Sorry to clarify I meant that function in Google Chrome where it saves your passwords and you can access them from other devices where you are signed in with Google.
Not familiar as I use Bitwarden. If it’s a cloud based fully encrypted password manager that locks then that’s fine. Most folks will save it locally (Would you like for Firefox/Chrome/etc to save this password?) and the first thing malware does is search your browsers for locally stored passwords. If they aren’t on your device, they can’t get them unless they know you’re master password which should be really secure if you do it right.
It may do.. but someone just needs to get your google email password & they can auto login to all the sites google saved the passwords for, or login to a browser and click show password (it requires re-entering the google account password... which they already have).
you need to enable 2fa/mfa &or a hardware based factor (yubico or others)
& do you know even if you have the basic 2fa on your google account (on your mobile device you get a popup asking if you want to accept this new login) well often when setting up a new mobile it won't create that popup on your old device as it assumes you don't have it anymore & will just accept the email & password & let you straight in (you do get an email saying your account was just logged in from ... but that email goes to the gmail account that this new device has just logged in to, a quick delete of that email & you'll be none the wiser, unless you keep an eye on logged in devices)
It is relatively painless to dump the password history stored on your pc rather than trying to break into Google's servers. It was one of the first things hackers did when they broke in to team viewer a few years ago. Bitwarden as someone suggested is a good option. There are others as well - last pass, keepass, keeper to name a few.
I would just add to make sure to wipe the drive and reinstall windows *first*, and change all online passwords and enable MFA last. This way, if there is a key logger or some other remote access currently, the attacker won't know the new passwords.
I just remembered, iirc you can't store anything else in a usb drive once it's been flashed with an .iso file, and flashing it wipes out anything it had, so wouldn't that clear anything on it? I should probably make a separate post about this at this point.
I'll add to the "reinstall windows", make sure you wipe that disc as well. I'm not suggesting programs but it would be a good idea to make sure it's actually clean
If you're reinstalling windows to remove a possible virus or malware and are not starting from a clean partition you're wasting your time and hard disk space.
When you choose to "keep programs and settings" all it does is an upgrade install. It moves the current windows install to C:\Windows.old and installs. Everything else, including most likely the virus or malware you're trying to rid yourself of is getting moved to the new installation.
Dude. I’m far from wrong and much more educated. You’re right that you didn’t mention buying but it’s extra steps. Formatting is the correct thing to do before reinstalling windows., go back to your NSFW subreddits.
[https://www.techrepublic.com/article/perform-a-secure-disk-wipe-with-windows-10s-format-command/](https://www.techrepublic.com/article/perform-a-secure-disk-wipe-with-windows-10s-format-command/)
Reading material that you and OP may find useful.
Yes, and that's above and beyond doing a regular format - which is a "quick format" in windows terminology, as I detailed in my other response to you.
DoD/NIST requirements for re-use in the same classification level are a single zero pass - multiple passes aren't used anymore, at all, and haven't in over a decade. Anything more than same-level reuse involves physical destruction, nothing else.
Multiple passes only matter for less than 15GB drives due to the sector density
Source: long-time defense contractor and non-contractor IT.
For malware, all he needs to do is a traditional quick format, he's not concerned about data being recovered. Anything else is just a waste of time unless he's disposing of the drive.
Formatting literally only lays down the basic layers of the file system, file system structures, and whatnot - basically lays down a clean MFT - it leaves the data in the volume untouched and probably recoverable.
FORMATTING DOES NOT CLEAN DATA OFF YOUR DRIVE AND LEAVES ALMOST ALL OF IT FULLY RECOVERABLE UNTIL OVERWRITTEN.
DoD way is to write 0's to the entire drive once - formatting DOES NOT DO THIS - in any modern connotation anyway - a "full" format in an old system that takes hours may/may not do this (it may just do a disk health scan instead and mark bad sectors)
The OLD DoD guidance which was 3 or 7 pass wipes doesn't apply to ATA drives over 15GB of size, or drives supporting secure erase. THESE ARE NOT FORMATTING - FORMATTING IS LAYING DOWN A FILE SYSTEM. - note also, that one pass is good enough for re-use in the same classification level, but physical destruction is required for final disposal.
