Is it possible to make sure all traces of a malware infection have been removed from my PC?

You're welcome. :)

Have a great day!

Ravi

"Is it possible to make sure all traces of a malware infection have been removed from my PC?"

The truth is: The only way to be 100% certain is to format your hard drive and reinstall everything from scratch.

Just because you don't see any manifestations of malware, that doesn't necessarily mean that it's gone.

Most people are simply unaware of how brilliant and crafty today's malware writers are. In fact, today, malware is an entire industry, with consultants, engineers, marketing departments, accountants, interface designers, researchers and lawyers (can't leave out the lawyers.)

Will these sophisticated people come after your computer? It's not likely. No offense but, you're not that interesting to them. You would have to be someone famous, or wealthy, or known to carry government secrets to attract their attention. However, it is possible that your computer was unintentional collateral damage in a much larger attack. Or it's possible that your computer was targeted by amateurs who bought a malware kit on the dark web.

So what do you do now? I don't mean to scare you, but what you do now depends on how you feel about this. You're probably fine and don't have to worry. If you want to go that way, just be wary of signs that something isn't right. For example, you see unauthorized charges on your credit card, or you start receiving angry emails from people you don't know. Or suddenly, out of the blue, your computer starts working very hard and/or you see hundreds of files being created on your hard drive.

Hello, apologies if this isn't the correct place to be asking this, but my question is basically the title; To make a long story short, a friend of mine had their email account compromised, and I, being unaware of this ended up downloading some malicious files I thought were part of a project we were working on (Quite stupid of me in in hindsight I know)

As a result, hackers put malware onto my PC that at minimum managed to get all the passwords I had saved to my browser (Thankfully to nothing critically important) Presumably my PC PIN which would be needed to access them, and who knows what else. (They messaged me with proof demanding bitcoin in return for removing the malware and not releasing all the information they had managed to get, which I never responded too.)

Mattie,

In truth, based on your description and especially your second paragraph, I suspect you've already gone further than your need to protect yourself, since your description sounds suspiciously like the literally millions of similar "sextortion" scams we see examples of here daily.

I've underlined the portions of your second paragraph that led me to this conclusion, and note that you've likely left out the part about pornography and your interest in it, since this is often results in the intended effect of making the victim of the scam less likely to post questions about it in open forums like this one, but in reality everyone here already knows nearly this entire message is fake, since along with me we've virtually all gotten one or even several similar scam emails in at least our Junk email folder as well.

The following article is one of the better descriptions of these scam emails from versions circulating in 2020, though the only thing major that's typically changed since then is the addition of multiple passwords collected from the victim's machine, typically using a well-known trojan executable they either mistakenly downloaded from a risky gaming website with cracks and mods or got in some other way, which sounds quite familiar to your own false download from a friend doesn't it?

Sextortion scammers still shilling with stolen passwords

As for the true requirements to protect yourself after such a partial breach of passwords and extortion, you've already taken care of at least the most important acts of removing detected malware (likely the password-stealing trojan, that's also sometimes capable of grabbing a screen shot of your device to provided added 'proof' they've got complete access to your device, which they don't.) as well as changing your most critical passwords you know they've collected.

As for the other possible methods of extensively cleaning your device, you should see from my description that these really aren't necessary, since the more capable malicious software they claim to have installed doesn't truly exist, nor do they have the video or other supposed evidence they claim, or they could simply have included screen shot of that with the email to ensure your compliance.

If my description and the much more complete version provided in that article I linked seem to fit, then even if it's not a close match, you can use the method the article suggests to search for a portion of the text in your own copy of the email, along with the word 'scam' and possibly 'sextortion', which is how I found the article above along with dozens of others like it. You'll likely find a version nearly identical to your own with at least the Bitcoin address and possibly a bit of the other wording slightly different, since these change daily as more and more scammers create their own versions to make them appear different and thus potentially seem true.

So as the article suggests, sit back and think about all of this for a few minutes without the fear the fake deadline the scammer included in his message, typically 48 hours, has caused you and learn how scammers use all of these well-known, common tricks to get you to do their bidding, or as in your case start down a road of wasting time doing things you don't truly need to do.

Rob

< EDIT > BTW, forgot to mention that it's highly unlikely the scammers could have gotten access to your Windows Hello PIN, since that's stored in a completely different encrypted location in your TPM on your device, and managed in a way that doesn't allow it to be grabbed as it's typed by the same trojan malware that possibly got those stored in your password manager, since it's easy to get those when the trojan is already installed on your device and able to monitor everything you type or collect anything already stored on your device simply because it inherently has the same access to your machine as you do.

This is another of the simple, basic facts of how computers work that typical consumers don't know, and the scammers abuse to make them thing they've got far more access to your system than they truly do. Works well, doesn't it?

Hello Ravi,

Thanks for the lovely response, and the information about doing a clean install, I'll definitively be looking into it. <3

Hey Mattie!

My name is Ravi, and I am an independent advisor. I am happy to help you. :)

I understand you're concerned about having some malicious code on your PC.

I see you have already done a reset and changed the PIN. Usually, a reset is enough after deleting malware that's found using Malwarebytes. However, if you're still concerned, the best option is to backup your data to an external drive and do a clean Windows installation.

https://www.microsoft.com/en-us/windowsinsider/...

I would also suggest you enable two-step authentication for your Microsoft account. https://support.microsoft.com/en-us/account-bil...

Feel free to get in touch again if you have any additional questions.

Cheers,

Ravi