Jump to content

Trojan.StolenData on Parallels Windows 10 VM, What Do I do after quarantine


Hellyeah

Recommended Posts

Hi,

Downloaded and ran Malwarebytes on my virtual machine.  

The scan found Trojan.StolenData  at C:\USERS\MYUSERNAME\APPDATA\ROAMING\LOCAL.   It has been quarantined.   

Two other minor hack tool items were found.  These have been deleted.  One is a tool to identify your Windows product key.  The second was one to identify your USB devices.  They have been removed.

Two questions:

1) Windows 10 virtual machine is running via Parallels on a Mac.  Mac version of Malwarebyets Premium (4.5.x) did not detect anything.  Is the Mac side compromised?

2)What other steps, if any (doubt), should I take given the Trojan.StolenData find?  ...and circle back to #1, is my Mac okay.  Is this a matter of deleting the virtual machine and starting fresh?  

Link to post
Share on other sites

@AdvancedSetup What do you mean by "that is from using a stolen copy of our software"?  I have been a licensed copy of your product on the Mac side for a # of years.  I discovered this file when I purchased additional licenses to protect my virtual machine and a new PC I built for my kid.  I can provide all the license keys purchased through your system.  So, I do not understand the nature of your comment.     

Link to post
Share on other sites

@AdvancedSetup The file in question appears to have been generated by ExifTool.  It was created the same time I installed and ran ExifTool to extract metadata from PDF files.  And thankfully, it has not reappeared since it was deleted and quarantined by Malwarebytes.  I have and will not run ExifTool again if it is a potential threat.  I ran across a few prior posts regarding ExifTool and a possible false positives.  I hope this is another example of a false positive.  But, I am taking precautions just in case.  I assume I should uninstall ExifTool, which I only needed for one project anyways?   Is it enough to uninstall it or do I need a third party app to find any supporting files that may still be present (like you sometimes have to on the Mac)?  Should I reinstall Windows?  The VM resides on an external SSD, is that SSD still safe to use with the Mac?

Link to post
Share on other sites

  • Root Admin

Hello @Hellyeah

I'm sorry, we have a similar output for that. My fault and I apologize for the mistake.

Trojan.StolenData is Malwarebytes’ generic detection name for files, folders, and registry entries with user data gathered by other Trojans.

If you like we can scan the system further to see what's going on. If you can post back the full log from the scan via the Reports section of the program that would help.

Let me know if you'd like to scan further.

Thank you

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.