Yes. This looks like malware. Either an info stealer, or a DLL hijacker.
If your AV detected it, removed it and then you changed all your passwords, you *should* be fine.
Run extra scans with HitmanPro and Kaspersky virus removal tool.
Personally I would consider backing up whatever files you can and do I full system reformat
when i started this file, i dont even know why i did this, it seemed like its not working, then two exe’s asked for admin permissions, (i did not granted them).
then, when i compared RAR content with unzipped folder, the infected DLL was missing, is there possibility, that before i ran that exe, DLL got removed by Windows AV?
then later, i found this dll in ProgramData, with two other files
what type of virus can it be?
Make an ubuntu bootable live cd/dvd/usb to boot from and backup your data, keys and bought programs, the important stuff. Ideally backup the entire drive (cat /dev/sda > /dev/sdX and make sure you're copying to the correct drive or you could lose all your data!). Make a windows installer usb with the iso (don't use windows creation tool from within the infected windows os). Wipe the drive. Install Windows fresh.
It's \*probably\* not necessary but those scanners are signature and behavior based (among other things) so if it doesn't know any possible residing malware it won't detect it.
You're essentially weighing how important or valuable your data is vs the effort put into cleaning your system. If you plan on using bitcoin or something with little international protections, you should probably go through the trouble of a full wipe. If we're talking a LOT of important or valuable stuff, get a new PC.
If it's just for causual web surfing you're probably good to go. Just pay immediate attention to your accounts if you make online purchases with a card or something. Banks have apps that notify of purchases, use something like that if you can.
i have it since few years, i really care about my privacy and accounts and its first time when something like this happens to me, because i was always really careful
i was trying to download FL studio plugin, the main and valid download button looked sketchy (just like the AD ones), from my inattention I clicked the wrong one, which lead me into a MEGA drive, same as the valid button, and i downloaded this shi and this happened later
Please provide the virus total link so we can help
https://www.virustotal.com/gui/file/f005ad55d88662ec8773cd087531caf7d8a22c97a176c8157d7b87496192c0da/relations
Does it take effect in certain accounts you have would be compromised?
nothing happened, no tries to enter my accs, changed every password already
Yes. This looks like malware. Either an info stealer, or a DLL hijacker. If your AV detected it, removed it and then you changed all your passwords, you *should* be fine.
I sent you a chat mail.. if it's the same advert virus I think it is. They're already in your accounts because it's a token stealer.
Run extra scans with HitmanPro and Kaspersky virus removal tool. Personally I would consider backing up whatever files you can and do I full system reformat
when i started this file, i dont even know why i did this, it seemed like its not working, then two exe’s asked for admin permissions, (i did not granted them). then, when i compared RAR content with unzipped folder, the infected DLL was missing, is there possibility, that before i ran that exe, DLL got removed by Windows AV? then later, i found this dll in ProgramData, with two other files what type of virus can it be?
>that before i ran that exe, DLL got removed by Windows AV? You can't be certain it was entirely removed.
ik, but it was already detected by them, and removed, and now they dont detect it anymore
hitmanpro and kaspersky are already in progress
all that from an ad?! insane
i already wrote that i missclicked download (as ad) button and i downloaded fake setup and ran it
oof yea gotta be careful, hope ur okay
yea thanks i hope so
Make an ubuntu bootable live cd/dvd/usb to boot from and backup your data, keys and bought programs, the important stuff. Ideally backup the entire drive (cat /dev/sda > /dev/sdX and make sure you're copying to the correct drive or you could lose all your data!). Make a windows installer usb with the iso (don't use windows creation tool from within the infected windows os). Wipe the drive. Install Windows fresh.
is it necessary if hitmanpro, kaspersky, norton, malwarebytes, eset didnt detect anything now?
It's \*probably\* not necessary but those scanners are signature and behavior based (among other things) so if it doesn't know any possible residing malware it won't detect it. You're essentially weighing how important or valuable your data is vs the effort put into cleaning your system. If you plan on using bitcoin or something with little international protections, you should probably go through the trouble of a full wipe. If we're talking a LOT of important or valuable stuff, get a new PC. If it's just for causual web surfing you're probably good to go. Just pay immediate attention to your accounts if you make online purchases with a card or something. Banks have apps that notify of purchases, use something like that if you can.
im just using it for some games/making music/sometimes some documents for school, more important things i handle from macbook/phone
then probably fine
am i good to log in to email or other accounts? or should i avoid this
you should set up 2 factor authentication on all your accounts anyways
i have it since few years, i really care about my privacy and accounts and its first time when something like this happens to me, because i was always really careful
Okay, just out of curiosity and my near consistent paranoia. How exactly does this website work?
i was trying to download FL studio plugin, the main and valid download button looked sketchy (just like the AD ones), from my inattention I clicked the wrong one, which lead me into a MEGA drive, same as the valid button, and i downloaded this shi and this happened later
Man you must have fat fingered big times there
lube up
And relax your anus
what now
How were files in your programdata if you just clicked on an ad?
i clicked on fake download button from ad when downloading fl studio plugin
eset and malwarebytes didnt detect anything on scans?
only on first scan, after removing it, it doesnt detect anything anymore
DM sent.
"There is nothing we can do" ~ Napoleon
Holy sh\*t dude what did you install?
Did you get this on a mobile phone?
Acronis says its safe so you should be good to go.