[SOLVED] Help --- I think I've accidentally downloaded a virus !

[Korayaydemir]

It was late at night and i clicked one of those "fake download buttons" and didn't pay attention to anything just said next next and downloaded the thing. I was overconfident and careless, regretted it so hard after realizing i downloaded some unknown (probably) malware.

But at least i know the .msi file i downloaded, but i don't know what it did/ran in my computer after i installed it. I have no idea.
So, i know someone who's knowledgeable enough on security stuff, can run this file on a VM, or do something else to learn what that .iso or .msi file executes. And how to remove its effects (if it has any). That would be great, i really need help because i don't think i can get over that one on my own.

Sooo the file is, an .msi file, last night when i clicked it it was an .iso file i think, but both are capable of running something so doesn't matter i guess. It's the same thing i downloaded last night because on both when you click it, something called "ThousandthToboggan.exe" asks for adminstrator permission, which i gave that night i know i messed up big time. Then downloads something. I opened the .msi file with winRAR and there is only a rougly 5 megabyte file called "ThousandthToboggan" inside. So that wasn't very helpful for me. I have to know what it does.

Here is that malware: <Link to malware removed by Moderator> Edit: apparently i'm not allowed to share its link for some reason. Which defeats the whole purpose of this post, someone who knows what hes doing examining the file. I guess message me or something if anyone interested in helping so i can send the link? If thats allowed. Ofc if theres a solution without needing that its alright too.

so do not download on your computer if you don't know what ur doing, its funny im the one telling that but yeah.

It doesn't download game or something because, like i said its one of those fake download buttons, its just named as the game.

I did a full scan for virus with windows defender, which took almost 1 hour. Windows did not find any malicious file. I don't have an antivirus program, but i can try running one.

Aand thanks a lot for helping, i'm really ashamed because thats a very simple mistake with a possibly big consequence but i don't have any other choices than asking for help on forums

 

[USAFRet]

The link was removed to prevent anyone else from clicking on it, even accidentally, and getting this same virus.

 

[USAFRet]

I have to know what it does.

'What it does' is much less important than - "Is your system still infected?"

Along with your Windows Defender scan, install and run MalwareBytes.
(And Defender IS antivirus)

Cyber Security Software and Anti-Malware | Malwarebytes

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

www.malwarebytes.com

 

[Korayaydemir]

'What it does' is much less important than - "Is your system still infected?"

Along with your Windows Defender scan, install and run MalwareBytes.
(And Defender IS antivirus)

Cyber Security Software and Anti-Malware | Malwarebytes

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

www.malwarebytes.com

Thanks for the recommendation, i installed and scanned with MalwareBytes. It didn't find anything. I did it with "Norton Power Eraser" too. It didn't find anything either. They were much quicker than windows' full scan. MalwareBytes and Norton took less than 10mins to scan compared to Windows' almost 1hour full scan. Did they look deep enough ? Sorry if that question doesn't make any sense tho lol.

So none of the antiviruses including windows' own didn't find anything. What do i get from that ? Why would a random shady file i downloaded ask for admin permission and do nothing malicious ? It showed up a whole setup and then downloading bar too. What do you think ? Is it safe to assume that my system was never infected ?

Should i set up a VM on my own and download the file there, and see what it says during installation ? Because i paid no attention the first time maybe it downloads "something" but not malicious something. If it doesn't say what it downloads during installation, and doesn't say it's location too (assuming this is not a fake virus/installation[but why someone would even do that ?]), is there even a way for me to see what it downloads and where it downloads it, if it downloads anything at all ?

I'm just scared of AVs just missing maybe a keylogger or some kind of virus. I can't specifically make it scan whatever it downloads because i don't know what/where it is. If it actually downloads something.

 

[USAFRet]

What is this thing you're trying to 'download'?

 

[USAFRet]

Is it safe to assume that my system was never infected ?

No.
Especially if you gave it admin rights.

 

[Korayaydemir]

What is this thing you're trying to 'download'?

