove the link to the phishing page?

I think the link is ok as long as you don't download the actual script... Or I may be wrong...

To be safe, I would just remove it so others don't run the script on accident.
sr. member
Activity: 672
Merit: 250
I'm ashamed to say I fell for it.  I thought it was a wallet file and accidentally clicked on it while I was trying to import the keys.  I deleted the file and scanned my computer for problems.  I thought I removed the problem and went to bed.  I woke up about twenty minutes ago and saw my mouse moving by itself.  Someone had messed with my firewall settings, opened up bitcoin-qt, and had just downloaded a file called _DVSoy.exe from plasmon.ghost.ru.

Chad
newbie
Activity: 37
Merit: 0
The first thing you should do is remove the link to the phishing page?

I think the link is ok as long as you don't download the actual script... Or I may be wrong...
full member
Activity: 154
Merit: 100
The first thing you should do is remove the link to the phishing page?
newbie
Activity: 37
Merit: 0
Follow up on the "5 coins Raffle scam".

I actually clicked on this link:

[Be cautious! This link is dangerous! Unless you are absolutely sure what you are doing please do NOT click on it]
http://rghost.net/47200539?r=1096  


and clicked the Trojan script.....

Now I'm thinking about re-install my whole operational system and change every single password I have...

Could anybody look into the script and see what it does? Or any general suggestions or help would be appreciated!!!

Big lesson from this  Angry
Jump to: