[SOLVED] amazon scam question

[hanger644]

Amazon Locked scam question

I recently accidentally clicked on a Amazon scam email that claimed that I was locked out of my account. Upon later inspection I realized that the message claimed to need my account info, and credit card info; but at the time i had been too hasty. however the link took me to a “page could not be found” page. needless to say i did not input my info.

I have norton installed on my system which did not notify me of any downloads as this happened.

I promptly changed all my passwords associated with that email, even my amazon account.

since then I have run rigorous anti virus scans, and I even sent in my PC to be scanned by professionals, none of which found any sign of malware of any kind.

Furthermore, I scanned the scam link URL on the norton and Google URL scanner, all of which said it was safe.

However I am still suspicious that I might have something like a rootkit that is somehow remaining undetected.

my main question is, could i have gotten malware, having not even able to visit the site I was linked to? (i was brought to a “page could not be found” sign)

second question is whether Norton would have notified me if malware was being installed by saying something like “this is not safe to download” or if the malware could have bypassed that.

Also is it possible any malware or rootkit could have survived this amount of scanning?

I appreciate the help. sorry for the long message.

 

[Darkbreeze]

Most likely, if scans were clean, then you are fine. If you are still in doubt, then run a second opinion scanner like these:

Second opinion tools

A second opinion scanner is exactly what it sounds like, a malware tool that offers additional malware detection and removal capability. Just as it's a good idea to get the opinion of a second physician or medical specialist when you've been given a clean bill of health, but are still sure that something isn't right, so it is with virus and malware infections.

There are many, many instances where traditional scanning utilities are spoofed or simply aren't defined for searching out specific lesser known or as yet uncommon infections, or in some cases, simply bits and pieces that are still a danger to your system but do not fit the pattern criteria targeted by your standard protections. Running one or all of these after traditional scans is simply a good practice, especially if your system still seems to be exhibiting signs of abnormal behavior.


Before running the second opinion tools it's highly recommended that you reboot the system, and again boot into the Safe mode environment so that changes made by your Antivirus and Malware utilities can take affect.



Recommended Second opinion tools

*Hitman Pro

*TDSSKiller Rootkit tool

*Rogue Killer


And if after doing that, or for any reason, you believe you still might have something lurking somewhere hidden, then just do a clean install of Windows. It's the ONLY way to REALLY be sure if have had an infection previously and isn't a terrible idea to do periodically anyhow.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

 

[hanger644]

Most likely, if scans were clean, then you are fine. If you are still in doubt, then run a second opinion scanner like these:

Second opinion tools

A second opinion scanner is exactly what it sounds like, a malware tool that offers additional malware detection and removal capability. Just as it's a good idea to get the opinion of a second physician or medical specialist when you've been given a clean bill of health, but are still sure that something isn't right, so it is with virus and malware infections.

There are many, many instances where traditional scanning utilities are spoofed or simply aren't defined for searching out specific lesser known or as yet uncommon infections, or in some cases, simply bits and pieces that are still a danger to your system but do not fit the pattern criteria targeted by your standard protections. Running one or all of these after traditional scans is simply a good practice, especially if your system still seems to be exhibiting signs of abnormal behavior.


Before running the second opinion tools it's highly recommended that you reboot the system, and again boot into the Safe mode environment so that changes made by your Antivirus and Malware utilities can take affect.



Recommended Second opinion tools

*Hitman Pro

*TDSSKiller Rootkit tool

*Rogue Killer


And if after doing that, or for any reason, you believe you still might have something lurking somewhere hidden, then just do a clean install of Windows. It's the ONLY way to REALLY be sure if have had an infection previously and isn't a terrible idea to do periodically anyhow.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

I already ran some similar ones. my concern is that malware such as a rootkit could be evading the scans.

 

[Darkbreeze]

Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.

 

[hanger644]

Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.

thanks a lot!

 

[Darkbreeze]

👍

 

[Secret-Squirrel]

...............................however the link took me to a “page could not be found” page. needless to say i did not input my info.......................

In that case I'm certain you're going to be fine.

.........my main question is, could i have gotten malware, having not even able to visit the site I was linked to? (i was brought to a “page could not be found” sign)

You clicked on a dead link so there was never any risk.

 

[Darkbreeze]

In that case I'm certain you're going to be fine.



You clicked on a dead link so there was never any risk.

None of that is "necessarily" true. Often, malicious content will use methods like SEEMINGLY dead links, to make you think nothing has happened. To instill a false sense of security. That's not to say that it wasn't a dead link, but I wouldn't ever assume anything abnormal is "ok" without having done the legwork to verify it.

 

[hanger644]

Standard malware scanners scan for rootkits these days AND second opinion scanners such as TDSS rootkit killer SPECIFICALLY exist for this purpose. It would be nearly impossible for any known rootkit to evade detection from those three utilities, and there is nothing I know of that could evade detection by ALL THREE, but if you are still in fear, then doing a clean install including the deletion of ALL partitions on the drive, so that there CAN'T be anywhere for anything to hide, would be your only other alternative if you want to be absolutely 200% certain.

@Darkbreeze i ran all 3 of those scans you told me about and on the hitman pro one it found 2 “suspicious” files. i had the option to delete them so i did. i was prompted to reboot to put the changes into effect but when i did my pc blue screened with a message that said “kernel security check failure.” upon restarting i ran the hitman pro scan again which said i was clean.

as a note, the other scans said I was clean too. I am planning on clearing all the partitions of the drive and doing a clean reinstall.

is that a good plan of action?

also, if I have multiple disk drives do I need to clear all those too?

Edit: the two suspicious files that were found were called “PnkBstrK.sys” and “pbcl.dll”

 

[Darkbreeze]

Do you have, or have you ever, had Punkbuster services, Far cry 2 or Call of duty 2 installed on this system?

The chances are very good that neither of those are malicious, and are normally present if any of those games or service was ever installed.

Honestly, if that's all that those scans came up with, I'd say you're clean.

 

[hanger644]

Do you have, or have you ever, had Punkbuster services, Far cry 2 or Call of duty 2 installed on this system?

The chances are very good that neither of those are malicious, and are normally present if any of those games or service was ever installed.

Honestly, if that's all that those scans came up with, I'd say you're clean.

i had far cry 3 installed at one point

 

[Darkbreeze]

Then that is where pbcl.dll came from. PnkBstrK.sys is likely part of Punkbuster, which might be installed by several games including some of the Battlefield games, and is a cheat detect. As with any file, it could be compromised, but most likely it is not and is only present because of it's relationship with an installed game or previously installed game.