Page 1 of 1

Facebook Account Changed To Lily Collins From Fake ChatGPT Windows Software App

Posted: Tue Feb 28, 2023 5:01 pm
by darknkreepy3#
So randomly my Facebook was changed to "Lily Collins" as my username, her picture was on my profile and banner, and I had 4 offenses from Facebook, which was weird because I was in Meta Horizon Worlds building a Fallout VR world for 4 hours. At first I thought it was some creeper hacker I met in there that was crazy (there's a LOT of crazy in Meta Horizon Worlds, beware)...

This was the "user name" on 02/28/2023 that was added as a new friend into my personal account, which when I quickly gained my account back I instantly viewed and deleted it and the fake new page for LILY COLLINS the hacker added
[gonzalez arnel]

[see at the bottom of this posting how to find and remove the fake ChatGPT windows infection]

Alas, no, it was some fake ChatGPT Windows App aka software I downloaded. I noticed a lot of strange things, including after removing the software a fake ChatGPTSupport.exe was (and is as I am writing) in this folder:

C:\Users\********\AppData\Local\Programs\vbloks\resources\resource

ChatGPTSupport.exe
details, Jode.js javascript runtime
16.16.0.0
Node.js
136MB
modified 02/22/2023 9:46am
original filename: node.exe

I noticed my account needed verification via an sms text but I thought... ok, maybe I ran CCLEANER and it wiped things out. Maybe when I reset my router... ironically for security it triggered something (definitely did maybe as a side shoot). Then suddenly I was kicked out of my oculus (meta) headset VR session and I instantly saw my facebook was "LILY COLLINS". Lol. Why?

*note in 2013 lily collins was the most dangerous person to look for on the web, the highest amount of infections trojaned in different ways to her really hit the web and users hard. 10 years later... here we are.

Many people have been infected and affected by this. I had to go in quickly to my facebook and change my password as soon as it happened. I was lucky enough to instantly catch it. Just in case I changed my passwords for my email, dropbox, and even my pc user account just in case.

As I was changing my facebook account password I noticed the hackers were trying to use that "submit a photo ID" to change my account. They probably were photoshopping the best fake ID they could but I was too fast for them.

my name changed to LILY COLLINS
facebook said I violated something in their TOC
the hackers also made my profile and banner images of Lily Collins
A new "friend" was added to my account
A new page was added to my account (also Lily Collins)

Here is how I fixed my facebook account and got right back in:
1. Chanced my password as in "lost password" in facebook.
2. https://www.facebook.com/help/203305893040179 started here to fix my account with fb.
3. got verified with my 2FA phone verification.
4. fixed my name in facebook https://www.facebook.com/help/173909489329079 (use last used name etc)
5. removed the new, fake friend that was added
6. removed the new, fake page my profile made for "Lily Collins"

Deleting that face Lily Collins Page among the actual pages I made in my facebook profile:
https://www.facebook.com/help/135275340 ... ef=hc_fnav


=====removing the chatgpt infection===== (02/28/2023)
This website where the offending fake chatgpt installer is now down, but there maybe be another in some other app etc out there
https://chatgptforpc.com/ is now dead X_X. Just a week later. Gone. 10)% the culprit.

Download CCLEANER to help you (make sure to DECLINE any software offers that are on each page of the install)
FREE DOWNLOAD green button version
https://www.ccleaner.com/ccleaner/download

Look for this app that starts with ccleaner in the TOOLS>STARTUP tab, and right click and delete this startup option
electron.app.ChatGPT For Windows

Yes HKCU:Run electron.app.ChatGPT For Windows Node.js C:\Users\neo\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe --processStart "ChatGPT For Windows.exe" --process-start-args "--hidden"

open Task Manager with CRTL+SHIFT+ESC and then look at the top for the DETAILS tab and click on it. Look for this app ChatGPTSupport.exe" and ti should say "Running" as it's Status.

Right click that and choose END TASK.

Open up Windows Explorer and delete that file now. (********) below is your windows user name, open Users and look for your user.
In fact, just delete the entire folder and children from VBLOKS by just clicking on that folder and pressing DEL on your keyboard.
C:\Users\********\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe

Restart your pc. :)

=====offending malware website whois.com info=====
Domain Name: chatgptforpc.com
Registry Domain ID: 2760757323_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.onlinenic.com
Registrar URL: http://www.onlinenic.com
Updated Date: 2023-02-24T04:00:00Z
Creation Date: 2023-02-24T04:00:00Z
Registrar Registration Expiration Date: 2024-02-24T04:00:00Z
Registrar: Onlinenic Inc
Registrar IANA ID: 82
Registrar Abuse Contact Email: email@onlinenic.com
Registrar Abuse Contact Phone: +1.5107698492
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: Not Available From Registry
Registrant Name: David Ma
Registrant Organization: David Ma
Registrant Street: 12sd
Registrant City: La vernia
Registrant State/Province: Texas
Registrant Postal Code: 123234
Registrant Country: US
Registrant Phone: +1.8307797682
Registrant Phone Ext:
Registrant Fax: +1.8307797682
Registrant Fax Ext:
Registrant Email: email@outlook.com
Registry Admin ID: Not Available From Registry
Admin Name: David Ma
Admin Organization: David Ma
Admin Street: 12sd
Admin City: La vernia
Admin State/Province: Texas
Admin Postal Code: 123234
Admin Country: US
Admin Phone: +1.8307797682
Admin Phone Ext:
Admin Fax: +1.8307797682
Admin Fax Ext:
Admin Email: email@outlook.com
Registry Tech ID: Not Available From Registry
Tech Name: David Ma
Tech Organization: David Ma
Tech Street: 12sd
Tech City: La vernia
Tech State/Province: Texas
Tech Postal Code: 123234
Tech Country: US
Tech Phone: +1.8307797682
Tech Phone Ext:
Tech Fax: +1.8307797682
Tech Fax Ext:
Tech Email: email@outlook.com
Name Server: heidi.ns.cloudflare.com
Name Server: terin.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-02-24T04:00:00Z <<<