The long string of numbers for each program

Hi,

 

I am totally blanking out and what those long string of numbers are, the name of them, and every time you install a program, these numbers are a unique identifier.

 

Also, there used to be (still is ?????) a website, where you can go and put in these  numbers and it would tell you what program was associated with the numbers.

 

A friend had a scammer /hacker on the phone pretending to be from a legit phone company, he was good and seemed official, but then near the end of the conversation, it got wonky and they hung up, but they install a few things to give this guy access to their computer, I believe I removed everything, but there are a couple of folders left with these numbers, and trying to find out where they are on the computer, as the location is coming up blank.

 

They changed the passwords.

 

Thanks any help would be appreciated!

 

 

Hi:

Are you talking about verifying the SHA-256 checksum of a file?

Regardless, if your friend allowed remote access to his/her/their computer, then that system might be compromised.

Rather than worrying about checksums and doing DIY cleanup, your friend might - for starters - want to seek expert help scanning for malware & (if need be) cleaning the computer.

To do that, your friend would start with the instructions here:
https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Then, your friend would start a new topic in the malware removal section here:
https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/


Additional countermeasures may be needed.

Hi,

 

I am totally blanking out and what those long string of numbers are, the name of them, and every time you install a program, these numbers are a unique identifier.

 

Please post a full sample of what you read.

 

Thank you.

 

HI

 

Thank you both for your replies.

 

Here is a screen cap.

 

Thanks again !

 

 

 

 

Edited by Jan2014, 15 September 2024 - 07:42 AM.

Where do you see that? What's to the left of that string?

@Jan2014:

You mentioned that your friend allowed a stranger to remotely access their computer & "install" things.

Under the circumstances, the safest course of action would be to obtain guidance from a trained malware helper to scan the computer and (if need be) clean it of malware, as suggested in Reply #2.

Doing DIY investigation & cleanup is not a good idea.

Respectfully submitted

@Jan2014 the value you shared in your screenshot is formatted as a GUID (Globally Unique IDentifier)

 

GUIDs are commonly used to [among other things] reference program modules and code registered with your system. If you're dealing with potential malware, I wouldn't rely soley on GUID references -- the malware could easily change the module/code for which a GUID references.

Where do you see that? What's to the left of that string?

The white thing to the right of the numbers is a text /notepad icon.

 

Thank you

@Jan2014:

You mentioned that your friend allowed a stranger to remotely access their computer & "install" things.

Under the circumstances, the safest course of action would be to obtain guidance from a trained malware helper to scan the computer and (if need be) clean it of malware, as suggested in Reply #2.

Doing DIY investigation & cleanup is not a good idea.

Respectfully submitted

 

 

I appreciate your feedback and will talk to my friend more about this.

 

Thank you

@Jan2014 the value you shared in your screenshot is formatted as a GUID (Globally Unique IDentifier)

 

GUIDs are commonly used to [among other things] reference program modules and code registered with your system. If you're dealing with potential malware, I wouldn't rely soley on GUID references -- the malware could easily change the module/code for which a GUID references.

 

Thank you

Was this in a registry edit session or elsewhere?

Was this in a registry edit session or elsewhere?

No,

 

It was found  in an empty folder in Documents.

 

 

Thank you

Edited by Jan2014, 16 September 2024 - 09:15 AM.

Desktop.ini file?

Edited by hamluis, 16 September 2024 - 01:42 PM.
Fixed typo - Hamluis.

I am not sure,  its information was all blank.

Edited by Jan2014, 18 September 2024 - 09:53 AM.