Hi guys,
I have been hacked about 2 months ago /probably had a malware and the hackers managed to most probably download my files (documents, pictures etc), also paypal theys tole money which i recovered.. stole a lot of money in crypto which I can not recover :(
I have straightaway installed bullguard, ran scans, found something deleted it as well as malwarebytes. I installed fresh new windows and installed bullguard activated it and free malwarebytes.
Right now I have updates for bullguard running every hour with also quick scans every hours. Running full scans every day.
I have noticed that when running full scans it always skips these files;
c:\programdata\bullguard\alertreports\alertmetadata2\71c66a0b1e714f8bfbf9e201cc5cfdac.7z // this comes up with every Bullguard scan
c:\program files (x86)\microsoft visual studio\2017\enterprise\msbuild\microsoft\visualstudio\nodejs\node_modules\node-gyp\node_modules\tar\test\cb-never-called-1.0.1.tgz // this comes up every scan with Bullguard
c:\programdata\bullguard\antivirus\temp\tmp00000231 // this sometimes
c:\programdata\bullguard\update\download\avdefs // tshi sometimes //sometimes
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.18081.1242.0_neutral_split.scale-125_8wekyb3d8bbwe //this sometimes
c:\users\jaro pc\appdata\local\google\chrome\user data\default\cache\f_000451 //sometimes
Now I have managed to take ownership of the .7z file indicated in alertmedata folder and it does not show up anymore... What was it? Was it a virus??? Am I safe??
Also when I ran scan yesterday night with Bullgaurd it came out clean, but malwarebytes found this as malware:
\DOCUMENTS\ASSETTO CORSA\SETUPS_003\BMW_Z4_GT3_001\KS_BRANDS_HATCH_006\IMAGEBG2IC4UR.JPG+ // this is a genuine bought steam game(I have uninstalled it straightaway and deleted the folder) [it also gave me 3/56 on VirusTotal]
also it flagged 3 additional malware as my exe files from my visual studio scool projects... Dont know exact address but it is something like that
C\\JARO PC\\SOURCE\\REPOS\\MONOPOLY\\BIN\\OBJ\\MONOPOLY.EXE?? Thats probably a false positive or?