Jump to content

dclogs - Concerning discovery, looking for some advice


Recommended Posts

Hi Guys,

 

Hoping someone can help me here.

 

I recently ran a thorough scan of my HDD using Malwarebytes. It found a folder in AppData / Roaming titled dclogs and inside this loads of .dc files which Malwarebytes marked as "Stolen.Data".

 

These .dc files started around January of 2013 and the last one being in October of 2013 (they just stopped being created then).  My antivirus hadn't picked up anything problematic during this time.

 

I read up on what these files were and I understand them to be darkcomet / trojan log files.

 

I opened up some of the .dc files in notepad and sure enough they were full of private information (contents of emails, passwords, usernames etc.).  Very worrying.

 

I have a HIPS firewall (on PC and another separate firewall on router) and I don't allow anything to go through this firewall without me approving it and creating a rule to allow or deny.  There hasn't been any entry in my Firewall allow/deny tables for anything out of the ordinary for the last couple of years.

 

I formatted the drive anyway and reinstalled Windows - I was going to do this anyway on the weekend as it's been a long time, but this gave me a kick in the butt ;)

 

Guess I'm sort of looking for some sort of peace of mind really as the contents of these dc log files was alarming, loads of personal information - Is it likely that the contents of these files was accessed by someone or does whatever app generate these logs automatically and the files just sit there?  Would my firewall have likely protected me?

 

I've had no email, social or any type of online account breaches or anything in years.

 

Thanks,

 

Mike

Link to post
Share on other sites

Hi Mike,

 

Is it likely that the contents of these files was accessed by someone or does whatever app generate these logs automatically and the files just sit there?

Unfortunately this dclogs directory and its contents are produced by infostealer malware. So you were infected over a pretty long period of time and the data you've just found is what the malware has logged!

The "good news" is that this most likely is not some sort of targeted attack against you but fully automatic mass-malware that just grabs everything it can from as many computers as possible. But you have to assume that all these data is "out there" now and that cannot be reversed. I therefor highly recommend that you devalue as much as possible of these data by changing all your credentials (passwords and other sensitive data that were used on this computer).

 

Would my firewall have likely protected me?

Without knowing what exact malware was running on your system (and how it tried to send home the stolen data) this is uncertain.

But I really would not count on this because it is not a big deal for malware to use a process that has permission to connect to the internet for this purpose. So it can blend in with your normal internet traffic to send out the data in a way that is hard to detect and block. An IP-block feature (like MBAM Pro has one) might have caught the process that tried to connect to the malware server (as soon as one of these IP addresses is blacklisted).

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.