Help with this if any of you know about them please. Having trouble with rootkits and malware. Dont really know anything about these.
Some of you may know about the Streetfighter 5 rootkit patch recently. If not, basically the game 'streetfighter5' put a kernel level rootkit on everyones PC's in the latest patch for the game to prevent cheaters/hacking of the game. To my understanding, doing so also opens a backdoor to hacking and malware?
My father got scared by a seemingly fake error and called the phone number it gave him "to have the rootkit/ infected pc + devices taken care of". This "microsoft employeee" asked for an email and billing details, for the $499US price of fixing the problem. We suspected it was fake and went no further than that. But he did have control of our PC. He was able to click on things, open things up, draw diagrams on screen, type in notepad.
So this all sounds fake right? however he was still able to take control of our PC remotely (using rootkit?) so we are probably fucked right?
I have since removed the game 'streetfighter' and to the best of my knowledge removed the rootkit. Also reset my PC back to factory default/ formatted it/ wiped everything.
My question is: Since I have removed the rootkit(?) Am I still in trouble? Could they have gained access to the PC using the streetfighter5 rootkit and then placed their own rootkit somewhere inside? Could the rootkit on my PC have survived the formatting? Do they have my card details and login info for various sites + apps? Could the rootkit have infected other devices on my network (phones,tablets, ipods, laptops (all connected wirelessly via wifi))
I have windows 10 if that helps. Any help appreciated. Thank you alot.
The SFV "rootkit" was only out for less than 24 hrs. After all the backlash, Capcom updated SFV to no longer use it. I really don't think it was out long enough for people to be able to exploit it.
If someone else got remote access to your PC, then chances are either your father somehow granted access to this other person, or your PC was already compromised (perhaps this is where the error came from).
The shitty part about this whole thing is that even though SFV has been updated to not use that kernel access component, the file still sits on your HDD unless you actively remove it. But if you did a full format and reinstall, you are probably fine.
Gavin Moore
>But if you did a full format and reinstall, you are probably fine
Any idea about other laptops/phones on the same network? could they have been infected too? If so, could those infected devices re-infect my now clean PC that I just formatted?
Thanks
Connor Taylor
on a side note, what's the best free malware detector for Loonixes that actually detects Loonix malware (and not just Windows)
Tyler Richardson
>Common sense 2017
Asher Morgan
Was it one of those fake Indian tech support thing on Youtube? Did the "tech support" guy ask for credentials, or login and download anything? If it is, you have nothing to worry about
Jace Sanchez
He was Indian yeah, he said he worked with microsoft. He gained remote access of the computer. Not sure how he did that or whether he downloaded anything, I dont think so. He asked that we type our email and billing information into the notepad he had open on screen. So that we could pay our $499US to have our computer + devices repaired/cleaned. He said they had to use "professional tools" thats why the $499US was required.
Sound fake to me, but how do I know I dont also have malware up the ass and a keylogger and shit? how do I know my cards + login info are alright?
Benjamin Rogers
It is already pretty common for games to install rootkits in different forms to prevent cheating. So no it's not a big deal. Rootkits are usually dev turned hacker projects and everyone knows devs are cushy unrealistic Starbucks baristas of tech that found shitty startup failures, so it's unlikely. The fake error might be real malware's. Microsoft can remote into your desktop and will usually ask you for permission and info first. If you legitimately formatted your storage you are fine, card details and login info maybe not. Even if they remote into your desktop and asked for money, you had to call them and still had access to your files, they are probably poor programmers.
Every other question my answer is basically I doubt they have the skill for it and it's not worth targeting a random user outside if testing.
David Sanders
It's probably Team Viewer. Just Youtube "Indian tech support scam" and ahow it to your dad. They all use the same tricks. Good thing your dad didn't get syskey.
Anthony Sanders
Lol I posted After reading that no, they definitely don't have your credit card number or logins and are flat out retarded. I can find a 12 year old at def con who can do better.
Angel Gonzalez
Hope so dude, thats comforting. Thank you.
Still scared to use my cards. But I guess I can never be sure that I am safe now or not can I?
Andrew Lopez
>It's probably Team Viewer. Just Youtube "Indian tech support scam" and ahow it to your dad. They all use the same tricks. Good thing your dad didn't get syskey.
