Question amazon scam question

Sep 29, 2020
11
0
10
0
Amazon Locked scam question

I recently accidentally clicked on a Amazon scam email that claimed that I was locked out of my account. Upon later inspection I realized that the message claimed to need my account info, and credit card info; but at the time i had been too hasty. however the link took me to a “page could not be found” page. needless to say i did not input my info.

I have norton installed on my system which did not notify me of any downloads as this happened.

I promptly changed all my passwords associated with that email, even my amazon account.

since then I have run rigorous anti virus scans, and I even sent in my PC to be scanned by professionals, none of which found any sign of malware of any kind.

Furthermore, I scanned the scam link URL on the norton and Google URL scanner, all of which said it was safe.

However I am still suspicious that I might have something like a rootkit that is somehow remaining undetected.

my main question is, could i have gotten malware, having not even able to visit the site I was linked to? (i was brought to a “page could not be found” sign)

second question is whether Norton would have notified me if malware was being installed by saying something like “this is not safe to download” or if the malware could have bypassed that.

Also is it possible any malware or rootkit could have survived this amount of scanning?

I appreciate the help. sorry for the long message.
 

Darkbreeze

Retired Mod
Most likely, if scans were clean, then you are fine. If you are still in doubt, then run a second opinion scanner like these:

Second opinion tools



A second opinion scanner is exactly what it sounds like, a malware tool that offers additional malware detection and removal capability. Just as it's a good idea to get the opinion of a second physician or medical specialist when you've been given a clean bill of health, but are still sure that something isn't right, so it is with virus and malware infections.

There are many, many instances where traditional scanning utilities are spoofed or simply aren't defined for searching out specific lesser known or as yet uncommon infections, or in some cases, simply bits and pieces that are still a danger to your system but do not fit the pattern criteria targeted by your standard protections. Running one or all of these after traditional scans is simply a good practice, especially if your system still seems to be exhibiting signs of abnormal behavior.


Before running the second opinion tools it's highly recommended that you reboot the system, and again boot into the Safe mode environment so that changes made by your Antivirus and Malware utilities can take affect.




Recommended Second opinion tools

*Hitman Pro

*TDSSKiller Rootkit tool

*Rogue Killer


And if after doing that, or for any reason, you believe you still might have something lurking somewhere hidden, then just do a clean install of Windows. It's the ONLY way to REALLY be sure if have had an infection previously and isn't a terrible idea to do periodically anyhow.

 
Sep 29, 2020
11
0
10
0
Most likely, if scans were clean, then you are fine. If you are still in doubt, then run a second opinion scanner like these:

Second opinion tools



A second opinion scanner is exactly what it sounds like, a malware tool that offers additional malware detection and removal capability. Just as it's a good idea to get the opinion of a second physician or medical specialist when you've been given a clean bill of health, but are still sure that something isn't right, so it is with virus and malware infections.

There are many, many instances where traditional scanning utilities are spoofed or simply aren't defined for searching out specific lesser known or as yet uncommon infections, or in some cases, simply bits and pieces that are still a danger to your system but do not fit the pattern criteria targeted by your standard protections. Running one or all of these after traditional scans is simply a good practice, especially if your system still seems to be exhibiting signs of abnormal behavior.


Before running the second opinion tools it's highly recommended that you reboot the system, and again boot into the Safe mode environment so that changes made by your Antivirus and Malware utilities can take affect.




Recommended Second opinion tools

*Hitman Pro

*TDSSKiller Rootkit tool

*Rogue Killer


And if after doing that, or for any reason, you believe you still might have something lurking somewhere hidden, then just do a clean install of Windows. It's the ONLY way to REALLY be sure if have had an infection previously and isn't a terrible idea to do periodically anyhow.

I already ran some similar ones. my concern is that malware such as a rootkit could be evading the scans.
 

Darkbreeze

Retired Mod
Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.
 
Sep 29, 2020
11
0
10
0
Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.
thanks a lot!
 
Sep 12, 2020
49
12
45
1
...............................however the link took me to a “page could not be found” page. needless to say i did not input my info.......................

In that case I'm certain you're going to be fine.

.........my main question is, could i have gotten malware, having not even able to visit the site I was linked to? (i was brought to a “page could not be found” sign)
You clicked on a dead link so there was never any risk.
 
Reactions: hanger644

Darkbreeze

Retired Mod
In that case I'm certain you're going to be fine.



You clicked on a dead link so there was never any risk.
None of that is "necessarily" true. Often, malicious content will use methods like SEEMINGLY dead links, to make you think nothing has happened. To instill a false sense of security. That's not to say that it wasn't a dead link, but I wouldn't ever assume anything abnormal is "ok" without having done the legwork to verify it.
 
Reactions: hanger644
Sep 29, 2020
11
0
10
0
Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.
@Darkbreeze i ran all 3 of those scans you told me about and on the hitman pro one it found 2 “suspicious” files. i had the option to delete them so i did. i was prompted to reboot to put the changes into effect but when i did my pc blue screened with a message that said “kernel security check failure.” upon restarting i ran the hitman pro scan again which said i was clean.

as a note, the other scans said I was clean too. I am planning on clearing all the partitions of the drive and doing a clean reinstall.

is that a good plan of action?

also, if I have multiple disk drives do I need to clear all those too?

Edit: the two suspicious files that were found were called “PnkBstrK.sys” and “pbcl.dll”
 
Last edited:

Darkbreeze

Retired Mod
Do you have, or have you ever, had Punkbuster services, Far cry 2 or Call of duty 2 installed on this system?

The chances are very good that neither of those are malicious, and are normally present if any of those games or service was ever installed.

Honestly, if that's all that those scans came up with, I'd say you're clean.
 
Sep 29, 2020
11
0
10
0
Do you have, or have you ever, had Punkbuster services, Far cry 2 or Call of duty 2 installed on this system?

The chances are very good that neither of those are malicious, and are normally present if any of those games or service was ever installed.

Honestly, if that's all that those scans came up with, I'd say you're clean.
i had far cry 3 installed at one point
 

Darkbreeze

Retired Mod
Then that is where pbcl.dll came from. PnkBstrK.sys is likely part of Punkbuster, which might be installed by several games including some of the Battlefield games, and is a cheat detect. As with any file, it could be compromised, but most likely it is not and is only present because of it's relationship with an installed game or previously installed game.
 
Reactions: hanger644

ASK THE COMMUNITY