I need help- please- prior "friend" inserted files into my onedrive via USB (I am certain) I need help determining what to remove or do here-please!

Status
Not open for further replies.
jessicacathey205

jessicacathey205

New member
Joined
Mar 9, 2024
Posts
4
I want my privacy back and I have downloaded the scanner tool for frst and will share the files that were scanned- can someone help me determine what is going on or how to fix it? I believe it has been made where I am not the administrator, there may be remote accessing and something with the certificates, I feel is off. I am not super computer savvy and really want to feel comfortable using my devices again which I Haven't for years. Please help!
 

Attachments

Hello.

Welcome to Sysnative Forums.
EPFGbk7.gif


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==================

I'll review your logs and be back to you when I am ready.
 
Hello.

Indeed, you have dozens of files, not only in your OneDrive, but in your Downloads folder and Desktop as well. Most of these files are PDF or files having to do with specific programs or with the system itself. You can delete the PDF files you don't need.

I don't see signs of an active infection in your logs. However, I have some comments and questions for you, as a start.

1. Browser extensions

You have many extensions installed in Edge and Chrome (see below), having to do with coupons and online shoping/payments. If you don't need/use them, please uninstall them all, from both the browsers.

Code: 
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-27]
Edge Extension: (Cently: Automatic Coupons + Cashback for Free) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\boijkogogijcdbpifnjbbmompieodaoi [2024-01-30]
Edge Extension: (RetailMeNot Deal Finder™️) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhlidomodkicgjafmppbblmgbkdcjpad [2024-03-09]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-02-23]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2024-03-09]
Edge Extension: (CouponBirds - SmartCoupon Coupon Finder) - C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnedebpjhiaidlbbhmogocmffpdolnek [2024-02-26]

CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-24]
CHR Extension: (Klarna | Shop now. Pay later.) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2024-01-31]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2024-03-09]
CHR Extension: (Cently: Automatic Coupons + Cashback for Free) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2024-01-31]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2024-03-09]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-03-07]
CHR Extension: (CouponBirds - SmartCoupon Coupon Finder) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnedebpjhiaidlbbhmogocmffpdolnek [2024-03-09]


2. Notifications from Chrome

Did you intentionally have Chrome getting notifications from the following sites?

Code: 
hxxps://deals.getakko.com;
hxxps://reviewed.usatoday.com;
hxxps://service.transunion.com;
hxxps://snowjoe.com;
hxxps://stat.vin;


3. App in Chinese

Do you recognize this app installed in your computer?

计算器 - 默认计算器 -> C:\Program Files\WindowsApps\WuhanNetPowerTechnologyCo.58100A0E8B71F_1.0.7.0_neutral__63m8b6nby1dvp [2024-02-28] (Wuhan Net Power Technology Co., Ltd)

If not, uninstall it:

Go to Settings (press the Windows logo key together with letter i) and then Apps and Installed apps. Find the above app, click on the 3 horizontal dots at the right, and choose uninstall. Follow the prompts to complete the uninstall.


4. DriverEasy

We do not recommend registry cleaners, system optimizers, driver boosters and the like. They can cause more harm than good. So, uninstall DriverEasy.

Go to Settings (press the Windows logo key together with letter i) and then Apps and Installed apps. Find DriverEasy, click on the 3 horizontal dots at the right, and choose uninstall. Follow the prompts to complete the uninstall.



In your next reply please post:

  1. What did you do with the browsers extensions
  2. A reply about the notifications in Chrome
  3. A reply about the Chinese app and what you did with it
  4. If you successfully uninstalled DriverEasy
  5. What "weird things" you see in the computer, making you think that you are infected???
 
Thank you so much for taking the time to get back with me and help me with this! I truly have been at a loss of what to do, or how to handle this so I can't thank you enough!

1.) What did you do with the browsers extensions:
Since I got the vibe these are not ideal to have a lot of based on your response, but I do use the discount extensions on a regular basis and they do save me a lot of money, I decided to choose my favorite four that I found to be the most useful and removed/deleted the rest of them, from my Chrome browser. With the Edge browser, I removed/deleted all of them as I was not aware I even had extensions on that browser. I usually only use Chrome, unless I end up in Edge by mistake, or if there is an issue with Chrome, but generally speaking, I do not like Edge and never choose it when opening a browser, I always go for Chrome instead.

