So you wake up one winter morning and notice a friend request with a message «hi! I’m starting a new project, and your friend Sam has recommended you, check the details here : *weird file*».
Bet you click it, and bet you won’t notice anything suspicious happening, but meanwhile, your laptop is getting slower and slower.
What actually happened
Someone has likely sent you an *.SCR file.
Usually *.SCR extension files are found in Windows and contain scripts which change the PC configuration (keylogger, password stealers, screensavers, etc). They are indeed dangerous since they are able to create a heat map that will actually record your keyboard activity and record any kind of credentials you type and send them to the person who created the file.
SCR files in crypto
Historically, mostly the DOTA fans have been aware of the danger of *.SCR files. However, with the emergence of crypto, the scam has spread further. A person, let’s call them “kamikaze” (as they’re banned immediately), sends a link with the name “TOP-10-COINS-TO-INVEST-DECEMBER-2018.scr” to a Telegram group, or another channel of communication.
The naive crypto enthusiast downloads the file and opens it, hoping that this generous person is sharing with them the secret of wealth.
Spoiler alert: no one will ever share valuable information on how to get rich without hidden personal gain
How to stay protected
- Never open any attachment or media file if it comes from an unknown source.
- Buy and install strong antivirus software which contains anti-malware and security properties (once again there is no such thing as a free lunch!)
To remove it
- Check the windows taskbar -> Processes tab -> find screensaver.scr (one of the most popular targets) and click End Process
- Open your file explorer and search for any .scr extension files, if you find any — delete them.
- If you are still experiencing the same issue download AdwCleaner Run and run the software. An AV and Adwcleaner tool will usually remove the root files of any SCR creation.
- Run a full scan twice to make sure it has been successfully removed.
Don’t be upset if something like this has happened to you: scams like this occur to every third person because we often click before we think! Learn from your own and other’s mistakes. We should all be more hack-aware these days.
P.S. If you’ve ever experienced scams like that or simply want to talk about crypto, blockchain, and your holidays. Join our chat!