I'm in a really tough spot right now. For over two months, I've been dealing with account takeovers, and no matter what I do, the attackers still have access to my important accounts. My Google and Microsoft accounts have been compromised; important emails are mysteriously moved to Spam or Trash without any visible rules or filters set up. My Steam account was stolen and I'm in the process of trying to recover it. On Discord, they still have access even after changing my password and my device list shows no suspicious logins.
I've tried resetting all my passwords multiple times and I've enabled two-factor authentication everywhere, but it hasn't helped. A month ago, I did a complete clean install of Windows, thinking that would be enough, but the malware—identified as MEM:Trojan.Win32.SEPEH.gen—came back after a week. I have checked device logs, and while they mostly show just my current device, the suspicious email activity continues.
I'm desperately seeking advice on how this Trojan can survive a Windows reinstallation. Is it hiding in a backup or hidden partition? How do they manage to control my email without me seeing any active session tokens or rules? What steps can I take to ensure my machine is truly clean and to secure my identity? Changing my email feels like a last resort, but it's becoming overwhelming.
5 Answers
The behavior of the malware sounds pretty typical for that Trojan. It could be doing all sorts of nasty things like stealing data or even running remote processes without your knowledge. Taking a full security measure approach—changing all your passwords, firing up a new VPN, and running a deep malware scan regularly would be a good idea.
Are you logging into Windows with your Microsoft account? Sometimes, that can be a red flag if your account has been compromised. Also, consider if you might have restored your Windows from a backup—malware can be lurking there too!
It sounds like you're in a tough situation. It's crucial to make sure you're doing a complete install via a USB drive instead of the cloud. Deleting all partitions is a must! You should also log out of all accounts from other devices and force them to log off. Use a totally unique password that you haven't used anywhere else, just in case they're using some method to get it back. Double-check that you really deleted all the partitions. That could be the root of the problem here.
Could OneDrive be the issue? If there's an infected file stored there, it might sync back to your PC when you log in. Make sure you check your other devices too. It's possible that malware could be hiding in saved files or attachments from work.
I'd recommend checking if remote access is enabled on your device. If it is, turn that off immediately. A VPN can also help you maintain privacy while you're fixing things up. You might also consider reaching out to support for all your accounts and ensuring they're aware of the breaches.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures