user34015

Ok. I’m a little relieved but I’ll still change the passwords one by one whenever I have time in case they’ve been stolen before I installed Kaspersky av.

Thanks. I did that asap. I still want to find out whether the passwords.txt and others had been stolen already before I installed Kaspersky (if the damage had already been done). If the scans aren’t showing anything, that must mean, I’m not being monitored or something, right?

I've downloaded and tried to install a third party setup.zip. Windows Defender detected Trojans continuously until I rebooted. I permanently deleted the downloaded setup.zip and the corresponding files created/modified in the C drive at the same time the Trojans were detected. I found two folders with long strings in capitals with the same modified/created time that included browsers' (edge and chrome) content (Autofill, CC, Cookies, Downloads, History, Wallets and passwords) in txt files. I moved the two folders and renamed them. Then installed Kaspersky Anti-virus and scanned. The results: All these were pointing to one cache file named: f_002ce3 I deleted all files in the Cache folder and did a full scan. Didn’t find anything. What does this mean? Was the browser data already been received by whoever made the setup.zip file or is it part of a long game? I realize I have no way of knowing but I’ve been worried sick for the past 2 days. What should I do next?

I did find a folder named clamav inside the leftover Immunet folder after uninstallation. I deleted the Immunet folder and I tried reinstalling Kaspersky av, but still detecting the same incompatible software.

Tried RevoUninstaller, still couldn’t find it. If needed, I could send the list of installed programs.