Trojan In Thunderbird / OpenPGP

Discussion in 'malware problems & news' started by CyberWorm, May 8, 2010.

Thread Status:
Not open for further replies.
  1. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    Up until last week I have been using CPanel's webmail for my business email. I gave thunderbird a try because I wanted easier access to my email without having to keep loggging in and out of the site. I also downloaded a Thunderbird addon called enigmail which allows you to sign and encrypt email using OpenPGP.

    Today Norton did a full system scan and revealed a virus hidden as hide.dll located in C:\Users\Andrew\AppData\Roaming\Thunderbird\Profiles\7pgbd38j.default\ImapMail\mail.xxxxxxxxxx.co.uk\INBOX.sbd.

    VirusTotal Result: ~Removed per Policy~

    With all the protection I have on my PC I am very suprised this is even here. Clearly this is a common trojan which went undetected by Norton, MSE and PrevX for a long period of time. I am more interested in how this trojan got on my system in the first place. It appears to have come in either enigmail, OpenPGP, or Thunderbird. All downloaded from the original source.

    My concern now is seeing words like Sinowal, and Rootkit on the VirusTotal website. Any suggestions what next? I guess I start with changing all my passwords to be on the safe side from a clean PC.
     
    Last edited by a moderator: May 8, 2010
  2. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Sorry to say but it's your security in peticuliar, Norton. I have those encryption programs and thunderbird and don't have that dll. Norton is the only one that probably scans email coming in and it's updating process is horribly slow so detection is often too late.
     
  3. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    One of my websites was recently hacked from Russia so i wonder if there is a connection between the two. I don't trust my computer now, there could be a ton of other malware hiding in the background. I think its time for a format / re-install.

    Bastards arn't they!
     
  4. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Well, you just learned the hard way that many here haven't yet and that is the "Antivirus" solution or "re-active" solution cannot be relied upon. The good guys are always behind and playing catchup with the bad guys.

    Use an AV as an opinion only and concentrate your setup on the "pro-active" approach meaning - virtualization like sandboxie, returnil, virtualbox, etc and "DAILY IMAGES"!
     
  5. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    My problem is I am using Windows 7.64 which slims down my software options. I have a fairly decent setup at the moment so I am shocked this got through undetected. I am just interested where it came from.
     
  6. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I'm not shocked in the least because Norton finally "reacted" and detected it when it was able to but not block it in the first place. And that is because of how the AV solution works. If you have images, then it's a quick (10-15 minutes) restore and your back in business. You only have to decide how far back in time you need to go.
     
  7. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    I'm not using any imaging software at the moment. I have a paid copy of Paragon Disk Backup Pro 10 but had a bad experience with it. Plus now I only have one 1.2TB drive so wouldn't that mean having to put the images onto a portable drive, or splitting my main drive into two?
     
    Last edited: May 8, 2010
  8. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Yes, external media is the best solution as long as you have the space. If you don't have that, for now at least, use free partition software and create a D partition to store your images on. Visit the new backup section lower in this forum for more info.
     
  9. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    There are not that many backup programs which support Windows 7 x64 with a SATA RAID configuration. Paragon does so I will give it another go.
     
Loading...
Thread Status:
Not open for further replies.