Scam tentative

Hi,

I've suffered from a breach of security bound to my microsoft account. This account was inactive but they succeeded somehow to "push" a trojan to my PC. I'm not really sure how it worked, there are different possibilities.
I secured everything and did a clean install of windows. However, when I was in trouble BitDefender didn't detected anything. It found the trojan after I did a deep scan.

I really wonder where this thing comes from as I don't have a drive I:\.
If anybody could tell me more about Gen:Heur.Crifi.20 as well so I can understand how to improve the security of my devives and account.

The scammers sent me some draft messages and went dramatic until they asked for bitcoin. I never used or experienced crypto so I wouldn't be able to pay anything from the get go. They applied pressure as they probably have seen some marketing ads emails in my inbox about crypto so they were really pushy.
During the process, they attached 3rd parties tools to my account like Thunderbird.
So if anybody encountered the issue, deactivate everything, unplug from internet and used another device to change your password.

Find more posts tagged with

Comments

Flexx

https://community.bitdefender.com/en/discussion/103324/scam-tentative

Understanding Gen:Heur.Crifi.20 Detection

This is a heuristic-based detection, meaning Bitdefender flagged the file as suspicious based on its behavior, not a known signature.
This type of detection is often associated with trojans capable of:
- Stealing credentials.
- Installing keyloggers.
- Acting as backdoors.
The reference to a non-existent "I:" drive suggests the malware might have been:
- Emulating an external storage device, possibly using a virtual drive technique.
- Attempting to create or access a virtual drive.
- Attempting to access a network drive assigned the letter "I:".
Given that this was a generic heuristic alert, the "I:" reference may not be specific to your situation.

Steps to Improve Security After a Clean Install

Having performed a clean install, here are additional precautions to enhance your security:
- Secure your Microsoft account:
  - Change your password to a unique, lengthy passphrase.
  - Enable Multi-Factor Authentication (MFA), preferably via an authenticator app rather than SMS.
  - Review your account activity on Microsoft’s Security Page to identify any suspicious sign-ins.
- Revoke access for any suspicious applications:
  - Navigate to your Microsoft Account > Security > Manage App Permissions.
  - Remove access for Thunderbird or any unknown third-party applications.

For more information, kindly contact Bitdefender support by visiting https://www.bitdefender.com/consumer/support/help/

Select, How to's & Troubleshooting Bitdefender products→Troubleshooting→I don't know→Contact Support→ You will get the option of chat, call or email.

To get immediate update, make use of the chat option. Bitdefender support may require logs and will assist you in generating them.

Also, ensure you do not have any ad-blocker or privacy-blocker extensions enabled, as they might prevent the chat window from appearing.

Regards

Mkao

Thank you Flexx for the additional information.

I proceeded with all the recommendations you provided.
I have another question about BitDefender. I looked at the custom scan option and BitDefender is detecting an I:\ drive. I'm currently on a fresh installed windows.

I can't see anywhere a I: drive on my disk management and when I plug an external device like an USB key it boots up as J:\.
I'm wondering if it's something from BitDefender as I can't see that letter assignement anywhere else or if it's anything else.

Flexx

https://community.bitdefender.com/en/discussion/comment/350548#Comment_350548

The following information has been collected from the internet:

If Bitdefender is detecting an I: drive, but you don’t see it in Disk Management, it could be due to:

A virtual or temporary drive created by Bitdefender during scans.
A leftover network or mapped drive from a previous setup.
A minor display bug in Bitdefender’s interface.

To check if Windows recognizes it, try:

Running diskpart > list volume in Command Prompt (Admin).
Checking File Explorer with "Show Hidden Files" enabled.
Running net use to see if it's a mapped network drive.

Since you’re on a fresh install, it's unlikely to be malware. If everything else works fine, it’s probably just a harmless glitch.

For more information, kindly contact Bitdefender Support, as mentioned in the comment above. They should be able to provide further insights regarding the detected I: drive.

Regards

Mkao

Okay! Thank you!

https://community.bitdefender.com/en/discussion/comment/350550#Comment_350550

Flexx

Since the issue has been resolved, this post is now closed to further comments.

Regards