Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Stolen.data

29 Jun 2011   #1
mjf

Windows 7x64 Home Premium SP1
 
 
Stolen.data

Malwarebytes has just detected and quarantined "stolen.data" on my computer. A Trojan I believe.
Location: c:\programdata\carbon

NIS2011 with current update missed it.

Has anyone experience with this or advice?


My System SpecsSystem Spec
29 Jun 2011   #2
Maguscreed

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Hmm I haven't suggested this in awhile

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Apparently it only really fell out of favor because it didn't have win 7 support until some time after it's release. It does now though.

As for this specific malware
Quote   Quote: Originally Posted by nosirrah" (malwarebytes forum administrator)
Without a file path there is no way to give much info .

Stolen.Data are static paths to files where known spyware stores stolen credentials .
I think that sums it up best.
My System SpecsSystem Spec
29 Jun 2011   #3
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

Did a bit of research and found that it is considered by some to be a variant of Trojan-Spy.Win32.Zbot.

See this link : Endpoint protected machine compromised CASE# 411-396-061 | Symantec Connect Community

Perhaps you could contact Jacee and/or Corinne for more info?

Regards,
Golden
My System SpecsSystem Spec
30 Jun 2011   #4
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, mjf.

Based on the information in the link provided by Golden, if this is indeed a password-stealing trojan, I strongly recommend that you go to a clean computer and change your passwords. Keep a close eye on any banking and credit card accounts.

It would be a good idea to do an online scan by another vendor. Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish -- it may take quite a while.
My System SpecsSystem Spec
30 Jun 2011   #5
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Good luck with that mjf.

I have ESET online scanner on all my pe3 media. (smart installer is only a couple of mb )

Never needed to use it myself - but friends have used it with great success.
My System SpecsSystem Spec
30 Jun 2011   #6
mjf

Windows 7x64 Home Premium SP1
 
 

Thanks for the replies (I need to learn more!!)

I ran the ESET online scan after Quarantining the malware with Malwarebytes. After 4+ hours it detected no threats. Fortunately I don't store or use transaction passwords or account numbers on my computer.

I've changed other passwords. Is there anything else to be done?

---------------------------------------
Interestingly, it appears only the most recent Malwarebytes update detected this threat. Yet by going back to a 2 month old image the threat was present and both Malwarebytes and NIS2011 have been kept current between then and now.
My System SpecsSystem Spec
01 Jul 2011   #7
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Definitions are updated regularly, mjf, but until the vendor becomes aware of the threat it cannot be submitted. We can speculate about what changed that resulted in the addition, but that won't provide answers.

I suggest creating a fresh restore point and then clearing all the old, infected points using Disk Cleanup. For Windows Vista and Windows 7:
  • Click start, type Disk Cleanup in the search box
  • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
  • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
  • When the scan completes, check/uncheck desired boxes.
  • Next, please click the More Options tab at the top.
  • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
  • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
  • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.
My System SpecsSystem Spec
02 Jul 2011   #8
Cr00zng

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

Since you guys use ESET regularly, you did actually agree to these...

Quote:
2. Forwarding of infiltrations and information to the Provider.
The Information may contain data (including personal data*) about the End User and/or other users of the computer on which the Software is installed, information about the computer and operating system, suspicious files from the computer on which the Software is installed and files affected by the Infiltration and any information about such files.
*-Emphasis mine...

Quote:
22. Governing Law.
The End User and the Provider agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with the Provider or relating in any way to Your use of the Software resides in District Court Bratislava I., Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I. in connection with any such dispute or claim.
Based on these, the scan results with personal data will end up in former Yugoslavia that has jurisdiction for any of the conflicts that may arise.

While the service provided might be good, there are plenty of other malware detection tools that can run locally instead of over the Internet; there's no need for possibly disclosing personal data with Internet based tools...
My System SpecsSystem Spec
02 Jul 2011   #9
DBone

Windows 7 Home Premium x64 SP1
 
 

I would also run a scan with HitMan Pro. I doesn't need to be installed on your machine, and is a great multi vendor scanner. Home - SurfRight
My System SpecsSystem Spec
02 Jul 2011   #10
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Cr00zng View Post
Since you guys use ESET regularly, you did actually agree to these...

Quote:
2. Forwarding of infiltrations and information to the Provider.
The Information may contain data (including personal data*) about the End User and/or other users of the computer on which the Software is installed, information about the computer and operating system, suspicious files from the computer on which the Software is installed and files affected by the Infiltration and any information about such files.
*-Emphasis mine...

Quote:
22. Governing Law.
The End User and the Provider agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with the Provider or relating in any way to Your use of the Software resides in District Court Bratislava I., Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I. in connection with any such dispute or claim.
Based on these, the scan results with personal data will end up in former Yugoslavia that has jurisdiction for any of the conflicts that may arise.

While the service provided might be good, there are plenty of other malware detection tools that can run locally instead of over the Internet; there's no need for possibly disclosing personal data with Internet based tools...
You are basing your comments on very outdated information. See ESET Online Scanner End User License and Service Agreement.
My System SpecsSystem Spec
Reply

 Stolen.data




Thread Tools



Similar help and support threads for2: Stolen.data
Thread Forum
my laptop was stolen Chillout Room
Stolen iphone Chillout Room
Win7 Security Has Stolen My Data! System Security
Botnet hijacking reveals 70GB of stolen data News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:46 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App