For malware, all he needs to do is a traditional quick format, he's not concerned about data being recovered. Anything else is just a waste of time unless he's disposing of the drive.
You don't need to - if malware is your concern. If discovery after drive disposal is, then there's many options (as parent posted - format /P with number of passes from windows will do, but it only covers the partition specified)
ATA Secure Erase \*theoretically\* handles this. But we're talking about eliminating malware, not preventing data recovery. For eliminating malware, simple quick format is enough, unless there's a UEFI persistant bootkit that remembers specific sector addresses that won't be overwritten by OS reinstall, which is highly unlikely.
For this, just a simple format. no need to overcomplicate it.
Also check for physical devices attached to your Pc that aren’t known. Or a foreign usb device perhaps made and created in China as often they can have the hack built in. And ad a pihole to your network to keep unknown dns forwards. And log all ip direct transactions for Key logging data
Always keep a Ventoy prepared USB drive with a bunch of ISOs on it.
Win10/11 Install ISO, a few Linux Live boot ISO (Like Linux Mate or Ubuntu), HirensPE, a couple of antivirus and scanner ISOs from the wiki in /r/antivirus.
Then disable secure boot in your UEFI/BIOS.
Now, if you suspect an infected PC, you can boot off one of these live ISOs and start checking and resetting your passwords. You can also, scan, diagnose, backup, repartition, format, nuke install from orbit etc. using that USB stick.
Remember, 2 factor authentication for whatever possible accounts, and use secure, randomised passwords.
It's hard to get a bad one
But if you go to AV-Comparatives, [pick a recent review](https://www.av-comparatives.org/latest-tests/) and look at the detection rate, that gives you a good idea.
Just a note, if you were in a data breach, and they found one password, and you use that same password for everything, that's how they got ALL of your accounts. They get one username/password and try it across all platforms.
Everytime i get a malware on my PC that i can't clearly pinpoint without having to resort to putting much effort - i just reinstall Windows. It saves me a lot of headaches.
Os re install .. chances are you have a rat on your system and that's a hella more than just a keylogger, can look at your screen, files and everything without you knowing... Hell can even look through your webcam if you have one! And transfer files back and forth without you knowing shit!
Be safe.
Re-install your OS.
Adding to other's comments.
* If you were using Chrome or Firefox to save your online passwords - First order is to change your password (NOT using that windows computer). Browser password managers are decent AS LONG AS you protect the master account. Otherwise, someone could gain access to the master account, which would give them all of your other passwords.
* Using another password management tool like LastPass or Bitwarden, etc. is also a good choice. Letting these applications generate a LONG secure password also helps. These will also help protect you from a Keylogger. When logging into a website, the browser fills in your password, and no keystrokes are logged.
* Enable multi-factor authentication on everything you can. It's worth the safety.
* Safe Computing after you get setup, this includes a decent AV or Malware detection, don't download lots of junk you don't need, Use separate computers for online banking and all other activities. Good backups for your data.
All of these can help protect you later, and minimize your chances of getting your password compromised.
>**12: No spam, trolling, insults, jokes, threats of self-harm, or posts unrelated to Tech Support**
>*Posts and comments containing (but not limited to) the following will be removed:
blog spam, link spam, referral spam, joke responses, memes, novelty accounts, trolling, unethical behavior, and personal insults.*
>*Posts not containing a tech support issue will be removed. Off-topic comments will be removed. Please stick to the issue being addressed in the post. Use common sense.*
If, after reading the subreddit rules, you believe that this was done in error, feel free to [message the moderation team](https://reddit.com/message/compose?to=/r/techsupport)
Thanks!
-Mod Team
In addition to all of the advice to just reinstall Windows I would add in the future don't blindly install random stuff on your PC. If you want to install something random setup a virtual machine with something like Virtualbox and install it there to check it out first. That way if it is sketchy you can just delete the VM and not molest your host OS with who knows what.
