Jump to content

Recommended Posts

Salutations,

I recently discovered of an attempted intrusion by a variant of the Kotver Trojan. You can find all of the relevant details here (this includes logs from MBAM, HitmanPRO, FSS, FRST, and Kotver itself). According to the technician assisting me, he believes it originated from an exploit ad on a web page or something similar.[1] This reinforces my initial suspicions that WinRAR is the culprit. For some time now, the application has been generating advertisements to convince you to buy a license of their product once the evaluation period has ended (AKA nagware). Malwarebytes' has warned me of this in the past, but the utility of the application outweighed the risks of this so-far benign problem.

What further steps should be taken to ensure that there are no remaining remnants or accomplices remaining?

Current security arsenal:

Spoiler
  • System:
    • Farbar Recovery Scanner Tool (FRST)
    • Farbar Service Scanner (FSS)
    • Malwarebytes' Anti-Exploit (MBAE) Free
    • Malwarebytes' Anti-Malware (MBAM) Premium
    • Windows Defender
  • Browser:
    • Chromium:
      • Privacy Badger
      • uBlock Origin
      • uMatrix
    • Firefox:
      • NoScript
      • Privacy Badger
      • uBlock Origin
      • uMatrix

I used to also use AVAST Premier, but in recent years I have found many functions of the program to be unstable or outright broken on my configurations even after doing a fresh install.

I operate strictly on a whitelist-as-needed basis both at the system and browser-level. All files expressly downloaded by me are subject to testing in a secure virtual machine prior to execution in a production environment.

Apologies for the long rambling, but I want to be as thorough as possible. Any suggestions to further enhance security in a Windows environment would be greatly appreciated.

 

Link to post
Share on other sites
  • 1 month later...

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.
Thank you and sorry we missed your topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.