The perps are using a virtual sandbox that allows them to serve a simulacrum of the real sites/pc/mobile being used.
They can control the settings, including deletion and addition of messages since they have full admin access. When the victim tries to secure the system and identifies the source of control, the system will malfunction, messages will be deleted, access will be denied.
This very program is being installed in the net cafes being used by the public.
Attendants and kids are selling the accounts of net customers to those who are willing to buy access to these accounts.
Comments
I don't think it will help if I tell you.
IF it were but in any of your folders, it's so easy to migrate them to another area.
It can be anywhere - on a separate partition, in a folder, on a hidden drive, etc.