I accidentally downloaded a file that looked like a .Mov video and ran it without thinking. Almost immediately, a console window popped up, executed a command, and then closed. I checked the command it ran, and it seemed suspicious—like it was trying to download something malicious.
I've done scans with Defender and Malwarebytes, both came up clean. I also ran my computer in safe mode and scanned again, but found nothing. However, I noticed my OneDrive had synced some files with an unknown .exe attached to them. I'm not sure if this .exe is related to the malware or not since I couldn't find it on my hard drive after searching. My PC seems to be running fine now, but I'm worried if the malware could still be lurking around. I want to make sure I'm completely safe. Any advice would be greatly appreciated. And please, no lectures about my mistake; I know it was careless! In addition, I signed out of all my accounts and changed my bank login just to be safe.
1 Answer
From what you've described, it sounds like your system might still be compromised. The command that was executed created a folder named "build" in your temp directory and used curl to download a .cmd script. If that script did any nefarious stuff, it's possible that it cleaned up after itself and deleted the folder. You really should check to see if that folder is still there. If you can't find anything, a good move would be to back up your important files and consider reinstalling Windows. It might be the safest way to ensure you’re in the clear, but I get that it can be a hassle to reinstall everything.
I searched my hard drive for install.cmd and it seems to be gone now. Is reinstalling Windows the only option left for me?