Could this be malware?

[devnulllore]

Because the email said I went to a compromised web site and that's how they got my info I don't know how it works and next time I should update my browser.

[+BudMan MVC]

What does what browser you used to create a website account have to do with the site being compromised?  Use whatever browser you want that makes you happy..  You could of been using any browser, Doesn't matter how you got there or how you put the info into the sites db... Once the db has been compromised, if not properly secured by the site owner.. Then your info would be available to the people who gained access to the DB..

 

What the email said, and what is actually true are normally light years apart

 

Post up this email - so we can see what it says... My guess its a cookie cutter spam/scam email that form filled in the info they got from whatever site was compromised.  That had your info in it - any of the 30 of them it seems.  Or it could of been from one that is not yet "known" to have been compromised.

[devnulllore]

Ok, give me a little while and I will post the email.

[devnulllore]

This is the email in it's entirety:

 

Hey, I know your password is: (edited out)

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1400$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible ###### that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 14qd4cN3HZ2ErMddV6QmWvE7mVUcGSBh1X

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.

Mail-Client-ID: 4483923502

[SnoopZ]

1 hour ago, adrynalyne said:

Ditto. 

I also can't see them.

1 hour ago, devnulllore said:

Ok I checked the  https://haveibeenpwned.com/  site and it says I have been compromised by over 30 sites and they want me to buy a password program. What can I do now? Should I notify my service provider?

Most people are getting flagged up there with something.

 

Off topic i use Lastpass.

Edited August 25, 2019 by SnoopZ

[Jim K Global Moderator]

1 hour ago, devnulllore said:

This is the email in it's entirety:

 

Hey, I know your password is: (edited out)

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1400$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible ###### that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 14qd4cN3HZ2ErMddV6QmWvE7mVUcGSBh1X

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.

Mail-Client-ID: 4483923502

The email is bull...they got your password from one of the data breaches (beyond your control) ... not from the method they wrote in the email. 

 

Just change your passwords to sites that have been compromised ... and don't use passwords that have been compromised (such as the one you "edited out" ... why are still using that one?)  

[eddman]

3 hours ago, devnulllore said:

Ok well now I am just concerned about the browser I use. I use the latest version of chrome. How safe is Chrome in these circumstances? 

They didn't hack you; they almost certainly got the email and password from one of the hacked websites that you had signed up with.

 

As for your main issue (I haven't read all the comments): Take an HDD or SSD, backup anything important that is on it, now disconnect all the other ones, start a fresh windows installation (do not use a backup image), at the partition selection prompt delete all the partitions and then create new ones and install windows.

 

After the installation is done, do not attach any other internal or external drives, USB flash drives, etc. Once you boot into windows, download all the required drivers from scratch and install them. Update windows if you want to. Do not install any third-party software yet.

 

Now use your computer a bit, browse websites with edge. If it looks good download steam and install a game or two and see if it stutters.

 

If it does, then either one of the latest windows updates or drivers are causing an issue or your hardware is going bad; might even be a mainboard issue as one of the posters mentioned.

 

If it doesn't stutter, then gradually download and install the software that you usually use. Check your PC for stutters regularly. You need to find what triggers the stutter so don't install all the software in one go. (Make sure to download them; do not use any setup files that you already have on your drives.)

 

If after installing everything it still doesn't stutter, connect the other drives and check again. Tell us how it goes.

 

P.S. I know; it's a bit of a pain to spend so much time doing all that but sometimes you need to go with small steps and check as many variables as you can.

Edited August 25, 2019 by eddman

[+BudMan MVC]

Dude those words are exact from the article I linked too about this sort of nonsense

"I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF"

 

It's spam/scam garbage - deleted it an move on..

https://malwaretips.com/resources/i-infected-you-with-my-private-malware-rat-fake-blackmail-scam.277/

 

If your email was on 30 different sites that have been compromised - then yes I would adopt better password policies..

"Use different passwords for each site"

If you can do that on your own - great, if not look to password tools, many of which are free.. I am currently just using the lastpass free option.

Which will make it easier for you to use different passwords for each site, and complex ones.

 

edit:  I am a bit surprised your email host didn't block that as spam anyway.

[devnulllore]

Hi, I went back and changed as many passwords as I could ever remember but there is news. I have a buddy of mine I used to work with at RCN with who is a security expert. He came over and used a some sort of Linux boot disk to log into my PC. He said there were 2 instances of a RAT, some sort of Remote Access Trojan and he had to reinstall windows again to be safe. I told him my nephew uses my computer once or twice a week and he admitted he browses some porn sites, some he knows get blocked occasionally, but he circumvents the blockage and goes there anyway. Well If this is real or not I will find out soon enough. I will just be vigilant about the sites he goes to from now on. He also suggest I use an encrypted password manager like Lastpass does anyone use that? Is it good and safe? I trust my buddy but I also trust you all implicitly. Thanks again for all the help but just a side note. The windows lag is still there but I since the reinstall I am no longer crashing every 5 minutes. One thing my buddy notice is when the lag happens Windows Explorer pegs my CPU usage, and memory usage maxes out so it could not have been the Trojan that was causing the lag. I think I am going to have to open my PC and do a complete overhaul ie.. reseating all my cards, checking cables and overall cleaning out the system. I will report back after I do this.

[devnulllore]

A little off topic but, I use Iobit Smart Defrag for my conventional drives and I noticed my anti-virus software, Eset, claims it's a PUP. Is Iobit software safe to install?

