Stolen.data

Hi, mjf.

Based on the information in the link provided by Golden, if this is indeed a password-stealing trojan, I strongly recommend that you go to a clean computer and change your passwords. Keep a close eye on any banking and credit card accounts.

It would be a good idea to do an online scan by another vendor. Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish -- it may take quite a while.

Good luck with that mjf.

I have ESET online scanner on all my pe3 media. (smart installer is only a couple of mb )

Never needed to use it myself - but friends have used it with great success.

Thanks for the replies (I need to learn more!!)

I ran the ESET online scan after Quarantining the malware with Malwarebytes. After 4+ hours it detected no threats. Fortunately I don't store or use transaction passwords or account numbers on my computer.

I've changed other passwords. Is there anything else to be done?

---------------------------------------
Interestingly, it appears only the most recent Malwarebytes update detected this threat. Yet by going back to a 2 month old image the threat was present and both Malwarebytes and NIS2011 have been kept current between then and now.

Definitions are updated regularly, mjf, but until the vendor becomes aware of the threat it cannot be submitted. We can speculate about what changed that resulted in the addition, but that won't provide answers. :)

I suggest creating a fresh restore point and then clearing all the old, infected points using Disk Cleanup. For Windows Vista and Windows 7:

• Click start, type Disk Cleanup in the search box
• Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
• Select the drive where Windows is installed (if you have more than one drive) and click "OK".
• When the scan completes, check/uncheck desired boxes.
• Next, please click the More Options tab at the top.
• Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
• Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
• The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

Since you guys use ESET regularly, you did actually agree to these...

2. Forwarding of infiltrations and information to the Provider.
The Information may contain data (including personal data*) about the End User and/or other users of the computer on which the Software is installed, information about the computer and operating system, suspicious files from the computer on which the Software is installed and files affected by the Infiltration and any information about such files.

*-Emphasis mine...

22. Governing Law.
The End User and the Provider agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with the Provider or relating in any way to Your use of the Software resides in District Court Bratislava I., Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I. in connection with any such dispute or claim.

Based on these, the scan results with personal data will end up in former Yugoslavia that has jurisdiction for any of the conflicts that may arise.

While the service provided might be good, there are plenty of other malware detection tools that can run locally instead of over the Internet; there's no need for possibly disclosing personal data with Internet based tools...

I would also run a scan with HitMan Pro. I doesn't need to be installed on your machine, and is a great multi vendor scanner. Home - SurfRight

Cr00zng said:

Since you guys use ESET regularly, you did actually agree to these...

2. Forwarding of infiltrations and information to the Provider.
The Information may contain data (including personal data*) about the End User and/or other users of the computer on which the Software is installed, information about the computer and operating system, suspicious files from the computer on which the Software is installed and files affected by the Infiltration and any information about such files.

*-Emphasis mine...

22. Governing Law.
The End User and the Provider agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with the Provider or relating in any way to Your use of the Software resides in District Court Bratislava I., Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I. in connection with any such dispute or claim.

Based on these, the scan results with personal data will end up in former Yugoslavia that has jurisdiction for any of the conflicts that may arise.

While the service provided might be good, there are plenty of other malware detection tools that can run locally instead of over the Internet; there's no need for possibly disclosing personal data with Internet based tools...

You are basing your comments on very outdated information. See ESET Online Scanner End User License and Service Agreement.