Jump to content

Where to find info for a specific trogjan I have quarantined


deucy14
 Share

Recommended Posts

I have searched--Symantec and others_ for anything related to this trojan that MB has found (twice in the same scan) and have not come up with any info. They have been in quarantine for two weeks on my computer. 

BTW... how do I upload a trojan file in quarantine ?

Where are the obvious places I have missed for info on this trojan ?

Thank you in advance

 

Link to post
Share on other sites

So no one knows location of where to find more on this trojan I have in quarantine ?  I posted this 4 days ago.

I am interested among other reasons because in one Malwarebytes scan, two of the same trojan were of separate files which I have quarantined.  I am surprised by that and want to know more as to how that can  be.  Maybe I just bone up on trojans which appears to have much exposure in publications on their general nature.

But how odd that I can find no info on this one....  trojan.niyeta  (looks Russian !)

 

Link to post
Share on other sites

In Malwarebytes for Windows I posted 4 days ago which received over 30 views but no reply.  Surely someone knows where one can go to get info on a Trojan I have in quarantine.  Here is what I posted with fresh edits for this post:

 I have searched--Symantec and others_ for anything related to this trojan that MB has found (twice in the same scan) and have not come up with any info. They have been in quarantine for two weeks on my computer. This was 4 days ago Monday 25 Sept 2017.

BTW... how do I upload a trojan file in quarantine ?  I ask this because a various sites there is the opportunity for infected files to be uploaded to the site. 

Where are the obvious places I have missed for info on this trojan ?

Thank you in advance

 

 So no one knows location of where to find more on this trojan I have in quarantine ?  I posted this 4 days ago.

I am interested among other reasons because in one Malwarebytes scan, two of the same trojan were of separate files which I have quarantined.  I am surprised by that and want to know more as to how that can  be.  Maybe I just bone up on trojans which appears to have much exposure in publications on their general nature.

But how odd that I can find no info on this one....  trojan.niyeta  (looks Russian !)

 

Link to post
Share on other sites

I don't see anything in this post that identifies; 

  • Name and path of malware file
  • What detection name ( or names ) are used to identify "what trojan" you are concerned over.

There are millions of trojans so maintaining a Malware Encyclopedia is more than difficult.  What they may hold in their directories are major malware families such as;  Koobface, RamsomWare, ZLob, ZBot, Pony,  etc.  There has even been attempts to create a cross-referencing database with an associated malware name suffix ( such as !cme-416  ) called the Common Malware Enumeration project that was maintained by MITRE.  It was designed to overcome the fact that 10 different anti malware vendors may have 10 different names for the same infector.  But, that project was dropped.

In short, with the large volumes of trojans that now exist or have existed, maintenance of these malware encyclopedias has gone fallow.

Google and other search engines will tend to NOT help with many forms of malware because Malware Encyclopedias lack sufficient information to be Search Engine Indexed as well as all the misinformation that exists throughout the 'net.

 

Link to post
Share on other sites

  • 2 weeks later...
On 9/29/2017 at 12:42 PM, Aura said:

Hi deucy :)

Do you have the Malwarebytes log where I can see this file being put in quarantine?

Thank you Aura.....Your request is replied to as copied off my computer clipboard and posted below.  BTW....the two trojan.niyeta are still in my quarantine, and in a few days it will be one month the quarantine commenced.  Am I confusing this with Windows Defender or something else that if left alone in quarantine for 30 days they are automatically released ?   As always, I am grateful to you !

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/18/17
Scan Time: 11:28 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2833
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391238
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 16 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Trojan.Nyetya, C:\$RECYCLE.BIN\S-1-5-21-3330058123-2019430083-2832955609-1004\$RPKRCB9.EXE, Quarantined, [8818], [436218],1.0.2833
Trojan.Nyetya, C:\USERS\PATTI STANDARD\DOWNLOADS\CCSETUP533.EXE, Quarantined, [8818], [436221],1.0.2833

Physical Sector: 0
(No malicious items detected)


(end)

 

 

Link to post
Share on other sites

Aura....PERFECT !    Thank YOU. 

MWB  DID  quarantine in a timely fashion.

Your referenced link was probably an outlier in terms of the exception to "it's just another trojan."  Shocking to learn how CCleaner got infiltrated and the subsequent millions of users downstream like me were the receiver of this trojan. 

Because of quite a robust exchange--and a very constructive one for me--earlier this year that started with the discussion of "clean installs" that morphed into the pros and cons of routine "cleaning" of a computer, I modified my routine in a few different ways.  One way happened to be not using CCleaner almost daily as I used to.  Nevertheless, by chance, I updated to the contaminated version.  A second well used computer in the house only irregularly gets updated to most recent version of CCleaner and is still a few versions behind the affected one.  Nice to know now that computer can leapfrog over the bad version.