This
Your dad installed a Teamviewer-like program
Common scam, teenagers fuck with them all the time and Youtube it
Brody Robinson
I don't think he did, but maybe. I wasn't around to see everything he did
Thomas Moore
This.
The Indian made your dad install remote control software, which THEN gave him access to your computer. He probably didn't have it before he called.
Show it to your dad too and ask him if this is how it happened.
Austin Rivera
That video. He does mention that he took precautions to avoid other devices on his network from getting viruses/malware. So this does mean that potentially my laptop and phone are full of malware right now.
I also find the coincidence of this happening on the same day that Streetfighter5 installed its rootkit on my PC a little fishy. Im doubting this is just a teamviewer scam type deal.
Parker Sanchez
Basically he had to get your card information in plain text, which means he wasn't good enough to do a lot of things, and exploiting your browser is definitely on that list. You probably got it through a link someone clicked in an email. It could be an account that was hacked on another site. You just need to not get it again, and don't go clicking links in emails, especially the spam. (It could be hardware, don't buy anything from or made in China right now)
Carter Ross
No, he would have to pwn your router to access your network. Again he needed your credit card info in plain text, it means not good enough to do anything malicious. His only thing is social engineering, and considering he couldn't get you, my eightball and instincts both scream his outlook isn't good.
Cooper Foster
makes sense. Thanks
Ryder Perry
Quints don't lie. You're doomed
Kayden Williams
fuck
Carson Carter
Its overpriced, all my assets went into it
Julian Richardson
kek
Logan Richardson
>mfw he just starts talking about "the bathroom situation in india" with the scammer at 40:00
Landon Rogers
Ive tried questioning my father, but its difficult because he knows even less than me. He said that he followed some instructions and was then told to shutdown the computer. The indian then remotely started the computer and then had access to do whatever he wanted (click things, type things, open things, draw on screen).
He did not download any programs or open an internet browser at all (according to father).
I do have teamviewer installed on my computer already, but I know 100% that it was not used.
Any other kind of teamviewer-esque program that requires a reboot of the pc?
Daniel Thompson
>350 dollars? how many rupees is that?
Jack Howard
He booted the computer while it was turned off?
Luke Peterson
Thats what my father says, but maybe hes just mistaken. He seems very confused about everything that happened. I can barely get anything out of him, and what I can get is probably not reliable.
Henry Howard
Missed your chance to boot into your wangblows and "accidently" have him find /banking/bankingdontopen/ 999999 horse and dolphin dongs.png.
Luke Bennett
No offense but your whole family sound comically retarded. This is coming from a literal autistic person, though, so don't feel bad.
Nolan Jones
>No offense lol
>your whole family sound comically retarded Ive only mentioned my father and myself. Two people who are admittedly not great with computers are worried that their computer and card details may be fucked. Sounds retarded
please explain
Nicholas Perez
You're on Cred Forums, where even the common retards know a bit about computers. People on here sometimes don't realize that there are people with other interests.
We can't really analyze if you're compromised, because your dad can't give out enough precise information, so the answer is "maybe".
If you want to be 100% sure, you'll have to backup your data, wipe all computers that were connected to the potentially infected one and change your credit card details.
Logan Hall
Reminder that this is the worst case scenario, though.
It's just not impossible.
Nathan Powell
>You're on Cred Forums, where even the common retards know a bit about computers.
I am the common retard that knows a bit about computers. My father, a 60 year old man however is not. Sadly he is the one who saw the message and made the call without my knowledge.
Just trying to get some help. Thank you for any you provided.
Is there even a decent rootkits scanner out there?
Elijah Diaz
I know man. My dad is 76 and even if he used to be a COBOL coder back in the days, he calls me for the most retarded shit he should be able to figure out by himself.
I think he never really made the switch from DOS to Windows. Everything seems strange to him and makes him insecure.
Matthew Parker
So does anybody know if this is a possibility or is this impossible?
Any idea about other laptops/phones on the same network? could they have been infected too? If so, could those infected devices re-infect my now clean PC that I just formatted?
Sorry for repeatedly asking this. Does anyone know anything regarding this?
