"Your device was infected with my private malware" removal guide
What is "Your device was infected with my private malware"?
"Your device was infected with my private malware" is the name of a spam campaign, a scam that scammers use to trick people into paying them money. They threaten to share a non-existing video with other people if they will receive a certain amount of money in 72 hours. Emails of this type should never be trusted, people who received "Your device was infected with my private malware" or any other email of this kind should ignore it.
The person behind this scam presents himself as a hacker and programmer, he claims that he got access to recipients email. In other words, he has hacked recipient's email account. He also claims that recipient's device is infected with some malware that gave him access to all accounts and allows to control the operating system remotely. He stole some private data and used computer's webcam to record a few videos. According to scammer, these videos were recorded while a recipient was "satisfying himself". He threatens to send these videos to all recipient's contacts, share them on darknet, social networks and so on. To avoid any of this from happening recipients are asked to pay $726 in Bitcoins (other variants of this spam campaign ask to pay in Dash or Monero cryptocurrencies), the money must be transferred in 72 hours after receiving this email. Transaction must be made to the provided BTC wallet address. As we mentioned in the first paragraph, this is just a scam and none of the claims should be taken seriously. Unfortunately, some people are not aware of such scams and still fall for them.
We receive a great deal of feedback from concerned users about this type of email scam. Here is the most popular question we receive (in this case, relating to a scam that claims to have obtained compromising videos or photos of the user):
Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?
A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting the haveibeenpwned website.
|Name||Your device was infected with my private malware|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Scammer claim that he has infected a computer with malware which allowed him to record compromising videos. He threatens to share those videos with other people if he will not be paid on time.|
|Ransom Size||$726/$1200 (the price varies depending on campaign's variant) in Bitcoins|
|Cyber Criminal Cryptowallet Address||14LYbckmC9gKJ6LR1JAWaKSsCojZfURbzH (Bitcoin), 1DKeRSqnY24m6qEBLshJtshhcMjhMmfYot (Bitcoin)|
|Symptoms||Unauthorized online purchases, changed online account passwords, identity theft, illegal access of one's computer.|
|Distribution methods||Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.|
|Damage||Loss of sensitive private information, monetary loss, identity theft.|
To eliminate possible malware infections our malware researchers recommend scanning your computer with Spyhunter.
More examples of similar scams are "ChaosCC hacker group", "The last time you visited a Porn website" and "Hacker who has access to your operating system". Scammers behind these scams might be claiming different things, however, all of them use them to swindle unsuspecting people from their money. Unfortunately, there are many scammers who use similar emails to infect computers with malicious programs. They attach malicious files and hope that recipients will open them. If opened, these files install malware like TrickBot, Hancitor, Emotet, FormBook or other high-risk malicious software.
How do spam campaigns infect computers?
How to avoid installation of malware?
All emails that are received from unknown, suspicious addresses should be crefully analyzed, especially if they contain web links or attachments. If there is a reason to think that an email should not be trusted, then the best option is to leave attached files or presented links unopened. Furthermore, we recommend to download software from official websites and use direct download links. Peer-to-Peer networks like torrent clients, eMule, unofficial websites, third party downloaders, and other tools of this kind should not be trusted. Installed software should be updated software through tools (or functions) that are provided by official software developers. Note, software 'cracking' tools that supposed to bypass paid activation of some program are not legal and often cause installation of some malware. Another useful thing is to use MS Office versions that are later than 2010. They have the "Protected View" mode which prevents malicious files from installing malware. Computers should be scanned for viruses regularly, it is recommended to use reputable anti-virus or ant-spyware programs for that. If you've already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.
Text presented in the "Your device was infected with my private malware" email letter:
Hi, I'm a hacker and programmer, I got access to your account -
Your device was infected with my private malware, because your browser wasn't updated / patched,
in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploitH".
My malware gave me full access to all your accounts, full control over your OS and it was possible for me to spy on you over your webcam.
I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!!
I can publish all your private data everywhere, including the darknet, where the very sick people are and the videos of you,
send them to your contacts, post them on social network and everywhere else!
Only you can prevent me from doing this and only I can help you out, there are no traces left,
as I removed my malware after my job was done and this email(s) has been sent from some hacked server...
The only way to stop me, is to pay exactly 726$ in bitcoin (BTC).
It's a very good offer, compared to all that HORRIBLE **** that will happen if you don't pay!
You can easily buy bitcoin on the next services: paxful, coinbase or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: blockchain com, then receive and send to mine.
My bitcoin wallet is: 14LYbckmC9gKJ6LR1JAWaKSsCojZfURbzH, 1MYJjmYScwmFfthAQNXWb5fhNMRVcAiZd, 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ
Copy and paste it, it's (cAsE-sEnSEtiVE)
You got 72 hours time.
As I got access to this email account, I will know if this email has been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
Please do not reply to this email. The sender's address is automatically generated to ensure that this email is received.
After receiving the payment, I remove all your data and you can life your live in peace like before.
Next time update your browser before browsing the web!
Another variant of "Your Device Was Infected With My Private Malware" email spam campaign:
Text presented within this email:
Subject: You got recorded - ******
Hey, I know your password is: ******
Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".
My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.
I collected all your private data and I was spying on you, I RECORDED (through your webcam) embarrassing moments of you, you know what I mean!
After that I removed my malware to not leave any traces.
I can publish all your private data everywhere and I can send the videos to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are!
Only you can prevent me from doing this and only I can help you out in this situation.
Transfer exactly 1200$ with the current bitcoin (BTC) price to my bitcoin address.
It's a very good offer, compared to all that horrible **** that will happen if I publish everything!
You can easily buy bitcoin here: www.paxful.com, www.coingate.com, www.coinbase.com, or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/, then receive and send to mine.
My bitcoin address is: 1DKeRSqnY24m6qEBLshJtshhcMjhMmfYot
Copy and paste my address, it's (cAsE-sEnSEtiVE)
I give you 3 days time to transfer the bitcoin!
As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!
Instant automatic removal of possible malware infections:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
- What is "Your device was infected with my private malware"?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task, usually it's better to let antivirus or anti-malware programs do it automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here's an example of a suspicious program running on user's computer:
If you checked the list of programs running on your computer, for example using task manager and identified a program that looks suspicious you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run Autoruns.exe file.
In the Autoruns application click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure click the "Refresh" icon.
Check the list provided by Autoruns application and locate the malware file that you want to eliminate.
You should write down it full path and name. Note that some malware hides their process names under legitimate Windows process names. At this stage it's very important to avoid removing system files. After you locate he suspicious program you want to remove right click your mouse over it's name and choose "Delete"
After removing the malware through Autoruns application (this ensures that the malware won't run automatically on the next system startup) you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the file of the malware be sure to remove it.
Reboot your computer in normal mode. Following these steps should help remove any malware from your computer. Note that manual threat removal requires advanced computer skills, it's recommended to leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it's better to avoid getting infected that try to remove malware afterwards. To keep your computer safe be sure to install latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections we recommend scanning it with Spyhunter for Windows.