🕷️ Crawler Inspector

- [](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter) [Sign In](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login "Sign In") - [Create Account](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register "Create Account") [](https://www.bleepingcomputer.com/ "Go to community index") - [View New Content](https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=viewNewContent&search_app=forums) - [Forum Rules](https://www.bleepingcomputer.com/forum-rules/) - [BleepingComputer.com](https://www.bleepingcomputer.com/ "Homepage") - [Forums](https://www.bleepingcomputer.com/forums/ "Go to Forums") - [Members](https://www.bleepingcomputer.com/forums/members/ "Go to Members") - [Tutorials](https://www.bleepingcomputer.com/tutorials/ "Computer Tutorials") - [Startup List](https://www.bleepingcomputer.com/startups/ "Startup Database") - [Virus Removal](https://www.bleepingcomputer.com/virus-removal/ "Virus Removal Guides") - [Downloads](https://www.bleepingcomputer.com/download/ "Downloads") - [Uninstall List](https://www.bleepingcomputer.com/uninstall/ "Uninstall List") - [Welcome Guide](https://www.bleepingcomputer.com/welcome-guide/ "Welcome Guide") - [More ](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/) 1. [BleepingComputer Forums](https://www.bleepingcomputer.com/forums/) 2. → [Security](https://www.bleepingcomputer.com/forums/f/79/security/ "Return to Security") 3. → [Anti-Virus, Anti-Malware, and Privacy Software](https://www.bleepingcomputer.com/forums/f/25/anti-virus-anti-malware-and-privacy-software/ "Return to Anti-Virus, Anti-Malware, and Privacy Software") **Javascript Disabled Detected** You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to **BleepingComputer**, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having **no ads** shown anywhere on the site. [**Click here to Register a free account now\!**](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register) or read our [**Welcome Guide**](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/%0Ahttps://www.bleepingcomputer.com/welcome-guide/) to learn how to use this site. **Latest News:** [Apple pushes first Background Security Improvements update to fix WebKit flaw](https://www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/) **Featured Deal:** [One app, every AI model: 1min.AI is now on lifetime deal](https://www.bleepingcomputer.com/offer/deals/one-app-every-ai-model-1minai-is-now-on-lifetime-deal/) **Latest Buyer's Guide:** [Best VPNs in 2025](https://www.bleepingcomputer.com/vpn/guides/best-vpn/)  # Suspected Scam and/or RAT Help needed Started by GWC71 , Mar 04 2026 01:42 PM - Please log in to reply 1 reply to this topic ### [\#1 ](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#entry5844281 "Suspected Scam and/or RAT Help needed: post #1") GWC71 GWC71 -  - Members - 12 posts - OFFLINE - Local time:09:17 PM Posted 04 March 2026 - 01:42 PM Mod: Please delete. Moved to another thread after seeing that this forum is closed About a month ago my desktop pc (Windows 10) must have been hacked. I woke up one morning, noticed that while I was asleep, my browser (chrome) had visited Paypal with several attempted purchases of gift cards or crypto. They had also visited my gmail and moved the paypal log-in confirmation emails etc. to the trash - trying to cover their tracks (but forgot to delete the trash). I immidiately called paypal, none of the purchases were successful but I changed my password and that of my gmail etc. as well. I also updated my chrome browser and ran my installed security programs (RogueKiller, Malwarebytes, SuperAntiSpyware), which found nothing. I did't see any suspiscious activity for several weeks, figured maybe the browser update may have fixed a security hole. Then the other evening I noticed my desktop screensaver had gone off and there was a blue window open on my desktop with the word "Support". I could see a mouse curser moving around, obviously a remote hack. I instantly shut the power off to the pc, unplugged my modem and restarted the pc. While waiting for it to reboot my phone alerted me to email from Paypal (regarding an email password change) and also got a phone text message (2 factor authentication) from paypal with an password reset access code. Once the pc booted, I kept internet off and opened chrome to see if I could get the history. There was evidence of an attempt to access my paypal (unsuccessful) and no evidence of someone messing