I missed any warning from MWB about this seriously large in scope--over 2 million users-- being on the receiving end of a CCleaner, contaminated, version update.  I am still surprised I could not find anything about this trojan from the well know sites one would think would have given a shout-out on it.   Perhaps I did go sites that addressed it, but I overlooked it. 

Thanks much, Aura !

 

 

 

 

 

Link to post
Share on other sites

  • Staff

You'll probably find this to be quite informative.

Being a longtime CCleaner user myself, I was one of the lucky ones who just so happened to miss this infected build.  I don't run it too often these days (I used to run it daily, including checking for updates prior to cleaning) and when I heard about this I happened to be running the build prior to the infected one and the new clean build had already been published so I upgraded to that.

Of course I use the portable build myself, so I don't think I would have been affected anyway as I don't believe it was among the builds that was Trojanized by this infection.

Definitely scary stuff.

Edited by exile360
Link to post
Share on other sites

Exile360 it has been said many times it is better to be lucky than smart.  You have a dual-fecta going in that you are both !  Congrats on the good luck even if you were using the portable.  Just keep practicing the good luck ......... it comes in handy  !

Thank you for the link.  After Aura's post leading me to information about the discovery, I was fascinated by it and spent more time attending to the topic; I found the info at your link back then. Reading the blog was interesting, too.

Just yesterday I read about the current growth of hacking into home routers which include not just potential compromising of conventional computers but makes vulnerable the many contemporary, other home appliances dependent on the router.  It's becoming more frequent to have drive-by hackers invading your home.  This is made all the more easier with the typical, kindergarten grade passwords used for that device.

In another article, a respectable source stated in actuality, you have to have your head on a swivel stick to be circumspect of every thing around you these days you think is password coded.  This is particularly the case where the big targets are ..... your bank, your use of credit cards on line, fragments of your personal identity getting accumulated, etc.  There was attention given in the article that the successes are so wide spread that the population growth of hacking dwarfs the year prior and the year prior to that. It is a growth industry easy to be seduced into.

Thanks for your post, Exile 360.

Link to post
Share on other sites

  • Staff

Yep, too true.  With things as bad as they are these days, luck is a great thing to have.  It's been said many times and I'll echo it here: I'd rather be lucky than good ;) 

You're most welcome.  Our research guys really do their homework so if you're ever looking for a thorough education on the latest threats and risks, our blog is a great place to get lost for a while and find tons of fascinating info.

It's absolutely true that with the IOT (Internet of Things), there are more attack points than ever before because nearly every device has at least some web capability built into it.  The "smart" home isn't so smart when it comes to security.

With regards to securing your data, yes, with organizations like advertisers which use trackers, Facebook and Twitter having embedded components in nearly every site, Google, Microsoft and others gathering as much info about everyone and everything as they can via all of their "free" services (search engines, office applications, email, video streaming, stores for apps etc.), you can bet that many companies know far more about you than you'd ever guess.  Even companies like ebay, Paypal and Amazon with their info on your searches/views and purchase histories have way too much info about you (at least in my opinion).  There was a time that we called all of this unnecessary tracking of users "spyware" and the targeted advertising that comes with it "adware", but today it's just the norm because at some point everyone accepted that this is the way things work (due mostly to the efforts of organizations such as Microsoft, Yahoo!, Google and others) and with most people providing so much info via social media channels like Facebook, Twitter, LinkedIn, Snapchat and even gaming services like Steam and Xbox Live getting in on the action, there is very little that cannot be known about you either by the companies providing these services and content, or by hackers who are clever enough to break into their databases or individuals who simply gather the info that's made publicly available by them.

Privacy really is a thing of the past these days.  Even the government has been getting in on the action with programs like PRISM and the like.

All of this means that we must be ever vigilant when using our devices, not just with our passwords and account numbers, but also with personal details we share because they can and are used to profile us, and such data in the wrong hands could be used to do things such as figuring out your password based on your interests (HINT: try not to use passwords that have anything to do with your interests, relatives, important dates in your life etc. ;) ).

Anyway, good luck staying safe out there, and if there's ever anything we can do to help, please don't hesitate to let us know.  We know how harsh the online world can be, and we're doing our best each day to try and make it as safe as we can (hopefully) without hindering your travels or getting in the way of your fun and work :) .

Link to post
Share on other sites

  • 4 weeks later...
On 10/14/2017 at 9:44 PM, Aura said:

Here's the information you are looking for:

https://blog.malwarebytes.com/security-world/2017/09/infected-ccleaner-downloads-from-official-servers/

Nyetya is Malwarebytes' name for the malicious payload embedded in the infected v5.33 of CCleaner.

This is a good info! Thanks for this Aura since I was trying to find out about it lately.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.