Trojan.StolenData.E !

Page 1 of 5 123 ... LastLast
  1. nIGHTmAYOR's Avatar
    Posts : 1,196
    Windows 10
       #1

    Trojan.StolenData.E !


    So I have a laptop that was a victim to Trojan.StolenData.E which is a generic name to many trojans as I understood from googling , I actually discovered it manually after looking into ProgramData folder .

    The program managed to decode all saved passwords in all browsers , all history from all browsers , cookies from all browsers , all searched words , all text files on laptop and zipped them into one file and I assumed to have uploaded it later to some remote location .

    Luckily I do not use that laptop in any financial nor save any email passwords , mostly just forums and games .

    The thing is , after using Malwarebytes , Comodo , Rogue Killer , Sophos non of these could detect what generated such file , the only detection was from Malwarebytes that detected such folder to be the work of Trojan.StolenData.E which for the casual user might seem like the threat had been detected and removed where its not , its just the work of the threat had been recognized .

    So basically I know , you'd recommend resetting the laptop , but then hey now , if all these cuties up there couldn't really detect the trojan then what's the aim ? it might just come back however it did the first place .

    So I have the following questions :

    1- You know any better tool to detect those kinds of trojans ?

    2 - Does windows offer any auditing / parenting technique to determine which process generated a file ?

    3 - Why Cookies ? can cookies be used to hack an account ? like can a cookie help hijack a facebook account maybe ?

    4 - Can this be the work of a script in a webpage despite that according to browsing history I haven't had any open at that time ?

    -Edit-
    Thought its time to update the post of search results of all main and additional anti-virus / malware suggested :
    1 - Comodo : Nothing
    2 - Malwarebytes : The attempt , not the cause
    3 - Rogue Killer : Nothing
    4 - Sophos : The search get stuck around 50% with no findings
    5 - Malwarebytes Adware Cleaner : iobyte driver booster , iobyte system care , iobyte uninstaller , internet download manager , hot spot shield and avg web tuneup
    6 -
    Hitman Pro : 47 tracking cookies (The irony)
    7 -
    MSERT.exe by Microsoft : 3 Detection (VulnInSydeDriver.A , Defender Tampering Restore [By Comodo], Obfuscator.XZ [Detected But Not Removed])
    8 - EMSISOFT : Nothing major (a random PUP PDF Lite program)
    Last edited by nIGHTmAYOR; 29 Dec 2019 at 15:28.
      My Computer

  2. Compumind's Avatar
    Posts : 2,804
    Windows 10 Pro x64, Various Linux Builds, Networking, Storage, Cybersecurity Specialty.
       #2

    @nIGHTmAYOR -

    So many questions, lol.

    Let's go slow for now...

    Can you please try this? Create on another computer with a USB flash stick.

    Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal

    You can also try this on the infected system:

    https://docs.microsoft.com/en-us/win...anner-download

    Post back. Thanks.

    Last edited by Compumind; 28 Dec 2019 at 08:20.
      My Computer

  3. Jacee's Avatar
    Posts : 1,607
    Win 10 home 20H2 19042.1110
       #3

    Warning! Backdoor Trojans


    These are the most dangerous, and most widespread, type of Trojan.

    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
    You should consider them to be compromised.
    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
    Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

    Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

    If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.
      My Computers

  4. Ztruker's Avatar
    Posts : 13,697
    Windows 10 Pro X64 21H1 19043.1110
       #4

    Jacee, nIGHTmAYOR said "Luckily I do not use that laptop in any financial nor save any email passwords , mostly just forums and games .".
      My Computers

  5. Jacee's Avatar
    Posts : 1,607
    Win 10 home 20H2 19042.1110
       #5

    @Ztruker I also read that. If this computer is still being used online ... then it will no doubt infect other users you have contact with. Do a clean install,

    Copy and paste these lines in Note pad.

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop. Right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

    Reset all passwords
      My Computers

  6. nIGHTmAYOR's Avatar
    Posts : 1,196
    Windows 10
    Thread Starter
       #6

    @Compumind I have an odd result from the microsoft tool after 9 hours of scan :
    Trojan.StolenData.E !-annotation-2019-12-29-1303132.jpg
    so basically it found a couple more viruses and one that it cant remove but the sweet thing doesnt want to tell me their names or locations , how convenient .
    I did use HitmanPro after which its scan time was more reasonable , it just reported i had 47 tracking cookies (interesting ... Hitman 47) and then it had them deleted , now comes Emsisoft time , reporting back after its done .
    @Jacee "The Nuke it ! Just Nuke it !" option is a little hard for me , partly because i use all trusted security packages available and i still got infected hinting i may just take few weeks getting it back how it was with all games installed , all downloads , all setups all tweaks and then like you said , reacquire the infection easily . Mind you resetting all passwords on this laptop may require me to re-enter them all again later , doing so may victimize me more if its now logging keys or anything . so bottom line , I need to use the laptop as a sample for analyses to trap what it is first so to better secure the next re-spawn .
      My Computer


  7. Fabler2's Avatar
    Posts : 3,432
    Windows 10 preview 64-bit Home
       #7

    I would go back to an earlier image I'd created. I use Macrium and check that for the trojan again and go further back, if you have more images and if needed, before thinking of a fresh install.
      My Computers

  8. Compumind's Avatar
    Posts : 2,804
    Windows 10 Pro x64, Various Linux Builds, Networking, Storage, Cybersecurity Specialty.
       #8

    nIGHTmAYOR said:
    @Compumind I have an odd result from the microsoft tool after 9 hours of scan :
    Trojan.StolenData.E !-annotation-2019-12-29-1303132.jpg
    so basically it found a couple more viruses and one that it cant remove but the sweet thing doesnt want to tell me their names or locations , how convenient.
    I see. Did you use the tool from Emisoft as I posted above?
    You are using too many compromised tools.

    @Jacee -

    No, this isn't the way. Sorry.
      My Computer

  9. nIGHTmAYOR's Avatar
    Posts : 1,196
    Windows 10
    Thread Starter
       #9

    Fabler2 said:
    I would go back to an earlier image I'd created. I use Macrium and check that for the trojan again and go further back, if you have more images and if needed, before thinking of a fresh install.
    I hinted i know the date of where that folder and files originated hence i know the date , but then no common security package has a clue how or what originated them (I did list the bunch i used in op + now Hitman Pro and Ms Safty Scanner) .
    I.E right now we are looking for where and what that trojan.stolendata.e is , and best suite to detect it .
      My Computer

  10. Compumind's Avatar
    Posts : 2,804
    Windows 10 Pro x64, Various Linux Builds, Networking, Storage, Cybersecurity Specialty.
       #10

    Fabler2 said:
    I would go back to an earlier image I'd created. I use Macrium and check that for the trojan again and go further back, if you have more images and if needed, before thinking of a fresh install.
    I tend to agree with that, if all else fails. Better yet, backup all data on external device, do a clean install of W10 and then separately scan all your data prior to restore.

      My Computer


 
Page 1 of 5 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:29.
Find Us




Windows 10 Forums