This forum requires Javascript to be enabled for posting content
Hi I have done a very stupid thing against all my advice I give to other people. I have opened an attachment containing a Malicious macro! The email and attachment looked similar to invoices I receive so I scanned it for virus's which was clean and then opened it. It opened in MSWord protected mode but then I did a silly thing and clicked on edit! I just had a blank page in protected mode and in edit mode so not sure if I had compromised my system. The macro allegedly downloads Trojans to steal passwords, banking details etc.
My questions are:
1. would I have infected my system given that the page was blank.
2. I have not visited, logged onto any financial institution since I opened this file so would any of my banking stuff been compromised?
3. I have repartioned the boot drive and reloaded windows 10 fresh, so would that have got rid of any virus?
Thanks
Not for sure if I would have reloaded W10 but if you did this and you reloaded W10 with the "do not save anything option" then this should have taken care of the problem. If you are using Windows Defender then you might consider doing a complete scan instead of the quick scan, it takes longer but it will scan a lot more files. You might also consider running a Malwarebytes or SuperAnti malware scan.
Thanks for your reply Dandl.
Once I had realised what I had done I did a full scan with Sophos home which was clear, then as you suggest Malwarebytes which came up clean and then super anti malware which just showed up a bunch of cookies. Then paranoia took over and I repartitioned the boot drive and reinstalled Windows without saving anything ( all my data is not on the boot drive). I have since done a full scan with defender and Malwarebytes on the boot drive and data drive which comes up clean so hopefully I have a clean base.
I have changed all my banking pins and passwords from my iPad and will probably change all my other passwords as well, overkill maybe but I deserve it for my stupidity.
Am I correct in thinking that even if my system was infected, if I didn't access my online banking or open any files with sensitive info my accounts wouldn't be compromised?
Hi Pauly - As long as you didn't have any information about your banking details saved on the computer and didn't access/log-in to your online bank, you should be fine.
You did the right thing clean installing. The common type of infection delivered via malicious attachments are Trojans which are one of the more invasive types of malware.
I have changed all my banking pins and passwords from my iPad and will probably change all my other passwords as well,
Good move, and I would definitely change all passwords. In this situation, there is no such thing as overly cautious.
Hi Jim thanks for your reply much appreciated.
Just realised I have got bank statements and account numbers stored on the data disk, no passwords though, how do these Trojans work, do they sit there and monitor your activity?
Great website by the way, always look forward to your articles.
Hey Pauly, I'm far from an expert, but a lot of Trojans plant themselves into your system and go about their business. Some have the ability to take control of your computer, others are designed to steal information by keystrokes. Examples:
Backdoor
A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching, and deleting files, displaying data, and rebooting the computer. Backdoor Trojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes.
Exploit
Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer.
Rootkit
Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer.
Trojan-Banker
Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems, and credit or debit cards.
Trojan-DDoS
These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address… leading to a denial of service.
Trojan-Downloader
Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.
Trojan-Dropper
These programs are used by hackers in order to install Trojans and / or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.
Trojan-FakeAV
Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats… even though the threats that they report are actually non-existent.
Trojan-GameThief
This type of program steals user account information from online gamers.
Trojan-IM
Trojan-IM programs steal your logins and passwords for instant messaging programs – such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype, and many more.
Trojan-Ransom
This type of Trojan can modify data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand.
Trojan-SMS
These programs can cost you money – by sending text messages from your mobile device to premium rate phone numbers.
Trojan-Spy
Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots, or getting a list of running applications.
Trojan-Mailfinder
These programs can harvest email addresses from your computer.
Occasionally, I also do a little "Woooops!" by downloading something I thought would be good and safe, only to find it included a whole bunch of 'Crapware'.
Of course, I could use my Un-Installer to remove the 'Crapware' just hoping I'd removed it all, or.......
I can shutdown the PC, re-boot with my Ghost Backup/Restore CD and do a Restore of my C: drive, back to my last Ghost Backup. Which, if I've followed my own advise, will never be more than a few days old....a week at the most.
I won't loose any recent data files, because I back them up to a 1TB USB 3.0 external HD on a daily basis.
So, getting something on your PC that you don't want or that is totally corrupt, doesn't have to be a death sentence. You can make it just a minor inconvenience.
Even a complete hard drive CRASH, doesn't have to ruin your day, if you have a recent backup of all your Stuff. Put in a new drive, do a Ghost Restore and you're back in business in just a few minutes.
Being "Old School" myself, I'm still using the last DOS version of Ghost, (Ghost 11.5) written back in 2005. It works fast and efficient and will back up every OS from Windows 98 to Windows 10/64, even Windows Server and Linux, with no problems.
It's no longer supported by Symantec, but like, who cares. It still works!
Cheers Mates! Remember....the only bad backup is the one that you didn't make.
TechnoMage 
A man with experience is never at the mercy of a man with an argument.
Jim Hillier
Richard Pedersen
David Hartsock
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
1 Guest(s)