Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strange website showed up on my computer

  • Please log in to reply
2 replies to this topic

#1 pcgirl65


  • Members
  • 1 posts
  • Local time:02:04 AM

Posted 05 December 2017 - 03:05 PM

I have a client who was infected with the Win32/Filecoder.BTCWare payload virus.  They have NOD antivirus working on the PC and it did find it when the screen came up with the message of infection.  I did a virus scan and it removed the virus.  I also ran Malwarebytes and HitmanPro.  Then I used Shadowexplorer to restore the infected files.  Everything seemed to be working fine until today when my client went for lunch and when he came back his chrome browser was up on his desktop and it looked like it was displaying someone's bank profile.  Nobody knows this person and by the looks of the email that is displayed, it looks fake.  Also, my client says that he doesn't use chrome.  So, right now we have disconnected him from the internet and network.  He did another virus scan but it didn't find anything.  Any help would really be appreciated.  He is running Windows 10. I would post a picture of the screenshot but I can't figure out how to upload a picture.


BC AdBot (Login to Remove)



#2 buddy215


  • BC Advisor
  • 12,733 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 06 December 2017 - 06:10 AM

Welcome to BC...


I suggest you have the client start a new topic in the malware removal forum by following the directions below.


Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


DO NOT bump your new topic. Wait for a response from one of the Team Members.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 pcpunk


  • Members
  • 5,382 posts
  • Gender:Male
  • Location:Florida
  • Local time:03:04 AM

Posted 06 December 2017 - 08:39 PM

To add to what buddy215 has said, I would also make sure a scammer doesn't have Remote Access.



I would also look for Remote Access Programs/Software, and go through their settings to make sure there is no Unattended Remote access allowed, or just remove the program all together if the Customer does not use it.  One I see frequently is LogMeIn.  It is a legit program that scammers use often.  It could also be Teamviewer, Citrix or many others.  Maybe this LIST will help you. 


Created by Mike_Walsh


KDE, Ruler of all Distro's



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users