t"Hello Perv" removal guide
What is "Hello Perv"?
"Hello Perv" is one of many scam campaigns presented as a threatening, ransom demand email. In this case, cyber criminals attempt to trick people (email recipients) into believing that they have obtained compromising videos and will proliferate them unless their demands are met. There is nothing to worry about, since all statements made by the "Hello Perv" scam are false. The best option is to ignore the statements and delete this email.
Scammers behind this campaign claim that the recipient has visited pornography websites, one of which has infected the computer with a virus. They explain that by playing a video, the recipient caused download and installation of malicious software. As a result, the computer was infected with a program that was capable of recording videos of the recipient (via the webcam). Cyber criminals claim that they have recorded a video of the recipient masturbating and fabricated it to seem as if child pornography was watched at the time (by the inclusion of the recipient video plus child pornography in an edit). They also claim that they have gathered all contacts that were stored on the computer. The main purpose of this scam is to trick people into believing these actions were carried out and to encourage them to pay cyber criminals 500 Euros in Bitcoins (to a Bitcoin wallet provided). They claim that the videos will be deleted once they receive payment, however, if the transaction is not made within 24 hours, they will proliferate the video by sending it to all of the user's contacts. They also attempt to make people believe that they can monitor everything users are doing with their computers. These claims are false and should not be trusted. If you receive this email, simply ignore/delete it and never trust any similar scams.
There are many similar scams. Some other examples include I Hacked Your Device, I Am A Spyware Software Developer, and So I'm The Hacker Who Broke Your Email. These emails are often used to trick people into believing that cyber criminals have recorded humiliating, compromising videos, or taken a photo of this type. The main purpose is usually is to extort money from people by demanding ransom payments (via a cryptocurrency), however, other spam campaigns infect computers with high-risk viruses such as LokiBot, TrickBot, Emotet, AZORult, Adwind, and so on. Scammers send emails that contain malicious attachments such as Microsoft Office documents, PDF documents, executable files (.exe), archive files, etc. If opened, these attachments download and install computer infections, which then cause other infections (such as ransomware), financial loss, problems with safety, privacy, and so on. Viruses proliferated using malicious email attachments steal passwords and logins, banking details, and other sensitive information that could be used to generate revenue.
We receive a great deal of feedback from concerned users about this scam email. Here is the most popular question we receive:
Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?
A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting the haveibeenpwned website.
How do spam campaigns infect computers?
Malicious attachments (proliferated through emails) infect computers when they are opened. A computer cannot be infected without first opening the attachment. For example, if the email includes a Microsoft Office document, once opened, it will ask to enable macro commands. Enabling them will allow an infected document to download and install a malicious program. If the attachment is an archive file, it will contain an executable (or other file) that, once opened, will also result in download and installation of a computer infection. Therefore, the attachment must first be opened, regardless of the file format.
How to avoid installation of malware?
Do not download/open attachments (or web links) without carefully studying the received email first. If the email seems irrelevant or has been received from a suspicious, unknown/untrustworthy email address, it is better to keep the attachment or website link unopened. Furthermore, do not use third party software downloaders, installers, unofficial web pages, peer-to-peer networks, and other similar sources to download or install software. Downloaders are often monetized by promoting rogue applications that might cause unwanted installations or even computer infections. Install and download software with care and check all "Custom", "Advanced" settings/options and other similar sections of the download/installation set-ups. Deselect offers to install unwanted software and only then finish the download/installation. Update your software via implemented functions or tools provided by official software developers. Using unofficial/fake updaters might cause installation of malicious programs rather than the updates or fixes. Use Microsoft Office 2010 or later, since newer versions include "Protected View" mode, which prevents downloaded (infected) attachments from installing/downloading computer infections. If you have already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.
Text presented in the "Hello Perv" email message:
Subject: You are my victim.
You've been looking at porn sites recently .
One at them had my virus on it .
When u started its video, your computer downloaded and launched my malicious software.
After that, I started your camera and recorded a video at u masturbating .
I've gathered all its contacts from your computer.
After that, I put together a video at your Masturbation and added videos with child porn.
In my version at its video, u masturbate to sex with kids.
I'm giving u its opportunity to save your life!
Below I will provide u with its address at My bitcoin wallet.
Send me 500 EURO in BTC.
BTC wlt - 1Pdf1QMXH7e9957vhMskAFKQNi79eoa9Rm
(If you don't know what bitcoin / write to buy bitcoin in Google)
You have 24 hours after reading its letter.
As soon as my wallet receives its payment , its system will automatically destroy all its dirt that I made.
If u need more time , open its notebook and write " Plz 48"
In that case , u'll have 48 hours to send me its money.
If after a time, I do not see its money in my wallet .
I'll send my dirt to all your colleagues and friends right away.
I can see everything u're doing on your computer , so don't try to trick me.
If I understand that u're just stalling, I will immediately send dirt on your contacts!
Hurry u have little time, save your life!
Instant automatic removal of possible malware infections:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
- What is "Hello Perv"?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.