Good Sam Community

lbrjet wrote:
Just because anto virus software doesn't find anything (they usually don't) don't assume everything is OK.

x2

Yes you got hacked. Good luck and let is know what you do. Just because anto virus software doesn't find anything (they usually don't) don't assume everything is OK. I would think seriously about replacing the device or at minimum doing a full system restore.

Don't let your mad clicker near your PC ever again.

Use System Restore from Accessories, System Tools menu and roll back your PC to a date prior to opening the attachment. Then perform the usual virus scans.

If you have a clean image back-up of the hard drive prior to the infection, I'd go ahead and restore that image and load thereby wiping out the infected drive data.

A few months ago I got hit with something similar. It messed up my computer so bad, I couldn't save it. I ended up getting a new computer. Fortunate, I've backed everything up for years now and on external hard drive (actually 2 of them), and the only think left on my computer are photos, which I back up new ones about once a month.

So when my computer freaked out, I was able to back up the last photos and then it died!

So, then I got a new computer and it happened almost the same, almost immediately. I ended up reformatting and restoring the system, and was able to finally clean the mess out. Luckily, I hadn't put anything new on the new computer. But ever since, I've not had any problems with the new computer.

It all started when "Microsoft" wanted for force install Windows 10!

What 1492 said, plus some random thoughts:

If there is malware on your computer, any USB device (drvies, printers, camnera, etc) can pick up the malware. If you backed up your files, the malware is on the backup drive also.

Windows restore is a common place for malware to hide. Most AV scans don't look in there or don't do a good job looking in there.

The PUPs are usually benign programs that are either useless trialware or shoddy cracking software. If the OP still has the names of the PUPs he should run them through "hijack this".

It's easy to say "don't click on an email you're not expecting", but a common form of spearphishing is a bogus UPS or Fedex notice. Very tough not to click on that if you're impatiently waiting for a Fedex.

The email is mostly likely nothing or most likely was caught before it did anything. And I would be reassured if the PUPs were all Malwarebytes caught--it is the best MANUAL scanning tool available.

Avast has been having trouble detecting some of the malware also.

You should also advise the friend to do a malware/virus scan.

As a rule, never open an email attachment that you are not specifically expecting from a trusted source. This is how some of the biggest hacks, including the Target breach apparently happened. An employee of a Target contractor opened an email attachment which contained a keylogger rootkit. The malware was subsequently able to capture the contractor's Target login credentials, which allowed hackers a doorway into their corporate servers.

AV would not necessarily stop it as there are so many variants of zero-day malware, and the user essentially gave permission to install it. As an aside, this would likely not have happened if using a non-admin account without install privileges on a PC.

The two most common malicious malware contained in email attachments are keyloggers and ransomware. Both extremely dangerous. With new cryptoware now using a delay tactic before it actually encrypts files and demands a ransom. Both on PC and Macs.

I would do as suggested, and backup all key files. And do not use the computer until it has been thoroughly cleaned by multiple AV applications. Though note that security experts state they would not use any system which has been infected by "known" malware, as they cannot trust malware has been completely removed. Especially, where rootkits are involved.

Best practices would be to thoroughly wipe the drive and reinstall from a clean system image.

Malwarebytes will clean your computer. Make certain you update your version or download the latest version.

You'll then be good to go.

https://www.malwarebytes.org/

might also be scareware. i just fixed a friends computer hit with one of these.

see http://www.kadansky.com/files/newsletters/2015/2015_08_31.html
fir example of scareware

Let's see if your AV program is working. I think your email program should have warned you. Gmail does. It should have marked it spam.