Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a way to tell which of my files (if any) were accessed or downloaded by a Trojan/malware?


  • Please log in to reply
2 replies to this topic

#1 Zelithe

Zelithe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 24 October 2009 - 08:40 PM

Is there any way to tell? I had some very sensitive information on this computer and from what I can tell, I've deleted all of the files that may have posed a risk.

I'd like to know what would have been accessed or downloaded, though. I'm feeling really nervous and restless because I'm not sure if any of my files were downloaded or not. I had things which could spell a lot of trouble for me in the future and I can't stand thinking that I might go through the rest of my life never knowing that a ton of very personal things that I went through great lengths to keep private could be floating around in cyberspace somewhere. I didn't have anything that'd put me in jail or anything, just details about me that I'd never like to never surface.

What sort of files would a Trojan go after? How many files would have been downloaded? How long will they be stored elsewhere?

All of my passwords and such have been changed and nothing happened to even my most important accounts, but is it only a matter of time until some hacker somewhere tries to do something with other information?

A quick note is that I disabled system restore and did a disc cleanup because one of the files I found was malware located here: "c:\system volume information\_restore{08EDBA23(rest of the file I'd prefer to keep private, and it doesn't show up on Google beyond this point anyway)" Would LOIC have a reason to put a file there?

There's a chance that the entire thing could have been a false positive and I'm worrying about nothing. LOIC is supposed to show up as a virus because it is a homebrew program. It's just that there are unclean variations of it which play on that fact because there isn't an easy way to tell from a clean and unclean version because of the clean version's nature of always being detected as a virus by standard programs like McAfee.

Here's the file I downloaded. I recommend you do not download it unless you have a safe way of analyzing it.

Link Removed

(add on this part below after "/download/" I'm not bypassing filters, I just am pretty paranoid and don't want a hacker who may have programmed the file knowing that I had sensitive information and finding this page by searching for it through an engine with the URL and trying to locate the files I speak of if they were downloaded to somewhere.)

64588788e47d141c/

If anyone could determine if the above LOIC is legitimate or not, I've heard that a way is to compare the source code. The source code for the clean version of LOIC is found here under "Chan":

http://www.praetox.com/n.php/sw/sauce

Edited by garmanma, 25 October 2009 - 10:24 PM.


BC AdBot (Login to Remove)

 


#2 Zelithe

Zelithe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 October 2009 - 02:07 AM

If no one knows the answer, can someone at least point me in the right direction of where I should be asking this?

#3 Zelithe

Zelithe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 31 October 2009 - 04:11 PM

Bump.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users