around in my gmail. After this, I ran those basic av scans and added ESET online scan which identified an old program (utorrent - removed) and a potential trojan (I believe it was part of Microsoft visual ++) Now I just checked a lesser used email account (Not the account from the paypal issues) and found a "ransome note" in my junk folder from "myself" (that lesser used account) from Tuesday, which I can copy and paste here if needed. I'm assuming all of these issues are connected and it sounds serious to me. Is there a way to find and get rid of whatever this is? I'm not tech savy enough to understand anything like this and could really use some help. Thanks\! **Edited by quietman7, 04 March 2026 - 05:40 PM.** - [ Back to top](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#ipboard_body "<img alt=\"Back to top of page button\" src=\"//www.bleepstatic.com/skin_images/bc/post_top.png\"> Back to top") *** ### BC AdBot (Login to Remove) -  - BleepingComputer.com - [Register to remove ads](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register) *** ### [\#2 ](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#entry5844313 "Suspected Scam and/or RAT Help needed: post #2") quietman7 quietman7 -  - Global Moderator - 65,698 posts - OFFLINE - Gender:Male - Location:Virginia, USA - Local time:09:17 PM Posted 04 March 2026 - 05:40 PM From what you describe you are probably dealing with some sort of tech support scam and hacking. You may want to read **[Beware of Phony Emails, Phone Calls, Tech Support Scams](https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3897161)** (Post \#13) for more information about how these scams work. Actual ransomware usually will have **obvious indications** ([signs of infection](https://blog.rsisecurity.com/how-to-identify-signs-of-ransomware-attacks/ "External link") or [signs of ransomware activity](https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-find-ransomware?view=o365-worldwide#check-for-individual-signs-of-ransomware-activity "External link")) that something is wrong...it typically targets and encrypts data files so you cannot open them locally (and on any connected drives at the time of infection), **in most cases it appends an obvious extension** (may be random random or with an id and/or email address) **to the end or beginning** of encrypted filenames, **demands a ransom payment by dropping ransom notes** in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. In rare cases the criminals will send victims an email with the ransom demands as reported [here](https://www.bleepingcomputer.com/news/security/new-agelocker-ransomware-uses-googlers-utility-to-encrypt-files/). If you need individual assistance from our experts with finding/removing a possible malware infection, checking for possible hacking or just need a second opinion, there are advanced tools which can be used to investigate but they **are not permitted in this forum**. If you need such help, please follow the instructions in the **[Malware Removal and Log Section Preparation Guide](https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/)**. After doing that, they should start a new topic and post their **FRST logs** in the [Virus, Trojan, Spyware, and Malware Removal Logs Forum](https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/), **NOT here**, for assistance by the Malware Response Team. If you choose to follow the above instructions, please reply back in this thread with a link to the new topic. The BC Staff . . **[Microsoft MVP Alumni 2023](https://www.credly.com/badges/de45155a-3505-4de9-99bf-949c61b5132f/linked_in?t=rutxb1 "External link")**, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023 **Microsoft MVP Consumer Security 2007-2015** [](https://www.thewindowsclub.com/tips-become-microsoft-mvp-mcc "External link") Member of **[UNITE](https://www.allacronyms.com/UNITE/Unified_Network_of_Instructors_and_Trusted_Eliminators "External link")**, Unified Network of Instructors and Trusted Eliminators [Retired Police Officer, Federal Agent and Coast Guard Chief](https://www.linkedin.com/in/louis-russell-stamm-iii-742486111/ "External link") **If I have been helpful & you'd like to consider a donation, click** [](https://www.paypal.me/quietman7 "External link") - [ Back to top](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#ipboard_body "<img alt=\"Back to top of page button\" src=\"//www.bleepstatic.com/skin_images/bc/post_top.png\"> Back to