Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Did quarantine prevent trojan from sending data?

tomtack

By checking my quarantine manager, I discovered "appconf32.exe" to be quarantined. It is part of a banker trojan. However, the original file had not been moved, but still was in windows\system32.

Additionally, in system32 I found the dll-files of the associated browser addons which read out the urls and passwords. Obviously they had been active for the last 2 weeks, since tons of web addresses and passwords were saved in the particular folders that the trojan had created.

Now I wonder whether the readout data had remained on my harddisk, since appconf.exe had the status of being quarantined, or if they had been sent out.

:6307


This thread was automatically locked due to age.
Parents
  • 0

    Hello tomtack,

    quarantine doesn't move the files - they stay in their original location. Does Sophos also detect the dlls and which variant of Troj/Banker does appconf32.exe belong to?

    Obviously they had been active for the last 2 weeks

    From when is the detection? If it's less than two weeks (and the analysis says that it is a new detection) then they likely did their job. If in doubt please do call Support.

    Christian

    :6363
Reply
  • 0

    Hello tomtack,

    quarantine doesn't move the files - they stay in their original location. Does Sophos also detect the dlls and which variant of Troj/Banker does appconf32.exe belong to?

    Obviously they had been active for the last 2 weeks

    From when is the detection? If it's less than two weeks (and the analysis says that it is a new detection) then they likely did their job. If in doubt please do call Support.

    Christian

    :6363
Children
No Data