"This account was recently infected" removal guide
What is "This account was recently infected"?
Scammers distribute "This account was recently infected" scam emails to many people hoping that someone will be tricked. The main purpose is to blackmail people by making claims about having recorded a compromising video that they will proliferate unless they receive the requested payment (in a cryptocurrency). There are many scams of this type, however, this one is somewhat different: rather than containing actual text, it uses an image displaying text. This method is used to bypass spam filters.
The designer of this scam presents himself as a hacker who has supposedly hacked the user's email account. This scammer goes on to claim that he has installed a malicious program into the operating system whilst the recipient was visiting a pornographic website. This malware works as remote access tool (RAT), a keylogger that is capable of monitoring users' computing activity and recording videos using the computer webcam. It is stated that this program allowed the scammer to steal various passwords. The main point of this email is to trick people into believing that the aforementioned RAT was used to record a video while the victim was watching a pornographic video. The scammer claims that a dual-screen video has been created, whereby the recipient, and the video he is watching, can be seen simultaneously. These scammers make threats that they will send these videos to all of the recipient's contacts unless they receive (in this case) $1000 in Bitcoins within 48 hours. A Bitcoin wallet address is also provided. We strongly recommend that you ignore this email. It is simply a scam that should not be trusted. None of the claims are accurate. Your computer is not infected with malware (or a remote access tool) and your email account has not been hacked. This email should be deleted and all similar emails should also be ignored.
|Name||This Account Was Recently Infected Email Scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Symptoms||Unauthorized online purchases, changed online account passwords, identity theft, illegal access of one's computer.|
|Distribution methods||Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.|
|Damage||Loss of sensitive private information, monetary loss, identity theft.|
To eliminate possible malware infections our malware researchers recommend scanning your computer with Spyhunter.
We receive a great deal of feedback from concerned users about this scam email. Here is the most popular question we receive:
Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?
A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting the haveibeenpwned website.
How do spam campaigns infect computers?
Spam campaigns that contain website links or attachments infect computers only when they are opened/executed. For example, if the attached file is an MS Office document, it will demand permission to enable macros commands (in effect, to disable the "Protected View" mode). If the recipients gives permission, this allows the malicious document to download and install a computer infection. Similar rules apply to other attachments: an archive file must be extracted and its contents opened/executed, and so on. In summary, no attachment or link can cause a computer infection unless it is opened.
How to avoid installation of malware?
Carefully study each email received, especially if it contains an attachment or link. These emails are usually presented as official and legitimate but are often irrelevant. If an email seems suspicious or received from an unknown address), do not open it. Furthermore, do not download software using sources such as Peer-to-Peer networks (torrent clients, eMule, and so on), third party downloaders, unofficial websites, and other similar sources. The most secure way is by using official websites (and direct links). Update installed software using implemented functions and tools, and not third party (fake) updaters. Software "cracking" tools cannot be trusted - they are illegal and often used by cyber criminals to proliferate computer infections. To keep your computer safe, have reputable anti-virus or anti-spyware software installed and keep it enabled at all times. If you have already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.
Text presented in the "This account was recently infected" email message:
This account was recently infected! Renew the pswd right this moment!
You probably do not know me me and you really are most probably interested for what reason you are reading this particular email, right?
I am a hacker who exploited your email and system several months ago.
Do not waste your time and try out to msg me or alternatively seek for me, it is definitely not possible, because I forwarded you a letter using YOUR hacked account.
I have developed malware software on the adult yids (porno) site and guess you have enjoyed this website to enjoy it (you realize what I mean).
When you were keeping an eye on videos, your browser began operating as a RDP (Remote Control) that have a keylogger which provided me the ability to access your monitor and camera.
After that, my software program acquired all data.
You entered passcodes on the web services you visited, I caught all of them.
Needless to say, you can change them, or already changed them.
Even so it doesn't matter, my program updates information regularly.
What actually I have done?
I compiled a reserve copy of the device. Of all files and contact lists.
I got a dual-screen movie. The 1st screen displays the film you were watching (you have an interesting preferences, wow...), the second part shows the tape from your webcam.
What do you have to do?
So, in my opinion, 1000 USD is a good amount of money for our little riddle. You will do the deposit by bitcoins (if you don't know this, go searching "how to buy bitcoin" in any search engine).
My bitcoin wallet address:
(It is cAsE sensitive, so just copy and paste it).
You have only 48 hours to make the payment. (I have an exclusive pixel to this letter, and right now I know that you've read this email).
To monitorthe reading of a message and the activity in it, I uses Facebook pixel. Thanks to them. (That which is applied for the authorities can help us.)
If I do not get bitcoins, I shall certainly send your recording to each of your contacts, along with family members, co-workers, etc?
Another variant of this email scam:
Text presented in this variant:
This account was infected! It will be good idea to change your pswd right now!
You do not know anything about me and you really are probably wanting to know for what reason you're getting this particular email, is it right?
I'm hacker who opened your email box and OS a few months ago.
It will be a time wasting to attempt to contact me or alternatively seek for me, in fact it's impossible, because I sent you this message using YOUR hacked account.
I have build in malware to the adult videos (porno) website and guess that you enjoyed this site to have some fun (you realize what I really mean).
Whilst you have been taking a look at movies, your browser began operating as a RDP (Remote Control) that have a keylogger that gave me authority to access your monitor and camera.
Then, my application obtained all information.
You have wrote passcodes on the websites you visited, I intercepted all of them.
Needless to say, you are able modify each of them, or have already changed them.
However it does not matter, my program renews information every time.
What I have done?
I got a backup of the system. Of each file and contacts.
I created a dual-screen movie. The 1st part presents the video that you were watching (you've a good taste, huh...), the second part reveals the movie from your web camera.
What must you do?
So, I think, 1000 USD is basically a inexpensive price for our small secret. You'll make your payment by bitcoins (if you don't understand this, try to find “how to buy bitcoin” in Google).
My bitcoin wallet address:
(It is cAsE sensitive, so just copy and paste it).
You will have 2 days to make the payment. (I put an unique pixel to this letter, and right now I understand that you have read through this email).
To track the reading of a message and the activity in it, I use a Facebook pixel. Thanks to them. (That which an be used for the authorities may help us.)
In case I fail to get bitcoins, I'll undoubtedly offer your video files to all your contacts, including family members, co-workers, and so forth?
Instant automatic removal of possible malware infections:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
- What is "This account was recently infected"?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.