If you downloaded the attachment from the, "BlackOps XProject [v1.1]" thread and ran it you may have been infected and had several of your passwords stolen.
After analyzing the file the following things have been observed:
- Logs your PC and IP.
- File goes for your Firefox, Google Chrome, and Opera logins and possibly history.
- Goes for some of your Steam user info and configurations files, this may allow them to automatically login to your Steam account but I'm not sure so don't quote me on it. It looks for these Steam files in particular, there may be more.
\config\config.vdf
\config\loginusers.vdf
\config\SteamAppData.vdf- The file starts itself whenever you turn on your computer under a different name, "sR.exe"
- The file may block the Task Manger from being opened.
- It may mess with your mouse movements and or lock the mouse.
@Liz @arunforce @Dave84311
If you can pull the list of all the users who downloaded the file please mention them here.
Manual Fix:
- It may block the task manager from being opened but if it doesn't, start the task manager then end the program it should be named whatever you ran it as. By default: xPirat BlackOps XProject.exe
- Navigate to this folder: C:\Users\<YOUR USERNAME>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- Delete sR.exe
- Install MalwareBytes and Avira, make sure to run full scans with both.
- Check the task manager for both instances of the virus which should be, "xPirat BlackOps XProject.exe" and "sR.exe"
- Once you're sure no instances of the file are running, you can leave your Skype below and I'll double check, change ALL of your passwords and clear all of your web browser(s') history and stored passwords. Passwords should never be stored because of how easily malicious programs can just grab them, it's a good habit to start memorizing them instead of storing them.
- If you are scared to perform these steps because you're afraid you'll mess up your computer, just leave your Skype below and I'll do it for you.
Major credits to @master131 for most of the analyzing.
If you have downloaded and ran the file please leave your Skype here so I can contact you and help you. At MPGH user safety is our number one concern and we're sorry this file managed to slip through, we apologize.
Sincerely,
~The MPGH Staff Force.