Long text ahead. tldr at the bottom.
I use an ASUS F555U laptop with windows 10, the first time it was reset was at sept 2020. I configured it and all and installed chrome as my main browser and used my 2 main google email accounts (consider them email x and email y). note: I never installed any AV, only defender was on its own.
Everything went fine, till sometime after 1st Jan 2021, Windows Defender completely stopped working (Shows a blank page under "Security at a glance") , as well windows update was not functioning properly (fails at checking updates), after investigating this issue it seemed the core files and services for both these applications were corrupted/missing, and despite running dism and /sfc commands it did not fix it, so the only way to solve this was to refresh install my PC. However I did not want to do it because I had very limited internet data, and I was never able to connect to a WiFi since I was busy with studies and etc, so I left my laptop unprotected for very long.
The 24th of august I finally come back home meaning I have access to WiFi again. I added another email to chrome (email z), and then I decided to look back 2000s games to retry and play them. Among these games, there was only one which I was not able to find anywhere, and upon searching through multiple google pages, I find an apparently secure website which has this game, so I decide to download it. What happens next is a bunch of ads appear upon clicking a blank area of the page , and I tell myself that's very bad. In the end I managed to download the game. but after trying to install it, it does not show the game icon, it instead shows a window without an X button, with nothing on it. I knew what it was so I immediately close it using my task manager. Some moments later I notice a command prompt opening and closing instantly, then opens a lot of command text outputs which displays numerous IPs and something about mining. I learnt that i downloaded a crypto miner malware, so I tried to delete it asap.
some days later, I notice an unfamiliar activity on my roblox account (linked to email x) and all my robux (roblox's currency) was used for a gamepass I don't recognize. something important to note is my roblox account is locked with 2fa, but in this case it was bypassed. Confused, I cleared every cookie in my chrome browser. I went to email x and y but it shows no unfamiliar activity.
31st august at 1:07 PM GMT+1, I receive a notification in my phone from gmail that there's a critical security alert on both email x and y. email z was untouched somehow even though it was logged in my laptop. I look it up and apparently a windows device named "X555UJ" was potentially infected with a suspicious app therefore google logged both those emails out of the pc. The thing is ASUS F555U and X555UJ look the same , but they have different models. So I was really confused whether this was my laptop, or an attacker's laptop who acquired my credentials somehow. at 3 pm (the time i woke up) ,I immediately changed both passwords of these email accounts and reverted the settings which was not set up by me (Filters, etc.) , and that was it. I also downloaded avast to check what kind of malicious files I had, and it was detecting many , and I say, many rootkits, and trojans. I already knew what both of these two do, and I panicked. I tried to deleting them all and rescanned, they reappeared. the only solution was to backup files immediately and reset to factory default the entire laptop.
I backed up 80 gb worth of files in a separate partition, scanned them (shows no threats), and went to reset my entire pc. The process took around an hour and it was 8 pm by then.
another note to mention is my main discord account is linked to email y without 2fa, and I forgot to remove access of discord to access my email AND to change passwords. This was a really bad idea.
Meanwhile the laptop was resetting, my phone was getting bombed with notifications of random people and friends asking why was i sending them a phishing link. it was apparent that my discord acc was compromised too. I immediately changed passwords, email, and disabled it to log it out of all sessions. the damage was big but it was stopped minutes later.
After the laptop finished resetting, I realised windows didn't delete the previous drives , so I went by to delete them one by one by formatting, and I deleted windows.old in the OS drive.
I then install drivers and download malwarebytes, superantispyware and avast again, and do a Boot up scan, 5 full scans, 10 scans of the backup folder. Results show no malware remains.
I was still repairing all the damage done by the rootkits by changing every password on every account I use, and setting up a new password manager, etc. This took more than a day.
After thinking everything was fixed, I created 3 new emails (email a, b from gmail, email c from protonmail) and used them in my new reset laptop just incase the hackers still can remote access it, and I was right. but this time they didn't breach those email accounts...
The 2nd of september at 10:29 PM, I receive another critical security alert that there's suspicious activity in email x again from device X555UJ (at this time i was asleep and woke up at 5 am) . This really confused me because after resetting the laptop, I never logged into email x at all, I used a different desktop computer to manage it.
I turn on my laptop, and I find out there's an unknown search engine which displays everything in russian installed in my web browsers. I looked it up and i learn its malicious , so I deleted it entirely although I still don't know where it came from. but again, this really confused me so I scanned all files again using Defender this time, it detected nothing. then I do a boot up scan, it detected nothing. then finally I scan the back up files, and it detected a backdoor malware. I delete it after.
other important things to note:
I have a lot of questions now:
I also looked this up everywhere and I didn't find any similar results to my problem, hence why i am posting here.
TLDR: My laptop was unprotected for months from malwares. 31st of august, a hacker breached my 2 main gmail accounts ( email x and y ) . After resetting the laptop and backing up, another suspicious activity was detected on email x although there was nothing suspicious on there. if the hacker probably still has remote access to my pc then what do I do?
I use an ASUS F555U laptop with windows 10, the first time it was reset was at sept 2020. I configured it and all and installed chrome as my main browser and used my 2 main google email accounts (consider them email x and email y). note: I never installed any AV, only defender was on its own.
Everything went fine, till sometime after 1st Jan 2021, Windows Defender completely stopped working (Shows a blank page under "Security at a glance") , as well windows update was not functioning properly (fails at checking updates), after investigating this issue it seemed the core files and services for both these applications were corrupted/missing, and despite running dism and /sfc commands it did not fix it, so the only way to solve this was to refresh install my PC. However I did not want to do it because I had very limited internet data, and I was never able to connect to a WiFi since I was busy with studies and etc, so I left my laptop unprotected for very long.
