Question How do I get rid of serious malware?

wallsbrett6

Reputable
Oct 25, 2015
39
0
4,530
0
Hi, my accounts have been getting hacked into, and its been happening for awhile. Ill start from the beginning for everyone. One day, maybe February of last year, I was playing Battlefield 1 on my gaming computer. After a long night of playing, I went to bed and when i woke up in the morning I had over 5 emails saying there has been a new log in from another device (Somewhere from Russia, another from Germany and so on). Pretty startled by this, I decided to crack down on my security for both my Google Email and my EA account email. I had changed the passwords for both accounts and restarted my PC. surprised, I woke up the next day and found my accounts were still being hacked into. Even my steam account was hacked into. I use the same email for both my EA account and my steam account so maybe that is how it happened. One thing i have noticed is that the accounts I did not sign into on this computer were still safe (to the best of my knowledge). That got me thinking, maybe I have a key logger. It wouldn't be a surprise to me because I do pirate games off of suspicious websites and that very well may be the cause of all of this. I decided to perform a virus scan, a rootkit scan, and all the other types of scans i could think of. I even wiped the hard dive and reinstalled windows 10 using there built in tool that lets you do so. Even after a full system wipe, my problem still persists and i'm starting to think there is no hope for my gaming PC. I know I may have brought this on myself with my suspicious activity, but I definitely have learned my lesson and i'm asking for any help on how to solve this problem so I can safely buy games, play online, and just enjoy being in the PC community without the worry of all of my accounts being bombarded by overseas hackers. Thank you all and I hope we can work together to come to a solution.
 

Spaceghaze

Proper
Oct 17, 2019
105
8
115
6
Are you sure that those emails actually where from steam/EA etc? Where you still able to access your acounts after receiving this emails? If they where hacked, they would most certainly change the password of the accounts. Most cases you just receive emails that are made to look like they are official and real. Also called a phishing attack.

Set up 2 factor authentication on all the accounts, think most gaming/email and so on accounts should support that.
 

wallsbrett6

Reputable
Oct 25, 2015
39
0
4,530
0
Are you sure that those emails actually where from steam/EA etc? Where you still able to access your acounts after receiving this emails? If they where hacked, they would most certainly change the password of the accounts. Most cases you just receive emails that are made to look like they are official and real. Also called a phishing attack.

Set up 2 factor authentication on all the accounts, think most gaming/email and so on accounts should support that.
Are you sure that those emails actually where from steam/EA etc? Where you still able to access your acounts after receiving this emails? If they where hacked, they would most certainly change the password of the accounts. Most cases you just receive emails that are made to look like they are official and real. Also called a phishing attack.

Set up 2 factor authentication on all the accounts, think most gaming/email and so on accounts should support that.
Thank you for your reply! I have set up 2 factor authentication for all of my accounts and my problem still persists. There has been once instance where my account password has changed as well, although it doesn't happen much anymore since I've set up 2 factor authentication.
 

Spaceghaze

Proper
Oct 17, 2019
105
8
115
6
2 factor authentication.
With 2 factor authentication it should not be possible at all to change or login for someone else then you.

The emails that you are getting now, do they say that someone actually logged into the account, tried to, or is it just that someone requested a password recovery/forgot the password?
 

cherry blossoms

Reputable
Apr 13, 2016
798
38
5,390
177
Assuming NOT a social attack and actual worst case scenario:

Normally I would say you would need access across a JTAG interface to write a custom firmware to the drive. Proof of concept hacks have indicated otherwise.

Various proof of concept attacks for UEFI BIOS infection exist as well

I believe the Windows Platform Binary Table was a problem with a Lenovo specific rootkit. that Lenovo insisted be present on your system.

Any boot tools you have created using the infected system are subject to being infected themselves. Any chance of cleaning will involve tools created from a known clean system.
 

cherry blossoms

Reputable
Apr 13, 2016
798
38
5,390
177
Assuming actual persistent malware, not a social engineering attack, and NOT a firmware / BIOS package left behind:

Unsure how you are shutting down your system. Complete power down by pulling system power recommended after doing your soft power off.

Like a virus, any and all programs are suspect if they have been written to. Any files subject to malware injection are suspect. This includes your backups since typical data hygeine is poor.

Use a tool such as parted magic , created on a known clean computer, to boot the system from a cold state, and completely wipe all drives, in case of MBR / VBR malware. (Any tool created on the computer is suspect)

Alternatively, you could try the DD command from a linux boot as well and just zero out chunks of the structure at the beginning and end of the drives
 

USAFRet

Titan
Moderator
Mar 16, 2013
115,496
2,278
145,090
18,798
It wouldn't be a surprise to me because I do pirate games off of suspicious websites and that very well may be the cause of all of this.
Not "very well may be"....is.

Wipe clean and reinstall. All drives, all partitions, all data.
Wipe it clean.

 

ASK THE COMMUNITY

TRENDING THREADS