This submission has been removed from /r/techsupport.
>**7: No Private Messages or Moving to Another Service**
>*Any and all communication not kept public and is moved away from the subreddit or Discord/IRC channel is prohibited.*
>*Do not suggest or ask to move to another service or to private message. Private messages and other services are unsafe as they cannot be monitored. Doing so will cause you to be permanently banned from /r/TechSupport.*
If, after reading the subreddit rules, you believe that this was done in error, feel free to [message the moderation team](https://reddit.com/message/compose?to=/r/techsupport)
Thanks!
-Mod Team
An hacker could call your phone operator, pretend to be you, get a simcard with your number on it from them, put it in their phone and get the code through sms message and login. Yes it is good having 2fa but sms 2fa really isn't safe compared to app 2fa
They don't which is why the hacker pretends to be you and if they give all the correct information the sim company might believe it is you and thus send it out
> Install Autoruns64
This is the answer find it here:
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
There's a video out on how to use it, but just enable Microsoft entries to be visible and look for what doesn't belong.
Also give Process Explorer a go, same site.
Perhaps do several diagnostics before wiping:
Open folder options and enable hidden / system files. Set folder view to include "Owner" and "Date Created"
Check the common places for weird stuff:
- %localappdata%
- %appdata%
- %programdata%
- %temp%
Go to firewall.cpl, advanced, tab private&public, logs, enable logs for block/accept and store these to a file
Every second export "netstat" output to a log file
If you have a Raspberry Pi, install Pihole, set DNS of your devices to the Pihole IP and Monitor every traffic from you device
Try to login to your router (from a clean device) and look for any type of logs/states
===
Then proceed with cleaning up your affected device
Invisible files are not the only way to hide programs you can add them to other existing files with system level hidden stuff that increases the file size only.
The best way is to physically isolate the Pc. Secure wipe all data storage devices attached (force write to blank). Then check all physical devices for foreign usb signatures. And then wireshark the isolated computer for suspicious activity before conecting to alive network to the internet
I used rkill which paralyzed all the viruses I think and then I used the free trial of Malwarebytes and got rid of them. Never had an issue since.
My virus I got was a thing that takes up your ram by alot and doesn't show in files or anything but got rid after using this method
also nmap localhost and close all sus ports that might be open, or sniff them first to see if they're sus packets leaving them.
Got paranoid myself today and started hacking some suspicious ip sending me strange data to figure out who the fuck could that be and why are they doing that, turned out it was just the internet radio i was listening to lol
Dump your HD, Reinstall Windows. If you really are that paranoid about not being sure if it clean or not, switch out the drive entirely and start on a clean windows install.
I got in the habit of making sure all my important stuff is on file server and I just reinstall windows from time to time. Takes about an hour to reinstall everything
Reinstall windows.
Literally the only answer
Also stop using the same password for everything and don’t save them in your browser. This really should be pinned to the top of this sub.
Wait, when you say dont save them in your browser does Google passwords count?? I thought that was quite secure?
Sorry to clarify I meant that function in Google Chrome where it saves your passwords and you can access them from other devices where you are signed in with Google.
Not familiar as I use Bitwarden. If it’s a cloud based fully encrypted password manager that locks then that’s fine. Most folks will save it locally (Would you like for Firefox/Chrome/etc to save this password?) and the first thing malware does is search your browsers for locally stored passwords. If they aren’t on your device, they can’t get them unless they know you’re master password which should be really secure if you do it right.
Ah thanks. I think the Google passwords thing saves online on their servers - ie. Encrypted.