top") *** *** [Back to Anti-Virus, Anti-Malware, and Privacy Software](https://www.bleepingcomputer.com/forums/f/25/anti-virus-anti-malware-and-privacy-software/) - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=twitter;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Share this link via Twitter") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=digg;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Share this link via Digg") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=delicious;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Share this link via Del.icio.us") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=reddit;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Share this link via Reddit") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=stumble;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Share this link via StumbleUpon") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=print;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Print") - [](https://www.bleepingcomputer.com/forums/index.php?sharelink=download;aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vZm9ydW1zL3QvODE0MTg5L3N1c3BlY3RlZC1zY2FtLWFuZG9yLXJhdC1oZWxwLW5lZWRlZC8,;U3VzcGVjdGVkIFNjYW0gYW5kL29yIFJBVCBIZWxwIG5lZWRlZA,, "Download") #### 2 user(s) are reading this topic 0 members, 2 guests, 0 anonymous users Reply to quoted posts [Clear](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/ "Clear the posts you have selected with MultiQuote") 1. [BleepingComputer Forums](https://www.bleepingcomputer.com/forums/) 2. → [Security](https://www.bleepingcomputer.com/forums/f/79/security/ "Return to Security") 3. → [Anti-Virus, Anti-Malware, and Privacy Software](https://www.bleepingcomputer.com/forums/f/25/anti-virus-anti-malware-and-privacy-software/ "Return to Anti-Virus, Anti-Malware, and Privacy Software") 4. [Privacy Policy](https://www.bleepingcomputer.com/privacy/) 5. [Rules](http://www.bleepingcomputer.com/forum-rules/) · [](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#top "Go to top") -  - [Help](https://www.bleepingcomputer.com/forums/index.php?app=core&module=help "View help") | | |---| | [Advertise](https://www.bleepingcomputer.com/advertise/) \| [About Us](https://www.bleepingcomputer.com/about/) \| [Terms of Use](https://www.bleepingcomputer.com/terms-of-use/) \| [Privacy Policy](https://www.bleepingcomputer.com/privacy/) \| [Sitemap](https://www.bleepingcomputer.com/sitemap/) \| [Chat](https://www.bleepingcomputer.com/forums/t/730914/the-bleepingcomputer-official-discord-chat-server-come-join-the-fun/) \| [RSS Feeds](https://www.bleepingcomputer.com/rss-feeds/) \| [Contact Us](https://www.bleepingcomputer.com/contact/) | | [Tech Support Forums](https://www.bleepingcomputer.com/forums/) \| [Virus Removal Guides](https://www.bleepingcomputer.com/virus-removal/) \| [Downloads](https://www.bleepingcomputer.com/download/) \| [Tutorials](https://www.bleepingcomputer.com/tutorials/) \| [The Computer Glossary](https://www.bleepingcomputer.com/glossary/) \| [Uninstall List](https://www.bleepingcomputer.com/uninstall/) \| [Startups](https://www.bleepingcomputer.com/startups/) | © 2004-2026 All Rights Reserved [**Bleeping Computer LLC**](https://www.bleepingcomputer.com/) . [Site Changelog](https://www.bleepingcomputer.com/changelog/) [Community Forum Software by IP.Board](http://www.invisionpower.com/apps/board/ "Community Forum Software by Invision Power Services")

### [\#1 ](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#entry5844281 "Suspected Scam and/or RAT Help needed: post #1") GWC71 -  - Members - 12 posts - OFFLINE - Local time:09:17 PM Posted 04 March 2026 - 01:42 PM Mod: Please delete. Moved to another thread after seeing that this forum is closed About a month ago my desktop pc (Windows 10) must have been hacked. I woke up one morning, noticed that while I was asleep, my browser (chrome) had visited Paypal with several attempted purchases of gift cards or crypto. They had also visited my gmail and moved the paypal log-in confirmation emails etc. to the trash - trying to cover their tracks (but forgot to delete the trash). I immidiately called paypal, none of the purchases were successful but I changed my password and that of my gmail etc. as well. I also updated my chrome browser and ran my installed security programs (RogueKiller, Malwarebytes, SuperAntiSpyware), which found nothing. I did't see any suspiscious activity for several weeks, figured maybe the browser