Should i set up a VM on my own and download the file there

You mean that ? The .msi file, the probably malware i'm talking about, which runs a setup, can't even remember what it was saying or what it looked like i was sleepy. I do not know what it is either, that's why i'm suspected of it's being a virus. What are my other choices now to be extra safe ? I think downloading it on VM and looking closely what it's doing/saying during setup sounds good, and harmless ? Could give me a clue. If it doesn't, is the only thing left just nuking everything, and doing a clean installation of windows ? Or is there other things i can try before that?

 

[bignastyid]

Try buying the game instead of pirating it. Terraria is only $10 on Steam and it won't contain malware. Since we do not support piracy we are not going to help getting your pirated game working. Nuke and pave to get rid of the malware and stop pirating games to prevent it in the future.

 

[USAFRet]

It doesn't download game or something because, like i said its one of those fake download buttons, its just named as the game.

A "fake download button" that downloads some file, but the file is named as a particular game....pretty safe to say it is malware of some sort.

 

[Korayaydemir]

Try buying the game instead of pirating it. Terraria is only $10 on Steam and it won't contain malware. Since we do not support piracy we are not going to help getting your pirated game working. Nuke and pave to get rid of the malware and stop pirating games to prevent it in the future.

Did not create the post for moral lesson but thanks That's the second game i ever pirated, for the same reason as before. Wanted to wait for sale to buy it, so i pirated it until i'm buying it. I think not paying for games is unacceptable. Also, i think post clearly asks for help to get rid of a malware, not help to get pirated game working..?

 

[USAFRet]

Did not create the post for moral lesson but thanks That's the second game i ever pirated, for the same reason as before. Wanted to wait for sale to buy it, so i pirated it until i'm buying it. I think not paying for games is unacceptable. Also, i think post clearly asks help to get rid of a malware, not help to get pirated game working..?

You've done scans with relevant software.
Not finding anything is not proof of non-infection.

 

[Korayaydemir]

You've done scans with relevant software.
Not finding anything is not proof of non-infection.

Okay thanks a lot for all the help then, i will probably nuke it, and even not take any backups in case other files are infected or something idk. Shouldn't be that much of a problem there wasn't much important data. And will NEVER download pirated again. Not for moral reasons, it was just an impatience to not wait for sales i do pay for my games. Me being in doubt of a malware infection over such small distraction and having to nuke is tragicomic. Clicked 2 buttons, no windows antivirus warning, and pc probably got infected in seconds, happened to me for the first time since 10 years of using pc's. Paying attention is the only reliable antivirus.

 

[mdd1963]

Do you have any recent restore points (most recent prior to downloading the miscreant file) you could roll back to?

(This would put the OS back to the condition it was the restore point was created....)

 

[Korayaydemir]

Do you have any recent restore points (most recent prior to downloading the miscreant file) you could roll back to?

(This would put the OS back to the condition it was the restore point was created....)

I'm not sure how system restore works and couldn't find helpful answers. When i choose the restore point, there is a "Scan effected programs". So it shows the programs that will get deleted/effected. But there is not "that program, the malware" in that list. It has google chrome, some drivers, and oracle VM (because i installed it recently), simple stuff i could just remove those on my own too, what i can't remove is a hiding malware. Now is system restore as simple as just deleting some simple programs you downloaded since that restore point ? Or does it literally make your pc go back in time, not having a malware installed ? I have doubts on usefulness of a system restore point on clearing a malware.

 

[USAFRet]

Or does it literally make your pc go back in time, not having a malware installed ?

Given a restore point created from before the infection happened, that is what it does.

Returns the system to the state it was in on that particular day.
Assuming it works correctly.

 

[mdd1963]

"It has google chrome, some drivers, and oracle VM (because i installed it recently), simple stuff i could just remove those on my own too, what i can't remove is a hiding malware. "

The goal is not to remove the above listed apps; those are just the apps installed since the last restore point, and, as the restore point places the computer back to the point before the installation of the above apps, they are merely unfortunate casualties...)

Restore point usage is/can be quite common , effective, and is a simple suggestion....; you can be assured that there will be no 'click here to absolutely remove any/all miscreant hiding apps' options.

Good luck ...forthwith.