Jump to content

Recommended Posts

Hi EdS :)

DarkComet is a RAT (Remote Administration Tool) which can be used to control a system remotely and offer other features such as a keylogger which can lead to online bank fraud, yes, since usernames, passwords, etc. can be recorded and sent to the spreader. So this could definitely be related yes. Are you looking to clean up this system?

Link to post
Share on other sites

It is impossible to say.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

 
  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.


The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Because your computer was compromised please read:


Filing a Report:

So you have two options here: either I can assist you with the clean-up (though, there's no guarantee that the system still won't be backdoored after), or you can do a nuke and pave (format and reinstall). I can assist with either option, just let me know which one you'll take.

Link to post
Share on other sites

Found the payload.  A fake FedEx email with attached zip and exe.

Would any security software have stopped the infection?  MB apparently didn't.

I think it's more prudent to restore a system image from before the infection.

Thanks for your advice.

Link to post
Share on other sites

Are you able to submit it in the section below?

https://forums.malwarebytes.com/forum/30-newest-rogue-ransomware-threats/

Quote

Would any security software have stopped the infection?  MB apparently didn't.

Once you submit the file, I'll be able to give you an answer, without it, I can't really. Was Malwarebytes Anti-Malware 2.2.1 used on the system, or Malwarebytes 3.0? Was there Malwarebytes Anti-Ransomware, Anti-Exploit, etc.?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.