This page aims to help you remove any malware that may have been installed by the Save Yourself Email hacker scam. Our removal instructions work for every version of Windows.
If you have received a suspicious e-mail, in which the sender claims that they have secretly gained access to your system and personal information, and that they have installed a Trojan in your computer, then you are likely yet another victim of the “Save Yourself” email hacker scam. The whole purpose of this scam is to extort money from the targeted users through blackmail harassment. If you are scared there is a Trojan in your computer, know there probably isn’t. Still, to be safe, the guide below this article will give you some instructions on how to check your system for hidden threats and remove them.
In the case of “Save Yourself Email” hacker scam you are dealing with an elaborate sextortion spam. While these are all scams it is entirely possible that you have some kind of malware inside your device that prompted such emails to appear inside your email inbox.
The Save Yourself Email
Though the specific text written in the blackmailing message may vary, here is the general premise of this scamming scheme:
An online crook sends an e-mail message to their victim. In the letter, it is stated that the user’s computer has been compromised by a Trojan Horse inside the machine, which has allowed the cyber criminal to gain access to sensitive personal information, and/or to capture embarrassing videos or photos of their victim. The user is threatened that the acquired personal information will be sent to everyone from the victim’s contacts list. According to the blackmailers, the only way to prevent this from happening is if the victim sends them money. Typically, the money needs to be paid in the BitCoin currency and sent to the scammer’s BitCoin wallet.
Here is the the Save Yourself Email scam message:
Hi, I’m a hacker and programmer, I know one of your password is: Your computer was infected with my private malware, because your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”. My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible for me to spy on you over your webcam. I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!! I can publish all your private data everywhere, including the darknet, where the very sick people are and the videos of you, send them to your contacts, post them on social network and everywhere else!
The Save You email spam variation
The Save You email is a variation of the above mentioned scam. The Save You email is practically the same thing, but with a slightly different message and email address. It is sent by the same perpetrator and the differences should not confuse you in the slightest. This is the same scam. All the instructions here apply to it as well.
The Save yourself email I know your password
The “Save yourself email i know your password” scam is a slightly different version of the Save Yourself Email Scam. It differs by the message used to intimidate the affected users. In most cases it reads:
Hi, I know one of your passwords is: XXXXXXX Your computer was infected with my private malware, your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”. My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam. I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF! After that I removed my malware to not leave any traces and this email(s) was sent from some hacked server. I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts. The only way to stop me, is to pay exactly 800$ in bitcoin (BTC). My bitcoin wallet is: 1Eim8U3kPgkTRNSFKN49jgz9Wv4A1qmcjR I give you 3 days time to pay.
Frequently Asked Questions related to the “Save Yourself” email hacker scam
The “Save Yourself” scam blackmailer knows the passwords for one or more of my online accounts – how do they know them? – The most likely reason why the scammers have one or more of your passwords is some form of an online Data Breach – a leakage of confidential info that could happen in many ways, but is most likely not related to a Trojan Horse infection in your computer. The scammers are using this info to intimidate you, and make you think your machine is infected.
The letter was sent from my own email account, how did this happen? – this brings us back to the previous point – if the “Save Yourself” email hacker has gotten you password through a Data Breach on some other site or even on the site of your email provider, this could have allowed them to enter your account. This still doesn’t mean your computer has a Trojan (but may increase the chances).
If a hacker has access to your email account, this is still concerning and should be addressed – be sure to change your passwords ASAP. Also, since this can actually be potentially serious, we must once again point you towards the guide below – trying it out (or the security tool there) is a great way of making sure it was indeed just a scam and nothing more.
|Danger Level||High (Trojans are often used as a backdoor for Ransomware) or Low (if you actually don’t have a trojan on your machine)|
|Symptoms||The victim receives an email claiming to release embarrassing videos or pictures if no payment is sent.|
|Distribution Method||Scams of this type are almost universally|
Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
Remove “Save You” Email Trojan
If you have a Windows virus, continue with the guide below.
If you have a Mac virus, please use our How to remove Ads on Mac guide.
If you have an Android virus, please use our Android Malware Removal guide.
If you have an iPhone virus, please use our iPhone Virus Removal guide
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
- Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!