2.) Did you intentionally have Chrome getting notifications from the following sites?
No!! I honestly had no idea that I was set up to get notifications from ANY sites! I definitely do not want notifications and from any of those sites, either. I went into settings and turned off sites being allowed to send notifications and blocked them all, so hopefully that is what I needed to do to fix that issue.

3.) The Chinese app, I believe I did install intentionally, but not realizing it was a Chinese app and in another language, as well. It is just a calculator. For some reason my normal windows calculator has gone away and I really found out how often I used that thing after losing it. I tried to find the original one through the Microsoft store, but it was just not working and I ended up downloading that one. I did go ahead and remove it though. Are you possibly able to tell me where to get the normal calculator that used to be stock with windows back, or a safe one to download in its place?

4.) Yes, I did successfully uninstall Driver Easy from my pc. I also am going to be doing the same with my son's laptop since you do not recommend having it. Since I did purchase the program in order to help my son keep his gaming laptop up to date with the right firmware/drivers, etc. as I do not think he will regularly go to the website to make sure he has the latest software and I didn't want his computer to have issues or be outdated on what it needed, what should I do to make sure that he does maintain the up to date drivers/firmware necessary? I always relied on Driver Easy to inform me of what was needed, or what they claim was needed, rather... Is there another way to stay on top of those thing aside from checking the product's website for their updates every so often, or is that what I need to just make sure to do, to keep it up to date?

5.) What I mean when I say I see a lot of weird things in the computer that makes me feel like it is infected, could just be me being paranoid, but I will give some examples below. I want to explain a little more why I feel this way which may also help you help me with where things could be hidden in my computer, if there are any. Let me explain- I had a friend who ended up being my roommate and who I knew was extremely computer savvy and who I later learned was actually a hacker and although he claimed to be an ethical hacker, I learned from accidentally seeing a couple of things that he did not hide very well. Such as I walked into his room one day and saw on his big screen videos of a girl he was dating's phone like a mirror imagine syncing all the things she had going on in her phone, her text messages, pictures, etc. I also found some old cell phones in the garage and admittedly snooped through them and found all kinds of apk apps (I am an iphone girl so forgive me if I am using the terms incorrectly as it is foreign to me) but when I googled what each of these things were, they were unsettling. Some were made to record videdos and capture pictures while sitting on the counter appearing to be doing nothing and basically everything was solid proof of hacking in an non ethical way. Before I realized all of this, he had "so generously" given both me and my son computers. He gave me a nice laptop and he gave my son a computer he "built" which at the time, I thought was a very nice thing but later realized it was probably for a reason. Eventually, I ended up realizing that a cell phone charger block that was placed in my bathroom, was actually a hidden camera and when I discovered it because I noticed the small pinhole and he was acting weird about asking for his charger block back that he accidentally left in there, his urgency about it led me to be suspicious and I googled what was written on it and sure enough it was a hidden camera that had audio and video footage. I took the footage off of it and it had all sorts of private videos that I was unaware were being recorded, not only of me, but of my Mom and anyone else who came over and used my bathroom. I kicked him out and spoke with the police about it but he ended up moving out of state somewhere. Gross, I know. I got rid of all our computers and got new ones, but it was a little too ironic that any time I would discuss anything that had to do with this or any topic about him, or just certain things that I would hear from him randomly and it was just too coincidental the reason he would contact me, it was obvious when I would save into my computer/one drive and he would suddenly pop up out of no where with a random message and it be about the same topic, or just something that was way too coincidental to be happening how it was without him somehow still being linked to my devices, which could be my phone, not my computer, or hell it could be a hidden device in my house still, but I have also changed all my wifi and even a different carrier and had a friend help me check for anything that could be here (as I still live in that same house) but what I can't help but keep going back to is my Microsoft One Drive.... Before I knew he was not just being nice, he had given me a USB stick that had a windows operating system on it (he said) for me to reinstall windows when my computer was giving me trouble. He also said he included some music making program on it I could let my son use and basically I just said thanks, installed the entire USB into my computer, including into my Microsoft one drive and went on with my life. Well, I can't help but feel like that USB could have had his entry way inside of it (I don't know if this is even a thing, but I feel like it makes sense) and that is how any time he has randomly contacted me about anything it has been something that i recently had in my files, etc. I began looking at the files that came off of that USB drive over the last few days, which were supposed to just be Windows operating system files, and I started to google a few of the strange looking names and a lot of the results were coming back as being signs of malware. A couple of these examples are there are a TON of files that end with .man
Here are some I thought were strange but maybe they are normal-
  • commandprompt-win7-eplacement.man
  • webservices.dll,
  • xsl:for-each select="CompatReport/HardBlocks/ComplianceIssuePri1">
  • iasmigreader.exe
  • rpc-local-dl.man
  • rollback.exe
  • offline.xml
  • DIAGTRACKRUNNER.EXE
  • gatherosstate.exe
  • codeintegrity-rpl.man
  • upnpdeviceost-dl.man
  • spwizres.dll
  • CMISETUP.DLL
  • diagtrack.dll
  • shared dlls
  • NPSMSVS_XXXX (4 digit number) in services
Those are just some of the files under the windows system files he had on that USB I saved into my One Drive...
Not only that, but I always am seeing random account users, or not being able to do certain things within my computer even though I should be the admin. I always turn off remote access options, but somehow they always end up back on and there are a lot of things that I feel like may be suspicious when it comes to the certificates, and the trusted signatures and all that. Not to mention, any time I start looking into those type of settings and digging around, without even making any changes, the computer gets extremely laggy and feels like it does when I have had remote access in the past. It generally will end up going black and having to be restarted which is never an issue or something that happens any other time.... I know I may be paranoid and I accept that and feel like I probably have earned the right to considering what I have explained, but I feel it that there is something going on. I am certain... I just don't know exactly what. Is it normal to have a bunch of random "users" on the computer that have access to certain things but that I have no idea who they are or where they came from and most of which are listed as a bunch of numbers - for example -Computer\HKEY_USERS\S-1-5-21-4206182839-4132911258-3399424257-1002. But lots of these.
There are certain settings that I have found that involve parameters and within these settings, some of them have a log in under one of the tabs that says Local and has a password that is a bunch of black circles and I cannot see what it is, and others are not set up this way. I hope this makes sense but I do not know if that is normal or not. I believe I have found these when looking under the computer management settings possibly? I don't know I get too overwhelmed by it all but maybe within this novel of absolutely making me look like a paranoid insane woman I will have explained something that you are able to use to check for me to see if I am paranod, or if he may in fact be still accessing my personal info.