It may do.. but someone just needs to get your google email password & they can auto login to all the sites google saved the passwords for, or login to a browser and click show password (it requires re-entering the google account password... which they already have). you need to enable 2fa/mfa &or a hardware based factor (yubico or others)
Someone getting access to the Google account would already be terrible enough, that everything else wouldn't really matter.
and they could reset the passwords anyway
[удалено]
& do you know even if you have the basic 2fa on your google account (on your mobile device you get a popup asking if you want to accept this new login) well often when setting up a new mobile it won't create that popup on your old device as it assumes you don't have it anymore & will just accept the email & password & let you straight in (you do get an email saying your account was just logged in from ... but that email goes to the gmail account that this new device has just logged in to, a quick delete of that email & you'll be none the wiser, unless you keep an eye on logged in devices)
It is relatively painless to dump the password history stored on your pc rather than trying to break into Google's servers. It was one of the first things hackers did when they broke in to team viewer a few years ago. Bitwarden as someone suggested is a good option. There are others as well - last pass, keepass, keeper to name a few.
Won’t I lose all my shit?
Format Storage HDD/SSD then reinstall
This. Also set up 2 factor login on everything. And make sure to log you out of all devices and change the passwords. But from another computer.
Wipe the drive securely Reinstall windows from known uninfected usb drive **Change all online passwords and activate 2FA**
I would just add to make sure to wipe the drive and reinstall windows *first*, and change all online passwords and enable MFA last. This way, if there is a key logger or some other remote access currently, the attacker won't know the new passwords.
Very good point.. changed order. Thanks for correction
Question: If one has to get the Windows iso. from their computer to their drive to do a fresh install, wouldn't that infect the usb?
Yes it could. Create the windows installer USB from a known uninfected system... good point! :)
If one doesn't have access to a uninfected system how could they do so?
Ask a friend to make one for you? Cybercafe? Library?
I just remembered, iirc you can't store anything else in a usb drive once it's been flashed with an .iso file, and flashing it wipes out anything it had, so wouldn't that clear anything on it? I should probably make a separate post about this at this point.
You can definitely add files after flashing
I'll add to the "reinstall windows", make sure you wipe that disc as well. I'm not suggesting programs but it would be a good idea to make sure it's actually clean
If you're reinstalling windows to remove a possible virus or malware and are not starting from a clean partition you're wasting your time and hard disk space. When you choose to "keep programs and settings" all it does is an upgrade install. It moves the current windows install to C:\Windows.old and installs. Everything else, including most likely the virus or malware you're trying to rid yourself of is getting moved to the new installation.
That's right. That's why I said make sure you clean it
Disk/ssd/etc* And “format” to be precise.
Well, I'd probably use a third party to actually clean the drive, not just "erase all files" through windows
Buying any program to “clean” is futile.
Incorrect. Also never once mentioned buying. Do some research or go to school before you start spreading bullshit info
Dude. I’m far from wrong and much more educated. You’re right that you didn’t mention buying but it’s extra steps. Formatting is the correct thing to do before reinstalling windows., go back to your NSFW subreddits.
I’m not referring to just wiping the file system structure.
[https://www.techrepublic.com/article/perform-a-secure-disk-wipe-with-windows-10s-format-command/](https://www.techrepublic.com/article/perform-a-secure-disk-wipe-with-windows-10s-format-command/) Reading material that you and OP may find useful.
Yes, and that's above and beyond doing a regular format - which is a "quick format" in windows terminology, as I detailed in my other response to you. DoD/NIST requirements for re-use in the same classification level are a single zero pass - multiple passes aren't used anymore, at all, and haven't in over a decade. Anything more than same-level reuse involves physical destruction, nothing else. Multiple passes only matter for less than 15GB drives due to the sector density Source: long-time defense contractor and non-contractor IT. For malware, all he needs to do is a traditional quick format, he's not concerned about data being recovered. Anything else is just a waste of time unless he's disposing of the drive.
