disclaimer: the last time I had a malware was 7 years ago and even though I dealt with plenty of viruses back then, this was my first time having to deal with a trojan. I know absolutely nothing about how scanners and antiviruses work and most of the explanations just assume that I’ll understand the weird terms used to describe them, I probably took some useless steps so I ask you to be patient with me, I was trying my best.

Also this post is gonna be huge, I’ll detail everything I did as well as I can. Maybe this can help someone else who is also struggling to get this thing removed.

Just this morning I ended up downloading a malware called “Great Discover”. Unfortunately there isn’t a lot of information about it, only one howtoremove guide and two youtube videos which I followed. I’m making this post because I want to know if there’s ANYTHING else I can do to make sure I’m 100% safe right now.

—————————————————————————————————————————————————–

The first thing I noticed was a new weird program running on the tray and once I clicked it, it showed me a pop-up describing what I had to do to delete it ( standard apps and resources -> select “great discover” and uninstall). Problem was it asked me to solve a captcha that was impossible to solve (I typed in the correct letters/numbers and it said something along the lines of “wrong answer” and it closed). I googled it and found out it was a malware, according to howtoremove.guide it’s a trojan used to mine cryptocurrency (no idea what that means).

Google started asking me to add sketchy extensions, so my first step was cleaning my browser history entirely and resetting the browser settings back to standard. Then I opened the extensions tab and deleted everything I didn’t remember adding.

My second step was going to C:Program Files and C:Program Files (x86) and removing A LOT of folders with random names that I know weren’t added by me (including ones that said were added months ago, didn’t know that was possible).

My third step was opening the Control Panel, going to Programs and Features and looking for stuff I didn’t remember adding then deleting the sketchy programs

After this I read that there could’ve been viruses that were added with this malware so I downloaded malwarebytes and scanned my pc. The first time had one result, I quarentined it and then removed it. I ran it again just to be sure and it said it was clear. I still wanted to be sure though, so I proceeded to download Kaspersky’s virus removal tool and did a full scan. It was clear.

I opened the task manager and looked for anything that was using a considerable amount of system resources and couldn’t find anything. The program on the tray was gone and I’m pretty sure something was messed up in my initialization settings because after the first time I restarted the PC stuff like discord and spotify automatically opened even though the function to do that wasn’t enabled.

The guide said my PC could’ve been compromised so I pressed windows + R and copied this line

notepad %windir%/system32/Drivers/etc/hosts

comparing the results with the screenshot showed me the PC wasn’t compromised.

At the same time I was following the steps in the guide I was also watching a video by a youtuber called “Mango School” that instructed to follow these paths and look for suspicious files

(C:)/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup

(C:)/Users/my user/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup

I didn’t find anything in either of these.

I restarted my PC to see if it was slower than usual and it seemed normal.

I double-checked C:Program Files and C:Program Files (x86) + Roaming and everything was normal.

I rebooted on safe mode.

I triple-checked the same places and again everything was normal. Then I moved over to the Registry.

I used CTRL + F and typed “Great Discover” and deleted every single folder related to it. Then I followed the paths shown in the guide and in the video:

  • HKEY_CURRENT_USER->Software->Random Directory.
  • HKEY_CURRENT_USER->Software->Microsoft->Windows->CurrentVersion->Run Random
  • HKEY_CURRENT_USER->Software->Microsoft->Windows->CurrentVersion->Run
  • HKEY_CURRENT_USER->Software->Microsoft->Internet Explorer->Main->Random
  • HKEY_LOCAL_MACHINE->Software->Microsfot->Windows->CurrentVersion->Run

(I couldn’t find anything probably because of the folders I deleted)

After I was done I pressed Windows + R again and searched for %temp%. I deleted all temp files.

So this sums up everything I did. Again I want to know if there’s anything at all that I can do to make sure I’m 100% safe, like I said it’s my first time dealing with a trojan so I might’ve not done things that i need to.

OBS: By reading the comments of the people affected by it I noticed a lot of them got the malware after trying to download pirated games, so if you got it that’s probably where it came from.

submitted by /u/NatashaStark208
[link] [comments]

By admin