Confidential information disclosed.
Confidential information disclosed.
Hi everyone, I think that somebody just stole my access token for Chrome, because somebody tried buying something from Amazon, but they didn't log in my account normally (I have 2FA), they just bought (or at least, TRIED to; I'm broke lol) a couple of gift cards and that's it. I resolved the matter with Amazon, I blocked the card for the moment (even if they are secure, because they bought through Amazon, and they didn't use my card directly), changed the passwords, and went on my Google Account (on Android, I wasn't home, so I didn't touch my PC in all of this) to disconnect from all the devices, which were 2 computers. Now, what do I do, to be 100% sure, that this doesn't happen again, when I log in again on my PC? Do I have to check if I have a malware on my computer? Should I format the ssd, reinstall windows? I want to know if, these attacks, are one-time only, or if they stay in your computer. Please help, and thank you for your time!
The attack had to come from somewhere, so that's the least you should do. There's no way to tell. If there's malware on your computer it could do all manner of things. While it's possible the attacker chooses not to repeat attacks to reduce the risk of exposing themselves, there's no guarantee they won't do it again. Or sell access to a compromised machine on the black market. Or make it part of a bot net. Or any a number of other unpleasant things. Definitely check whether your machine is infected. Then do whatever you can to make sure it no longer is.
It's suggested to install malwarebytes and perform a scan at the provided link.
You have the USB from when you installed Windows, so it’s safe to use. If you need to get data from the PC, it’s possible but be careful not to risk infecting the USB. Uploading files to the cloud is a good idea for backup.
When a machine gets infected, any file could potentially be compromised, though executable files are more common. It might also involve documents like .doc, .pdf or .zip that take advantage of weaknesses in the software used to view or unpack them. It's usually safest to completely wipe the system and rely on offline backups. If you lack a backup, consider alternatives—transferring infected files to a USB drive or uploading them to the cloud won't help. Depending on the malware's behavior, reopening the file after copying could re-infect your device. There might be unknown threats or files that self-destructed to evade detection. Alternatively, the malware could have accessed your account through another method, making it hard to trace. Using two-factor authentication is a good practice, but changing passwords is wise (especially with a password manager and strong passwords).
I've already updated all the passwords. It seems like every folder is set to read-only, though the files are fine. Is this typical? Probably, I'm planning to reinstall Windows and wipe everything, then store the files in a compressed folder on Google Drive. I'm not sure if the files are infected, but I'll keep them in quarantine, just like we learned during the pandemic. Maybe I'll scan them later. It's really odd, though...