[SnoopZ]

8 minutes ago, devnulllore said:

Hi, I went back and changed as many passwords as I could ever remember but there is news. I have a buddy of mine I used to work with at RCN with who is a security expert. He came over and used a some sort of Linux boot disk to log into my PC. He said there were 2 instances of a RAT, some sort of Remote Access Trojan and he had to reinstall windows again to be safe. I told him my nephew uses my computer once or twice a week and he admitted he browses some porn sites, some he knows get blocked occasionally, but he circumvents the blockage and goes there anyway. Well If this is real or not I will find out soon enough. I will just be vigilant about the sites he goes to from now on. He also suggest I use an encrypted password manager like Lastpass does anyone use that? Is it good and safe? I trust my buddy but I also trust you all implicitly. Thanks again for all the help but just a side note. The windows lag is still there but I since the reinstall I am no longer crashing every 5 minutes. One thing my buddy notice is when the lag happens Windows Explorer pegs my CPU usage, and memory usage maxes out so it could not have been the Trojan that was causing the lag. I think I am going to have to open my PC and do a complete overhaul ie.. reseating all my cards, checking cables and overall cleaning out the system. I will report back after I do this.

Lastpass is awesome a few people in this thread have said they use this a few posts back,give it a try and also setup 2fa on your mobile phone with it.

[+BudMan MVC]

33 minutes ago, devnulllore said:

He said there were 2 instances of a RAT, some sort of Remote Access Trojan

And which ones were they exactly?

[devnulllore]

He did not specify. I will ask him next time I speak with him. He did say they were the most common ones he's seen.

[+BudMan MVC]

Well its very odd - because your email stated that he removed his RAT

Quote

After that I removed my malware to not leave any traces.

 

 

[devnulllore]

Just now, BudMan said:

Well its very odd - because your email stated that he removed his RAT

 

Right but my buddy says they always leave traces but can only be picked up through a boot environment other than Windows. I am not familiar with Linux too much.

[+BudMan MVC]

Dude it was a JOKE   that you actually think that scam/spam email was legit is funny to be honest.

 

Do you even have a webcam?

[devnulllore]

Yes I have a web cam and since I use Cortana it's always on. Good then and I really hope your right. I am however happy that at least I took some precautions.

[devnulllore]

So does anyone use Smartdefrag for their conventional drives? I tried to install it but Eset keeps blocking it saying it's a PUP. Any thoughts?

[+Warwagon MVC]

I would still test the ram just to be on the safe side, I would also download a Linux distro or a Windows 10 PE and run it off a flash drive to see if you experience any of the freezes. This way you can rule out your entire windows 10 install instantly.

[+BudMan MVC]

So esat stops you from running smartdefrag... but didn't help you with your rat infection

 

Exclude it from your detection if you want it... But there is really zero use for that software... The built in defrag is more then sufficient... Maybe if you would stop installing every piece of software under the sun on your so called "clean" installs you could actually figure out what is causing your problem

[devnulllore]

1 hour ago, warwagon said:

I would still test the ram just to be on the safe side, I would also download a Linux distro or a Windows 10 PE and run it off a flash drive to see if you experience any of the freezes. This way you can rule out your entire windows 10 install instantly.

Okie will do. Thanks

[sc302 Veteran]

It would help more to break down the explorer.exe process and find out if it is the same process/dll causing your issue or if it is constantly changing.  Explorer.exe can call 1,000,000 other processes.  Task manager only reports on the main process.  You need to drill down further with resource monitor or process explorer.

 

Your computer is basically your patient, and you are the doctor.  Your patient told you it hurt in it's stomach....you need other tools to be able to dig into its stomach to see what the actual issue is.  You obviously can't remove the patients abdomen to stop your patient from hurting, you would kill them if you did.  What are you going to use to investigate further, or are you going to keep stuffing it with medication in hopes that the pain goes away or continuing to misdiagnose it?  Or chasing the maybes or could-be's from other doctors who have never seen this exact issue before but know that something like this has happened but their patient was just about dead vs your patient that isn't dead, is still breathing and functioning normally...

[+Warwagon MVC]

3 minutes ago, sc302 said:

It would help more to break down the explorer.exe process and find out if it is the same process/dll causing your issue or if it is constantly changing.  Explorer.exe can call 1,000,000 other processes.  Task manager only reports on the main process.  You need to drill down further with resource monitor or process explorer.

Good point. He may all want to take a look at shellview .. I created a thread about it back in the windows 8 days, because there was a shell hook Nvidia was using which was causing a freeze on every right click. I use d this program to disable it.

 

 

[sc302 Veteran]

41 minutes ago, warwagon said:

Good point. He may all want to take a look at shellview .. I created a thread about it back in the windows 8 days, because there was a shell hook Nvidia was using which was causing a freeze on every right click. I use d this program to disable it.

 

 

yes, but that is still a shot in the dark.  The issue is, you don't know what is causing explorer.exe to spike.  Using this and randomly disabling crap is a crap shoot.  I am asking to drill down and see what is actually causing explorer.exe to spike and then if we need to find the utility to disable or uninstall the program or find some other way to inoculate it to permanently fix the issue utilizing tools that can do that....one of which is built into windows but doesn't go into as much detail as the other software by sysinternals.

 

Bottom line, no one here knows what is going on and everyone is shooting at the hip in hopes that issue is fixed.  Very few have offered any real troubleshooting steps or ideas, but many have offered guesses which is taking more time to accomplish vs finding root cause.  I even entertained the thought of reinstall, more so to help a struggling individual than thinking that it would actually solve anything. 

[devnulllore]

I finally found something although I am not sure it is much. After using Procmon I found the the process 'DasHost.Exe' was the process that was spiking. Does anyone know about this? Google states it controls communication between wired and wireless devices.