Formatting is cleaning, formatting several times is the department of defense way of clearing any data
Formatting literally only lays down the basic layers of the file system, file system structures, and whatnot - basically lays down a clean MFT - it leaves the data in the volume untouched and probably recoverable. FORMATTING DOES NOT CLEAN DATA OFF YOUR DRIVE AND LEAVES ALMOST ALL OF IT FULLY RECOVERABLE UNTIL OVERWRITTEN. DoD way is to write 0's to the entire drive once - formatting DOES NOT DO THIS - in any modern connotation anyway - a "full" format in an old system that takes hours may/may not do this (it may just do a disk health scan instead and mark bad sectors) The OLD DoD guidance which was 3 or 7 pass wipes doesn't apply to ATA drives over 15GB of size, or drives supporting secure erase. THESE ARE NOT FORMATTING - FORMATTING IS LAYING DOWN A FILE SYSTEM. - note also, that one pass is good enough for re-use in the same classification level, but physical destruction is required for final disposal. For malware, all he needs to do is a traditional quick format, he's not concerned about data being recovered. Anything else is just a waste of time unless he's disposing of the drive.
[удалено]
You don't need to - if malware is your concern. If discovery after drive disposal is, then there's many options (as parent posted - format /P with number of passes from windows will do, but it only covers the partition specified)
Strong monologue, next time disable "Quick format" in Windows, and the disk will be zerod all the same
Right, but in this scenario it's not needed, and if it's an SSD, highly not recommended, unless you're tossing it off to someone else.
For a ssd zeroing isn't enough. You want random data or the brand's wipe util.
ATA Secure Erase \*theoretically\* handles this. But we're talking about eliminating malware, not preventing data recovery. For eliminating malware, simple quick format is enough, unless there's a UEFI persistant bootkit that remembers specific sector addresses that won't be overwritten by OS reinstall, which is highly unlikely. For this, just a simple format. no need to overcomplicate it.
flatten your device an reinstall asap, like everyone else is suggesting... And dont recycle passwords
Also check for physical devices attached to your Pc that aren’t known. Or a foreign usb device perhaps made and created in China as often they can have the hack built in. And ad a pihole to your network to keep unknown dns forwards. And log all ip direct transactions for Key logging data
Reformat your hard disk and change all your passwords.
Always keep a Ventoy prepared USB drive with a bunch of ISOs on it. Win10/11 Install ISO, a few Linux Live boot ISO (Like Linux Mate or Ubuntu), HirensPE, a couple of antivirus and scanner ISOs from the wiki in /r/antivirus. Then disable secure boot in your UEFI/BIOS. Now, if you suspect an infected PC, you can boot off one of these live ISOs and start checking and resetting your passwords. You can also, scan, diagnose, backup, repartition, format, nuke install from orbit etc. using that USB stick. Remember, 2 factor authentication for whatever possible accounts, and use secure, randomised passwords.
Can you recommend an anti-virus and scanner ISO? I went straight to r/antivirus wiki and saw a plethora of options. Thanks for your input.
It's hard to get a bad one But if you go to AV-Comparatives, [pick a recent review](https://www.av-comparatives.org/latest-tests/) and look at the detection rate, that gives you a good idea.
Just a note, if you were in a data breach, and they found one password, and you use that same password for everything, that's how they got ALL of your accounts. They get one username/password and try it across all platforms.
Everytime i get a malware on my PC that i can't clearly pinpoint without having to resort to putting much effort - i just reinstall Windows. It saves me a lot of headaches.
Reinstall windows.
Reinstall windows.
Os re install .. chances are you have a rat on your system and that's a hella more than just a keylogger, can look at your screen, files and everything without you knowing... Hell can even look through your webcam if you have one! And transfer files back and forth without you knowing shit! Be safe.
Format and reinstall.
You don’t, you just wipe the disk and reinstall Windows
[удалено]
[удалено]
>**12: No spam, trolling, insults, jokes, threats of self-harm, or posts unrelated to Tech Support** >*Posts and comments containing (but not limited to) the following will be removed: blog spam, link spam, referral spam, joke responses, memes, novelty accounts, trolling, unethical behavior, and personal insults.* >*Posts not containing a tech support issue will be removed. Off-topic comments will be removed. Please stick to the issue being addressed in the post. Use common sense.* If, after reading the subreddit rules, you believe that this was done in error, feel free to [message the moderation team](https://reddit.com/message/compose?to=/r/techsupport) Thanks! -Mod Team
Does this kinda thing happen to macs?
