This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Did quarantine prevent trojan from sending data?

By checking my quarantine manager, I discovered "appconf32.exe" to be quarantined. It is part of a banker trojan. However, the original file had not been moved, but still was in windows\system32.

Additionally, in system32 I found the dll-files of the associated browser addons which read out the urls and passwords. Obviously they had been active for the last 2 weeks, since tons of web addresses and passwords were saved in the particular folders that the trojan had created.

Now I wonder whether the readout data had remained on my harddisk, since appconf.exe had the status of being quarantined, or if they had been sent out.

This thread was automatically locked due to age.

0 QC over 14 years ago

Hello tomtack,

quarantine doesn't move the files - they stay in their original location. Does Sophos also detect the dlls and which variant of Troj/Banker does appconf32.exe belong to?

Obviously they had been active for the last 2 weeks

From when is the detection? If it's less than two weeks (and the analysis says that it is a new detection) then they likely did their job. If in doubt please do call Support.

Christian

:6363
Cancel
Vote Up 0 Vote Down

Cancel