Thank you again I really can't thank you enough.
 
Hello.

You definitely are in a great stress and uncertainty. And I don't blame you.

After all these, I strongly recommend you to buy a new USB or an external disk, save your important documents/videos/pictures/music and go for a fresh re-install of the operating system, in both, yours and your son's computer.

We could go on and do the usual cleaning, but it would be safer for you to go for a clean install.

Let me know about your decision.
 
Were any of those files I mentioned unusual or suspicious? Or did they all seem as if they could be 'normal'?

If I were to do the clean install, how do I go about doing so? Also, once I logged back into my one drive, would that just re-infect the device, if that is where it was coming from? Could it be in my e-mails, or my accounts such as one drive, or iCloud. LIke doi I have to literally start over fresh as if I have never had history of any accounts, etc. to resolve this possibly? :(
 
The files are OK.

I recommend you to check now your OneDrive folder and delete everything you do not need and everything you don't recognize. Keep only what you really want to be there.

After that, go for a clean install of Windows 11. The procedure is not so complicate as it looks like. In any case, let me know if you need assistance at any step.

As soon as the clean install is completed, change all your accounts' passwords (emails, bank accounts, social media etc.).

Here are the steps you have to follow to perform a clean install of the operating system:


1. Prepare a bootable USB drive with Windows 11

This link will guide you how to do it:

Create installation media for Windows


2. Make your computer boot from USB drive

You have to change boot order, so when the time comes, the computer will boot from the USB drive, installing Windows from scratch.

This link maybe helpful: How to Change Computer BIOS Settings


3. Reinstall Windows 11

Insert the USB drive to the computer and restart.

Follow the instructions under the title Installing Windows 11 From the USB Drive (scroll down to find it) from here: https://www.howtogeek.com/874846/how-to-do-a-clean-install-of-windows-11/

Make sure to delete/format all the partitions when you get to that step.


Let is know if you have any question about the procedure.
 
Hi.

Are you still with me? Do you need any assistance regarding the above? Feel free to ask anything about the procedure described above.
 
I am here i apologize my son was sick and i am behind on my emails as a result- catching up now and will reply shortly
 
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member, or send me a personal message (hover with the mouse on my profile name and choose Start private message).
 
Status
Not open for further replies.
Back
Top