Question exe file ruined my desktop

[Yasser85]

please don't judge my stupid ignorant old stupidity ... it's almost 6am and i can't sleep cause i am terrified of what i just did

i clicked run as admin on a sketchy exe that i downloaded from a link

once i saw some windows pop i tried as fast i could to disable my connection to the internet but i wasn't fast enough
ran scans on malwarebytes, found threats and restarted to fix.. once i connected back to the internet.. the threats showed up again ..
disconnected my pc ran a scanall clear, connected to reinstalled chrome, run a scan.. all clear.. then decided to scan again and threats showed up again
now my desktop isn't connected to the internet and i don't know how to stop what seems to be a script that regenerates whenever i connect to the internet.

i again am ignorant i don't know if it's a script or what is a script i just feel like those powershell windows popping up means i executed a serier of tasks that keep infecting my device

i am afraid to even use a flash drive to copy and paste the malwarebytes report to this laptop- but if it's required i guess i'll have to

detected items were
- malware.Sandbox.1
there's 5 of those. 2 are files and 3 are Reg_key
- Trojan.SmokeLoader
5 more of those, 2 are files and 3 are Reg_Key

that's the latest result that i disconnected once i saw the first file detected show during scan ..

earlier scans show additional threats to what i mentioned earlier
PUP.Optional.ForcedExtension
Malware.Heuristic.1001
Malware.Heuristic.1004

please help

 

[DSzymborski]

At this point, the only dependable option is to completely format the drive.

 

[Yasser85]

so i lose everything on the ssd where windows is installed but the other hdd is fine, right?

 

[DSzymborski]

so i lose everything on the ssd where windows is installed but the other hdd is fine, right?

Unless the virus is also present there, yes.

Make sure the HDD is disconnected while your wipe the SSD and reinstall Windows.

Now, if it turns out it's present on the HDD, you'll have to wipe that too and restore any lost data from your backups.

 

[Yasser85]

ok, i'll look up how to do that .. and thanks.. if you have any links to help i would appreciate it

 

[DSzymborski]

ok, i'll look up how to do that .. and thanks.. if you have any links to help i would appreciate it

Not much to do. Just a basic Windows install while removing the existing partition.

https://www.techradar.com/how-to/how-to-perform-a-clean-install-of-windows-10

 

[Yasser85]

that was quick.. i forgot how fast installing windows on SSD is.. thank god for SSDs
and RIP my C: files .. thanks for your help .. now can i just sleep or should i still be worried about passwords or idk what else..

 

[DSzymborski]

that was quick.. i forgot how fast installing windows on SSD is.. thank god for SSDs
and RIP my C: files .. thanks for your help .. now can i just sleep or should i still be worried about passwords or idk what else..

I would probably change my passwords for safety reasons. It's good to do that once in a while anyway.

 

[Nuwan Fernando]

Do a sweep for viruses using KVRT to check your Hard disk. Before scan go to options and select all the drives. Then there's a better chance that you are clear.

 

[Yasser85]

Do a sweep for viruses using KVRT to check your Hard disk. Before scan go to options and select all the drives. Then there's a better chance that you are clear.

i already did a clean windows installation i wish you saw my post sooner

 

[Deleted member 14196]

no need for anything of the kind, you did the right thing wiping and installing. you can't ever trust any antivirus to totally clean it for you.

if you knew it was a potentially dodgy exe, why on earth would you ever run as admin? you really did this one to yourself and no amount of antivirus can stop you at that point

don't do that anymore, have an image backup that's verified good BEFORE doing stuff like that at least.

 

[DSzymborski]

i already did a clean windows installation i wish you saw my post sooner

I'd still recommend the wipe. When a virus isn't one that's easy to remove, it's best to just make good and sure.

 

[Yasser85]

it's not over yet.. my facebook account was hijacked..
Device:iPadIP
address:47.158.23.208
Estimated location:Indio, CALIFORNIA, US
i'm assuming it's a vpn server

then i remembered seeing forced browser extension in the list of threats
now i think whoever did this have access to all my passwords saved on my chrome

i cleared passwords from chrome settings, security and privacy, clear browsing data, passwords.. but they probably already got them so i'm squeezing my brain to remember all the accounts i used and changing the passwords

anything else i can do?

i already scanned my pc like 15 times since i noticed this 5 hours ago and it's clear so my pc seems to be safe for now but my data isn't?

 

[Yasser85]

no need for anything of the kind, you did the right thing wiping and installing. you can't ever trust any antivirus to totally clean it for you.

if you knew it was a potentially dodgy exe, why on earth would you ever run as admin? you really did this one to yourself and no amount of antivirus can stop you at that point

don't do that anymore, have an image backup that's verified good BEFORE doing stuff like that at least.

thank you for your help.

 

[Nuwan Fernando]

i already did a clean windows installation i wish you saw my post sooner

Yes. You cleaned your C drive. What about the other hard disk?

 

[Yasser85]

i formatted my SSD and clean windows installation
HDD doesn't seem infected with anything..

my FB account was stolen and just got it back, i also believe he had access to my email
i did change the password of all accounts i can remember but i believe my PC is currently clean but he already got all the passwords from google chrome passwords
i can currently see he's trying to get access to my email .. my cellphone is being spammed with text messages from microsoft with login codes
and those are showing up in my activity as Unsuccessful sync

IMAP 60.20.198.83 China
IMAP 69.167.22.53 USA
IMAP 69.167.17.93 USA
IMAP 113.226.102.86 China
IMAP 113.226.105.140 China
IMAP 218.5.24.229 China
IMAP 240e:378:c01:3021:28ee:1e66:27b5:9895 Not available

anything i can do with this information?
does that mean i need to stop using google chrome?

 

[Deleted member 14196]

I would get the authorities involved because this is illegal activity also make sure you turn on two factor authentication on everything

If you live in the United States get the FBI involved and report it and send that prove to them let them investigate it

 

[Yasser85]

unfortunately i am not in the USA. I live in Egypt and none of the ISP nor "authorities" here care about such activities.