A Trojan Horse inside the computer is an issue that must be addressed immediately, or else the affects of the attack on the system and on the user’s privacy can be dreadful. You have certainly heard all kinds of scary stories about malware programs spying on their victims through their webcams, and taking screencaps of their screens – well, although not all Trojans do that, we are here to tell you that these aren’t just some made up scenarios that people tell their kids in order to keep them away from gambling and adult sites. A Trojan infection can indeed gain access to many aspects of your system without you even knowing it, which is why you must be well prepared to deal with this kind of viruses in order to prevent them from messing with your virtual security.
In the current post, “Save Yourself” is the malware threat that we wish to mainly focus on – it is a new Trojan and not everything is known about it yet. Nevertheless, there are some things that we can tell you about this infection, and we may also be able to help you with its removal in case “Save Yourself” is currently inside your computer.
Trojans seek to gain elevated privileges in the attacked computers
This is a typical trait of viruses of this type, and it is something that largely defines their capabilities as a whole. A Trojan would normally try to gain the same rights in the attacked system as the machine’s Admin. By doing so, the malware program could then download, install and modify software, delete and modify the personal files of the user, start new processes and end old ones, change Registry entries, and much more. With such extensive access, a malicious program like “Save Yourself” could really cause some very serious issues to the user. What such a Trojan would do in any particular case, however, may oftentimes remain unclear for quite some time. In many cases, it is rather difficult to tell what the Trojan may be after – personal espionage, banking frauds, adding the attacked computer to its botnet of infected machines or something else. We can keep giving you more and more examples about the potential uses of a given Trojan, but this article is too short to go over all the possibilities. Also, since “Save Yourself” is such a new infection, there isn’t enough information yet to determine what its exact end goal is. The one sure thing is that the timely removal of the infection is essential, and we can help you complete it.
Here is the the Save Yourself Email scam message:
Hi, I’m a hacker and programmer, I know one of your password is: Your computer was infected with my private malware, because your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”. My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible for me to spy on you over your webcam. I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!! I can publish all your private data everywhere, including the darknet, where the very sick people are and the videos of you, send them to your contacts, post them on social network and everywhere else!
The removal of Save Yourself Email Scam – we can help you with it!
We have tried to create a sensible and easy to follow guide with manual steps that will help you find the malicious data related to the Trojan in your computer and remove it. However, since the guide may not always allow you to eliminate everything, you are advised to combine the manual removal steps with the removal tool that you will find linked in the current page – it is a professional and reliable anti-malware solution that can assist you with the deletion of the Trojan and could also help you with the future protection of your machine.
Source: Howtoremove.guide’s Save Yourself Email
“Save Yourself” Email Scam Removal
Sidenote: Readers of this guide are advised to bookmark this page or have it opened on another device since it is possible that they will need to close the browser at a some point during the tie they are completing the following steps.
The first thing that needs to be done prior to anything else is that you boot your PC into Safe Mode. If you are not sure how to do it, use this link to a guide on how to enter Safe Mode.
Press Ctrl + Shift + Esc to open the Task Manager. Go to the Processes section and look for any suspicious-looking processes. Usually, malware processes use high amounts of RAM and CPU and also have shady description (or none at all). Right-click on those processes and select Open File Location. If you are sure that the process is coming from the virus, delete everything in the file location. Also, right-click on the process again and then select End Process.
Press Winkey + R and type appwiz.cpl. Press Enter and in the newly opened window look for any shady program installs. Right-click on the suspicious programs and select uninstall. Follow the prompts to uninstall the sketchy application.
Open the Run window again (Winkey + R), type msconfig and hit Enter. Go to the Startup section and from the list of programs, uncheck everything that seems shady or has an unknown or suspicious-looking manufacturer. Click on OK. On Windows 10, the startup programs list is in the Task Manager.
Open the Start Menu and paste the following line in the search bar: notepad %windir%/system32/Drivers/etc/hosts. Click on the first result that gets displayed. A notepad file should open, look at the bottom of the text and see if there are any IP addresses below localhost. Write to us in the comments if you saw anything there.
Type regedit in the Run search bar and hit Enter. When the Registry Editor opens, press Ctrl + F, type the name of the virus and select Find Next. If anything gets found, right-click on it and select Delete. Do this for all search results.
Additionally, manually navigate to the following directories and see if they have any folders/keys that look shady (with a lot of random numbers and letters):
- HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
- HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
- HKEY_CURRENT_USER > Software > Any other random directory
Delete everything that looks suspicious. If you are not sure whether to delete something, be sure to ask us in the comments.