update may have fixed a security hole. Then the other evening I noticed my desktop screensaver had gone off and there was a blue window open on my desktop with the word "Support". I could see a mouse curser moving around, obviously a remote hack. I instantly shut the power off to the pc, unplugged my modem and restarted the pc. While waiting for it to reboot my phone alerted me to email from Paypal (regarding an email password change) and also got a phone text message (2 factor authentication) from paypal with an password reset access code. Once the pc booted, I kept internet off and opened chrome to see if I could get the history. There was evidence of an attempt to access my paypal (unsuccessful) and no evidence of someone messing around in my gmail. After this, I ran those basic av scans and added ESET online scan which identified an old program (utorrent - removed) and a potential trojan (I believe it was part of Microsoft visual ++) Now I just checked a lesser used email account (Not the account from the paypal issues) and found a "ransome note" in my junk folder from "myself" (that lesser used account) from Tuesday, which I can copy and paste here if needed. I'm assuming all of these issues are connected and it sounds serious to me. Is there a way to find and get rid of whatever this is? I'm not tech savy enough to understand anything like this and could really use some help. Thanks\! **Edited by quietman7, 04 March 2026 - 05:40 PM.** - [ Back to top](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#ipboard_body "<img alt=\"Back to top of page button\" src=\"//www.bleepstatic.com/skin_images/bc/post_top.png\"> Back to top") *** ### BC AdBot (Login to Remove) -  - BleepingComputer.com - [Register to remove ads](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register) *** ### [\#2 ](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#entry5844313 "Suspected Scam and/or RAT Help needed: post #2") quietman7 quietman7 -  - Global Moderator - 65,698 posts - OFFLINE - Gender:Male - Location:Virginia, USA - Local time:09:17 PM Posted 04 March 2026 - 05:40 PM From what you describe you are probably dealing with some sort of tech support scam and hacking. You may want to read **[Beware of Phony Emails, Phone Calls, Tech Support Scams](https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3897161)** (Post \#13) for more information about how these scams work. Actual ransomware usually will have **obvious indications** ([signs of infection](https://blog.rsisecurity.com/how-to-identify-signs-of-ransomware-attacks/ "External link") or [signs of ransomware activity](https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-find-ransomware?view=o365-worldwide#check-for-individual-signs-of-ransomware-activity "External link")) that something is wrong...it typically targets and encrypts data files so you cannot open them locally (and on any connected drives at the time of infection), **in most cases it appends an obvious extension** (may be random random or with an id and/or email address) **to the end or beginning** of encrypted filenames, **demands a ransom payment by dropping ransom notes** in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. In rare cases the criminals will send victims an email with the ransom demands as reported [here](https://www.bleepingcomputer.com/news/security/new-agelocker-ransomware-uses-googlers-utility-to-encrypt-files/). If you need individual assistance from our experts with finding/removing a possible malware infection, checking for possible hacking or just need a second opinion, there are advanced tools which can be used to investigate but they **are not permitted in this forum**. If you need such help, please follow the instructions in the **[Malware Removal and Log Section Preparation Guide](https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/)**. After doing that, they should start a new topic and post their **FRST logs** in the [Virus, Trojan, Spyware, and Malware Removal Logs Forum](https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/), **NOT here**, for assistance by the Malware Response Team. If you choose to follow the above instructions, please reply back in this thread with a link to the new topic. The BC Staff - [ Back to top](https://www.bleepingcomputer.com/forums/t/814189/suspected-scam-andor-rat-help-needed/#ipboard_body "<img alt=\"Back to top of page button\" src=\"//www.bleepstatic.com/skin_images/bc/post_top.png\"> Back to top") ***