Trojan.StolenData.E !

So I have a laptop that was a victim to Trojan.StolenData.E which is a generic name to many trojans as I understood from googling , I actually discovered it manually after looking into ProgramData folder .

The program managed to decode all saved passwords in all browsers , all history from all browsers , cookies from all browsers , all searched words , all text files on laptop and zipped them into one file and I assumed to have uploaded it later to some remote location .

Luckily I do not use that laptop in any financial nor save any email passwords , mostly just forums and games .

The thing is , after using Malwarebytes , Comodo , Rogue Killer , Sophos non of these could detect what generated such file , the only detection was from Malwarebytes that detected such folder to be the work of Trojan.StolenData.E which for the casual user might seem like the threat had been detected and removed where its not , its just the work of the threat had been recognized .

So basically I know , you'd recommend resetting the laptop , but then hey now , if all these cuties up there couldn't really detect the trojan then what's the aim ? it might just come back however it did the first place .

So I have the following questions :

1- You know any better tool to detect those kinds of trojans ?

2 - Does windows offer any auditing / parenting technique to determine which process generated a file ?

3 - Why Cookies ? can cookies be used to hack an account ? like can a cookie help hijack a facebook account maybe ?

4 - Can this be the work of a script in a webpage despite that according to browsing history I haven't had any open at that time ?

-Edit-
Thought its time to update the post of search results of all main and additional anti-virus / malware suggested :
1 - Comodo : Nothing
2 - Malwarebytes : The attempt , not the cause
3 - Rogue Killer : Nothing
4 - Sophos : The search get stuck around 50% with no findings
5 - Malwarebytes Adware Cleaner : iobyte driver booster , iobyte system care , iobyte uninstaller , internet download manager , hot spot shield and avg web tuneup
6 - Hitman Pro : 47 tracking cookies (The irony)
7 - MSERT.exe by Microsoft : 3 Detection (VulnInSydeDriver.A , Defender Tampering Restore [By Comodo], Obfuscator.XZ [Detected But Not Removed])
8 - EMSISOFT : Nothing major (a random PUP PDF Lite program)

@nIGHTmAYOR -

So many questions, lol.

Let's go slow for now...

Can you please try this? Create on another computer with a USB flash stick.

Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal

You can also try this on the infected system:

https://docs.microsoft.com/en-us/win...anner-download

Post back. Thanks.

Warning! Backdoor Trojans


These are the most dangerous, and most widespread, type of Trojan.

Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.

Jacee, nIGHTmAYOR said "Luckily I do not use that laptop in any financial nor save any email passwords , mostly just forums and games .".

@Ztruker I also read that. If this computer is still being used online ... then it will no doubt infect other users you have contact with. Do a clean install,

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Reset all passwords

I would go back to an earlier image I'd created. I use Macrium and check that for the trojan again and go further back, if you have more images and if needed, before thinking of a fresh install.

nIGHTmAYOR said:

@Compumind I have an odd result from the microsoft tool after 9 hours of scan :

so basically it found a couple more viruses and one that it cant remove but the sweet thing doesnt want to tell me their names or locations , how convenient.

I see. Did you use the tool from Emisoft as I posted above?
You are using too many compromised tools.

@Jacee -

No, this isn't the way. Sorry.

Fabler2 said:

I would go back to an earlier image I'd created. I use Macrium and check that for the trojan again and go further back, if you have more images and if needed, before thinking of a fresh install.

I tend to agree with that, if all else fails. Better yet, backup all data on external device, do a clean install of W10 and then separately scan all your data prior to restore.