Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
Chvalov2016-02-07 02:05:03
Malware
Chvalov, 2016-02-07 02:05:03

They stole Login Data and other passwords, should I be afraid?

I caught a simple but not pleasant virus, which KAV does not even suspect of anything.
After I realized that the software was a snag, I started running it in the sandbox and other tools to study the behavior.
And then the full picture emerged.
The bottom line is that the virus steals the whole folder:
C:\Users\Adminko\AppData\Roaming\Opera Software\Opera Stable
C:\Users\Adminko\AppData\Local\Google\Chrome\User Data\Default
and other files from Skype, FileZilla and a couple more incomprehensible ones
(This is what I could see in the archive that was sent to the FTP server)
Changed the passwords from Skype and FTP all at once, but as far as I know about browsers, these files will not give anything to a hacker, since passwords encrypted with DPAPI.
The question is, can a hacker also steal DPAPI to decrypt my passwords on his PC?
Since there were still files in the archive that were not readable at all, and I don’t know what they are and where they pulled them from, but there is a feeling that this is the same DPAPI.
I have Windows 10 x64

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
N
nirvimel, 2016-02-07
@nirvimel

  1. This is not a virus, but a Trojan (the virus, at least, is able to multiply without the participation (use) of a person).
  2. Everything that he pulled from the profile under which he himself is running, he will be able to decrypt (because it can be a browser running under this user).
  3. If it was launched from under the administrator, then it pulled and decrypted (or grabbed everything necessary for decryption) everything at least somewhat interesting from the profiles of all users on the machine.
  4. The only case where DPAPI could be of any help is if a Trojan running as non-administrator somehow got access to the browser profile in another user's profile, but did not get access to the registry of that user (the file in the root of his profile). The case is generally the rarest, and the number can be theoretically considered, because by default access rights close all the contents of the profile of one user from another (non-administrator).

Similar questions
V
Vitaly2015-03-01 15:56:34
Sites are not loaded, only through a proxy. Causes? 1Reply
X
xxx44yyy2019-08-11 15:57:39
How to check Mac OS for Trojans and all that? 1Reply
A
Anton2015-03-13 03:57:37
Is it worth switching to Dr.Web? 4Reply
M
Motorkaa2017-03-21 10:57:43
Any options to decrypt this php? 5Reply
D
denis26012017-03-23 12:57:36
Viruses on the site, redirect files, can't find the source? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question