Jump to content

Do not trust ElenaQueen!


Njgrizzly

Recommended Posts

Earlier, I needed help setting up the mirror client, and Elena told me to download Teamviewer. 

 

We got into a Teamviewer Session, and all I see is something that says 'File/Data Transfer" and Elena quickly gets rid of that box, and I was like "huh?"

 

Then I get a Trojan warning, and I immediately end the session.

 

I then run Malware Bytes.....

 

https://gyazo.com/575bba8188e3e07f568a737ca19f67c0

 

DO NOT trust ElenaQueen with ANYTHING.

 

Thanks to my girlfriend, my computer is totally safe now, and I changed my passwords. ElenaQueen will likely make another account, but he paid for VIP and possibly a couple scripts, so at least those are wasted if he can't be trusted in trades,etc.

 

 

Edit: Elenaqueen has changed name to h8erswillh8

Edited by Njgrizzly
  • Like 2
Link to comment
Share on other sites

TV is only file transfer thus the user can only add files or remove files from your computer. It's probably too late but what I would have advised or what i would advise for other people if this is to happen to you. 

 

Look at your desktop icons and find what programs they open. From a "friend I know" a tactic is to add an FUD exe to the computer and change the destination of something like a chrome icon on the desktop to open that exe....  If you know your executable is safe follow the rest of the instructions

 

Download 

adware cleaner, emsisoftemergencykit, hitmanpro,malwarebytes, and tdsskiller. These are great for removing viruses and specifically RATS. Make sure you scan as much of your computer as you can.

 

 

Stay up to date with your antivirus programs. FUD exe are bound to be detected after a certain amount of time. If your lucky the host will be lazy and wont update their exe and through time your antivirus software will detect it and remove it.

 

 

Edited by javant
Link to comment
Share on other sites

If this were to happen to me. I would open up wireshark look for open ports. Find that douchebags dns. Call the dns back for the ip that user is using. Call them up report the issue to authorities. If they are using a vpn I would call the service provider up threatening them a lawsuit , get the logs report to authorities 

Link to comment
Share on other sites

The folder created created "dclogs" in "C:\Users\Adam\AppData\Roaming" is used by a RAT that is pretty common. The only thing that I can say is that you were ratted.

If I were you I would still manually check the registery. People encrypt their RAT most of the time and don't think that Malwarebytes has detected the encrypted file. That file could still execute if the reboot your pc.

  • Like 1
Link to comment
Share on other sites

lmao this is ridiclous, this guy right here needed help to open hes "osbot" and then i laughed abit and said how can you not be able to open osbot? he had no idea what the issue was so i tried to find a solution when he could not fix it, i asked if he has a teamviewer. so i went on the teamviewer searched for "jdk 8" on his "yahoo searchbar" if you want proof ask him for hes download logs on hes google chrome. i downloaded the file officaly from http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html. i even asked him which "bit" he had on hes pc, he had no idea and said "i usually use 64" so i downloaded the 64 bit and after that i open up his bot which was sucsesfully then he says "oh my mirror client is the issue" i said hold on i can try fix that one aswell (was busy because i was buying gold) and he said "i brb" and he asked me how to exit teamviewer, so i told him right click and exit lol. after that he went viral and said hes "antivirus" popped up and said there was a virus. after this for like 5 hours he been talking trash.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...