Preamble
I'm writing this post for the idiots who were stupid enough to download Shadow Client, without heeding the many warnings they got from people who know what they're talking about, and ran it outside of a virtual machine and with Internet.
If you downloaded the "official" build from the Shadow client Discord, chances are, you're ratted. @"Luna__"#2532's fork, to my knowledge, does not contain this malware. But you shouldn't be running it anyways as Shadow is a piece of shit.
Proof
What should I do if I've ran this?
This will probably only affect you if you used Windows to run Shadow because it launches Command Prompt. However, we cannot be entirely sure about that.
We must do a full reinstall because we simply don't know what commands they were running. If you look at the screenshot above, there's nothing hardcoded, except for the launching of Command Prompt. To make this even worse, Command Prompt doesn't even have history.
- Disconnect the machine you used to run Shadow from the internet.
- On another device, download the Windows 10 ISO from here (hint: you need a user agent other than Windows to download it else you'll be asked to download their crappy Media Tool)
- Use a tool like Balena Etcher (simple) or Rufus (advanced) to flash the ISO to a USB drive.
- Plug the flashed USB drive into your infected machine.
- Enter the BIOS of the infected machine and set the boot priority for the USB to the top.
- Exit & save your settings.
- Reinstall windows through the installer.
If these steps didn't work for you, find another guide for reinstalling windows from the ISO and NOT from within Windows.
Maybe after reinstalling Windows you'll know not to be stupid and run software from people who have backdoored others (hint hint Coffee client IRC class loading, them backdooring Minecraft servers)