I clicked on a link in an email saying someone in hong kong bought something off our apple account on iTunes said and to press it if it wasn't us, so stupidly did. By the way there were 2 purchases we did not make.
The email contained about four lines yet the size was 1,591 kb with 455 pages found in the message source file.
I had to enter the password for the account but only got a picture of the page which was not operational. I looked at the email and all the misspellings so tried to find the message source on google - eservicesuport@acountinclogin.onmicrosoft.com
didn't find it.
looked at location of the link I pressed - "already-inclink.com/conect.php" - didn't come up on google and no longer functioning.
I searched my computer for today's date to look for evidence and found 12.4 MB folder named "eav_logs" hidden in documents with matching time.
It contains folders on windows, eset, configuration and more files, e.g. metadata, info.xml, much much more
There are three computers on the network and all have the same relevant HIPS log under 2000 pages.
I don't know what has been done or what info they have besides apple password for iTunes. I found purchases we did not make on iTunes.
I don't know if they can follow our keystrokes.
i'm trying to put all computer files on external hard drive before using fixes.
can I shut down computer pressing start button to avoid further problems?? can I use restore to previous date to remedy?
I deleted the "eav_logs" folder and put it on a zip drive for reference and sent the email to spam server, deleted emails off computers and server but kept a copy of eml file for referenceYour Apple ID has been used to buy '' black gold ''.emlYour Apple ID has been used to buy '' black gold ''.eml.
did deep scan of one computer so far and no threats found.
I need to know how to proceed or where to post this or who to contact at ESET.