The 24th of august I finally come back home meaning I have access to WiFi again. I added another email to chrome (email z), and then I decided to look back 2000s games to retry and play them. Among these games, there was only one which I was not able to find anywhere, and upon searching through multiple google pages, I find an apparently secure website which has this game, so I decide to download it. What happens next is a bunch of ads appear upon clicking a blank area of the page , and I tell myself that's very bad. In the end I managed to download the game. but after trying to install it, it does not show the game icon, it instead shows a window without an X button, with nothing on it. I knew what it was so I immediately close it using my task manager. Some moments later I notice a command prompt opening and closing instantly, then opens a lot of command text outputs which displays numerous IPs and something about mining. I learnt that i downloaded a crypto miner malware, so I tried to delete it asap.
some days later, I notice an unfamiliar activity on my roblox account (linked to email x) and all my robux (roblox's currency) was used for a gamepass I don't recognize. something important to note is my roblox account is locked with 2fa, but in this case it was bypassed. Confused, I cleared every cookie in my chrome browser. I went to email x and y but it shows no unfamiliar activity.
31st august at 1:07 PM GMT+1, I receive a notification in my phone from gmail that there's a critical security alert on both email x and y. email z was untouched somehow even though it was logged in my laptop. I look it up and apparently a windows device named "X555UJ" was potentially infected with a suspicious app therefore google logged both those emails out of the pc. The thing is ASUS F555U and X555UJ look the same , but they have different models. So I was really confused whether this was my laptop, or an attacker's laptop who acquired my credentials somehow. at 3 pm (the time i woke up) ,I immediately changed both passwords of these email accounts and reverted the settings which was not set up by me (Filters, etc.) , and that was it. I also downloaded avast to check what kind of malicious files I had, and it was detecting many , and I say, many rootkits, and trojans. I already knew what both of these two do, and I panicked. I tried to deleting them all and rescanned, they reappeared. the only solution was to backup files immediately and reset to factory default the entire laptop.
I backed up 80 gb worth of files in a separate partition, scanned them (shows no threats), and went to reset my entire pc. The process took around an hour and it was 8 pm by then.
another note to mention is my main discord account is linked to email y without 2fa, and I forgot to remove access of discord to access my email AND to change passwords. This was a really bad idea.
Meanwhile the laptop was resetting, my phone was getting bombed with notifications of random people and friends asking why was i sending them a phishing link. it was apparent that my discord acc was compromised too. I immediately changed passwords, email, and disabled it to log it out of all sessions. the damage was big but it was stopped minutes later.
After the laptop finished resetting, I realised windows didn't delete the previous drives , so I went by to delete them one by one by formatting, and I deleted windows.old in the OS drive.
I then install drivers and download malwarebytes, superantispyware and avast again, and do a Boot up scan, 5 full scans, 10 scans of the backup folder. Results show no malware remains.
I was still repairing all the damage done by the rootkits by changing every password on every account I use, and setting up a new password manager, etc. This took more than a day.
After thinking everything was fixed, I created 3 new emails (email a, b from gmail, email c from protonmail) and used them in my new reset laptop just incase the hackers still can remote access it, and I was right. but this time they didn't breach those email accounts...
The 2nd of september at 10:29 PM, I receive another critical security alert that there's suspicious activity in email x again from device X555UJ (at this time i was asleep and woke up at 5 am) . This really confused me because after resetting the laptop, I never logged into email x at all, I used a different desktop computer to manage it.
I turn on my laptop, and I find out there's an unknown search engine which displays everything in russian installed in my web browsers. I looked it up and i learn its malicious , so I deleted it entirely although I still don't know where it came from. but again, this really confused me so I scanned all files again using Defender this time, it detected nothing. then I do a boot up scan, it detected nothing. then finally I scan the back up files, and it detected a backdoor malware. I delete it after.
other important things to note:
- my laptop's model is F555U, ASUS brand.
- before the breach, email x had 2fa enabled but email y didnt.
- As of now, every password has been changed on all email accounts.
- Currently, there is no malware results.
I have a lot of questions now:
- How come Defender can detect potentially malicious files while other AVs didn't? Are there chances of false positives?
- Should I reset the entire laptop again but this time only backup files in a USB and delete everything else?
- The first incident when this happened showed that a windows device named X555UJ (remember, mine is F555U, but google doesn't know it) was the one with the malicious app. When monitored activity on it, there was nothing changed but the filter gmail settings. I look up the IP addresses and I find germany, morocco (my country) and Russia. Note that I used only 1 germany VPN, but never russia. when it happened yesterday again, it showed the same device was with the malicious app although I wiped my laptop entirely with backups and all AVs showed nothing except Defender. What does this mean?
- Do you think the entire issue is solved now? This has gotten me a really big headache since this happened. This was also a big fault of mine for being irresponsible and negligent to my laptop but I learnt a lot from it and hopefully it doesn't reproduce again.
I also looked this up everywhere and I didn't find any similar results to my problem, hence why i am posting here.
TLDR: My laptop was unprotected for months from malwares. 31st of august, a hacker breached my 2 main gmail accounts ( email x and y ) . After resetting the laptop and backing up, another suspicious activity was detected on email x although there was nothing suspicious on there. if the hacker probably still has remote access to my pc then what do I do?
Last edited:
Facebook
Twitter
Instagram