I was browsing online when I clicked a few links from Google, and one of them led me to what looked like a Cloudflare captcha. It prompted me to press Windows + R and run a Powershell command that had auto-copied to my clipboard. Feeling a bit tired and naive, I executed the command without a second thought, which installed a program called Crysta_X64.exe on my computer. I've already deleted it and run Malwarebytes, but I'm still feeling uneasy. What should I do next?
3 Answers
Reinstalling Windows and changing all your passwords is a solid plan. Just to clarify, what you did was command your computer to download and execute something without confirming what it was. That command you ran bypassed several safety measures, and the encoded part was likely malicious. Stay safe out there!
If you think you might have malware, the best move is to back up your data and then reinstall Windows using a USB stick. After that, change all your passwords—make sure they’re unique—and enable two-factor authentication where possible. And definitely stop running suspicious scripts from the internet!
Whenever a website tells you to run something from cmd or PowerShell, it's a huge red flag that you’re on a malicious site. These can install viruses or worse, like keyloggers to steal your passwords or turn your machine into a bot for other bad stuff. It’s a risky move to comply with those kinds of requests.
It seems obvious now, but I was so used to annoying captchas that I didn’t even think twice before hitting enter.
But how would they know if you're human? We can't make it too easy for them!