"Your device was infected with my private malware" removal guide
What is "Your device was infected with my private malware"?
"Your device was infected with my private malware" is the name of a spam campaign, a scam that criminals use to trick people into paying a ransom. They threaten to share a non-existent video with other parties unless they receive a specific sum within 72 hours. Never trust these emails. If you receive "Your device was infected with my private malware" or other similar emails, you should ignore them.
The person behind this scam is supposedly a hacker and programmer. The criminal claims to have gained access to the recipient's email account via hacking. It is also claimed that the recipient's device was infected with malware, which gave access to all accounts and allowed control of the operating system remotely. Private data was allegedly stolen and the computer webcam used to record some videos. According to the scammer, these videos were recorded whilst the recipient was "satisfying himself". A threat is made to send these videos to the recipient's contacts, share them on darknet, social networks, and so on. To avoid this, recipients are asked to pay $726 in Bitcoins (other variants of this spam campaign ask for payment in Dash or Monero cryptocurrencies). It is stated that the money must be transferred within 72 hours of receiving the email and that the transaction be made to the BTC wallet address provided. As mentioned, this is merely a scam, and none of the claims should be taken seriously. Unfortunately, some people are not aware of these scams and fall for them.
We receive a great deal of feedback from concerned users about this type of email scam. Here is the most popular question we receive (in this case, relating to a scam that claims to have obtained compromising videos or photos of the user):
Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?
A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting the haveibeenpwned website.
|Name||Your device was infected with my private malware.|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Scammer claims that the computer has been infected with malware, which allowed the recording of compromising videos. The scammer threatens to share the videos with other parties unless a ransom is paid within a specific time-frame.|
|Ransom Size||$726/$1200 in Bitcoins (the ransom varies depending on the campaign variant).|
|Cyber Criminal Cryptowallet Address||14LYbckmC9gKJ6LR1JAWaKSsCojZfURbzH (Bitcoin), 1DKeRSqnY24m6qEBLshJtshhcMjhMmfYot (Bitcoin)|
|Symptoms||Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer.|
|Distribution methods||Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.|
|Damage||Loss of sensitive private information, monetary loss, identity theft.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Malwarebytes.
More examples of similar scams are "ChaosCC hacker group", "The last time you visited a Porn website", and "Hacker who has access to your operating system". Criminals behind these scams might make different claims, however, all use them to extort money from unsuspecting people. Unfortunately, many scammers use similar emails to infect computers with malicious programs. They attach malicious files and hope that recipients open them. If opened, these files install malware such as TrickBot, Hancitor, Emotet, FormBook, and other high-risk malicious software.
How do spam campaigns infect computers?
How to avoid installation of malware
Study all emails received from unknown, suspicious addresses, especially if they contain web links or attachments. If you believe an email should not be trusted, the best option is to leave attached files or presented links unopened. Download software from official websites and use direct download links. Peer-to-Peer networks such as torrent clients, eMule, unofficial websites, third party downloaders, and other tools of this kind should not be trusted. Installed software should be updated software through tools or functions provided by official software developers. Note that software 'cracking' tools, which supposedly bypass paid activation of programs, are illegal and often cause installation of malware. Use MS Office versions later than 2010. These have "Protected View" mode, which prevents malicious files from installing malware. Computers should be scanned for viruses regularly using reputable anti-virus or anti-spyware programs. If you have already opened malicious attachments, we recommend running a scan with Malwarebytes for Windows to automatically eliminate infiltrated malware.
Text presented in the "Your device was infected with my private malware" email message:
Hi, I'm a hacker and programmer, I got access to your account -
Your device was infected with my private malware, because your browser wasn't updated / patched,
in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploitH".
My malware gave me full access to all your accounts, full control over your OS and it was possible for me to spy on you over your webcam.
I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!!
I can publish all your private data everywhere, including the darknet, where the very sick people are and the videos of you,
send them to your contacts, post them on social network and everywhere else!
Only you can prevent me from doing this and only I can help you out, there are no traces left,
as I removed my malware after my job was done and this email(s) has been sent from some hacked server...
The only way to stop me, is to pay exactly 726$ in bitcoin (BTC).
It's a very good offer, compared to all that HORRIBLE **** that will happen if you don't pay!
You can easily buy bitcoin on the next services: paxful, coinbase or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: blockchain com, then receive and send to mine.
My bitcoin wallet is: 14LYbckmC9gKJ6LR1JAWaKSsCojZfURbzH, 1MYJjmYScwmFfthAQNXWb5fhNMRVcAiZd, 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ
Copy and paste it, it's (cAsE-sEnSEtiVE)
You got 72 hours time.
As I got access to this email account, I will know if this email has been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
Please do not reply to this email. The sender's address is automatically generated to ensure that this email is received.
After receiving the payment, I remove all your data and you can life your live in peace like before.
Next time update your browser before browsing the web!
Another variant of "Your Device Was Infected With My Private Malware" spam email campaign:
Text presented within this email:
Subject: You got recorded - ******
Hey, I know your password is: ******
Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".
My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.
I collected all your private data and I was spying on you, I RECORDED (through your webcam) embarrassing moments of you, you know what I mean!
After that I removed my malware to not leave any traces.
I can publish all your private data everywhere and I can send the videos to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are!
Only you can prevent me from doing this and only I can help you out in this situation.
Transfer exactly 1200$ with the current bitcoin (BTC) price to my bitcoin address.
It's a very good offer, compared to all that horrible **** that will happen if I publish everything!
You can easily buy bitcoin here: www.paxful.com, www.coingate.com, www.coinbase.com, or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/, then receive and send to mine.
My bitcoin address is: 1DKeRSqnY24m6qEBLshJtshhcMjhMmfYot
Copy and paste my address, it's (cAsE-sEnSEtiVE)
I give you 3 days time to transfer the bitcoin!
As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Your device was infected with my private malware"?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - it is usually best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Malwarebytes for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Malwarebytes for Windows.
the money must be transferred in 72 hours after receiving this email. Transaction must be made to the provided BTC wallet address. As we mentioned in the first paragraph, this is just a scam and none of the claims should be taken seriously. Unfortunately, some people are not aware of such scams and still fall for them.