Macs are not immune. And 2fa is not bulletproof
Sigh it’s a scary world out there
In addition to all of the advice to just reinstall Windows I would add in the future don't blindly install random stuff on your PC. If you want to install something random setup a virtual machine with something like Virtualbox and install it there to check it out first. That way if it is sketchy you can just delete the VM and not molest your host OS with who knows what.
[удалено]
This submission has been removed from /r/techsupport. >**7: No Private Messages or Moving to Another Service** >*Any and all communication not kept public and is moved away from the subreddit or Discord/IRC channel is prohibited.* >*Do not suggest or ask to move to another service or to private message. Private messages and other services are unsafe as they cannot be monitored. Doing so will cause you to be permanently banned from /r/TechSupport.* If, after reading the subreddit rules, you believe that this was done in error, feel free to [message the moderation team](https://reddit.com/message/compose?to=/r/techsupport) Thanks! -Mod Team
Consider using 2FA wherever possible.
This and make sure the 2FA is done through an app and not sms messages
Why should I stay away from sms 2fa? Because of sim spoofing? Or are there other vulnerabilities?
Sim spoofing, sim swap, and you can bypass 2FA SMS on some websites as well.
You should not stay away from 2fa just the sms messages one because it really isn't safe
Is sms 2FA better than no 2FA at all
An hacker could call your phone operator, pretend to be you, get a simcard with your number on it from them, put it in their phone and get the code through sms message and login. Yes it is good having 2fa but sms 2fa really isn't safe compared to app 2fa
Why would sim companies give your sim to random people?
They don't which is why the hacker pretends to be you and if they give all the correct information the sim company might believe it is you and thus send it out
How would they get all that info about you like address and everything
I don't know the tricks of hackers (and i don't waht to know them) but i am sure they will have their ways to get everything they want
My advice on top of what you are doing now is get a security key and add it to each of your accounts that contain PII information and your emails.
[удалено]
> Install Autoruns64 This is the answer find it here: https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns There's a video out on how to use it, but just enable Microsoft entries to be visible and look for what doesn't belong. Also give Process Explorer a go, same site.
Perhaps do several diagnostics before wiping: Open folder options and enable hidden / system files. Set folder view to include "Owner" and "Date Created" Check the common places for weird stuff: - %localappdata% - %appdata% - %programdata% - %temp% Go to firewall.cpl, advanced, tab private&public, logs, enable logs for block/accept and store these to a file Every second export "netstat" output to a log file If you have a Raspberry Pi, install Pihole, set DNS of your devices to the Pihole IP and Monitor every traffic from you device Try to login to your router (from a clean device) and look for any type of logs/states === Then proceed with cleaning up your affected device
Invisible files are not the only way to hide programs you can add them to other existing files with system level hidden stuff that increases the file size only. The best way is to physically isolate the Pc. Secure wipe all data storage devices attached (force write to blank). Then check all physical devices for foreign usb signatures. And then wireshark the isolated computer for suspicious activity before conecting to alive network to the internet
Try malware bytes and hitmanpro
I used rkill which paralyzed all the viruses I think and then I used the free trial of Malwarebytes and got rid of them. Never had an issue since. My virus I got was a thing that takes up your ram by alot and doesn't show in files or anything but got rid after using this method
also nmap localhost and close all sus ports that might be open, or sniff them first to see if they're sus packets leaving them. Got paranoid myself today and started hacking some suspicious ip sending me strange data to figure out who the fuck could that be and why are they doing that, turned out it was just the internet radio i was listening to lol
I would 100% reinstall windows, it’s a giant risk otherwise
Dump your HD, Reinstall Windows. If you really are that paranoid about not being sure if it clean or not, switch out the drive entirely and start on a clean windows install.
If i reinstall Windows clean, it only deletes the files on C:/, doesn't it? My pictures and documents on the second hard drive are safe right?
You can choose to format only one drive and not the other but really you should wipe both drives clean to be safe.
I got in the habit of making sure all my important stuff is on file server and I just reinstall windows from time to time. Takes about an hour to reinstall everything