A person I was messaging with on another website sent me a link. I installed this WPS Office from a person that wanted to show me a document. But I clicked on it and installed it and tried to remove my self following manual steps:
1. first turn off wi-fi
2. obtain administrator access throughout the entire removal of malware
3. use cmd prompt icacls/cacls to unhide any files in folders
4. search files for similar names like malware WSP Office/Kingsoft, etc...
5. kill tasks for any process that has to do with the malware like WPS Office and run script that keeps killing the tasks until malware removal is complete
6. delete HKEYS from regedit
7. remove folders and files
8. run a malware scanner like windows defender
9. and uninstall the program.
After I uninstalled WPS Office. I used Malwarebytes scan nothing reported. That's why I am confused if my manual steps worked or should I reinstall my OS? and was told to just reinstall my OS. But is this even a real malware link for WPS Office/Kingsoft or is it just a regular link?
Should I continue my conversation with this person?
If you think it's a link to malware, which it probably is, please don't spread it further.
What do you expect people to do with it? Download and install it on their own computers to help you?
Should I continue my conversation with this person?
Oh come on.
If you want to install an app, install it from the official website.
I know https://www.wps.com is an official site.
See:
https://en.wikipedia.org/wiki/WPS_Office
I run links through Virustotal as well. Be aware they embed characters in some links to look official.
I also check country of origin for software and stay away from some countries, but that's your choice.
I also do backups of my drive with Macrium Reflect. If you have Linux there is software for that, search.
JussiMannisto and jlrdw give solid practical advice. WPS Office from wps.com is a legitimate product, but receiving software links from strangers messaging you on other platforms is a classic social engineering setup. If Malwarebytes came back clean and you followed the removal steps thoroughly, the risk is likely low, but reinstalling the OS gives complete peace of mind if you remain concerned. Always download software directly from official websites only, never from links sent by people you don't know. For cybersecurity companies tracking which marketing channels drive the most inbound inquiry calls, Phonexa helps attribute those conversations accurately.
Please or to participate in this conversation.