To Customer Support To Customer Support
Solved

What do I now re: Trojan:Win32/Skeeyah.A!rfn

P
Rank
Userlevel 1
So my spouse in a moment of ... I do not know ... clicked on a phishing link on a fake Facebook email she received.
 
The webpage had a huge red screen saying it was ransomware and then a pop-up appeared (surprise!), for which she clicked on the x.... and then closed the browser.
 
I made several malware scans - deep.  I had Webroot SecureAnywhere running several deep scans (no results of infection),  I even had Malware Bytes (no infection), Microsoft Safety Scanner (no infection), and finally Windows Defender running deep scans.  Turns out it was Windows Defender (who would of known!) that found the trojan horse Win32/Skeeyah.A!rfn (twice).  I removed the trojan horse with Windows Defender, after having quarantined the trojan.  I have not seen any signs of the trojan in nearly 12 hours...
 
So, I guess my question is: now what?
 
I already uninstalled Chrome (the trojan was embeded in the Chrome appdata), had my spouse change her passwords (I also changed mine), made some backups (just in case), and I made several additional scans with no results. 
 
I am a bit disapointed that Webroot did not pick up on that trojan, but at least Windows Defender did... Though I wonder why it picked up on it twice, and now, no longer.
 
I found this information:
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_crypzablo.a
 
Looks like it was a ransomware trojan.  I followed all the steps listed, included the registry checks, hidden files, etc., no traces.
 
Is it safe for me now to do online banking on my PC?  I read some forums where people were advocating to basically destroy the hard drive, and re-install Windows completely.
icon

Best answer by Baldrick 26 August 2017, 18:30

View original

10 replies

Baldrick
Rank
Userlevel 7
Hi panzer2181
 
Welcome to the Community Forums.
 
From what I know of this piece of malware it is unlikely to be a ransomware attack...you can check that by looking to see if any of your key data files are still accessible/not encrypted...and there ceratinly does not seem to be anything in the avaialble literature to indicate ransomeware type characteristoc.
 
Having said, if you have truly been infected by this malware then the best thing that you can do, regardless of whether anything has been quarantined/removed, is to Open a Support Ticket, to advise the Support Team of the situation and get them to check your system over as this sort of maleware can dig deep into the system and attempt to hide, etc.
 
The service provided by Webroot is free for users with an active subscription...so in these circumstances I would avail yourself of that, and get the Professionals to look into this for you.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Baldrick
Rank
Userlevel 7
nl4, please do not peddle you 'testing organisation' mantra here. 
 
There are many reaosns as to why a number of applications did not catch it and also many threats and malware that WIndows Defender and others do not catch that WRSA does...AND vice versa. No security solution is 100% all of the time...period.
 
BTW, I have used KIS, NIS, WD, etc., in the past and eventually moved to WRSA...my view, my decision...period.
 
Stop preaching...no one is listening...after the first preach. You have made your point...everything is better than WRSA...because it is not idependantly tested. Fine...we get your view, even if many here may not agree with it.
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Baldrick
Rank
Userlevel 7
Where have I said that I was right...NOWHERE AT ALL...in fact I pointed that it was MY opinion/view and that everyone is entitled to theirs...and again it was MY OPINION that there are few who would agree with yours...but that DOES NOT mean that I am right.
 
You have expressed your view but when someone raises a counter view it is YOU who reacts and tries to rubbish the other's opinion.
 
This has been the theme of both recent threads that you have been involved in and frankly there is no place for this sort on interaction in this Community. So please moderate your approach or I am fairly sure that one of the Community Mods or Admins, or even Daniel will jump in and lock the thread.
 
You have been politely advised...and as far as I am concerned my contribution here is at an end.
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
R
Rank
Greetings nI4, It pleases me to no end to read just how giddy you are as a new-B poster to Webroot. Now, please permit me to ask you if you prefer to refer to that tasty tuber treat as a....potata, a tater, or a potato ?
Baldrick
Rank
Userlevel 7
OK, that is enough...back on topic.
 
The OP's original request was "Is it safe for me now to do online banking on my PC?  I read some forums where people were advocating to basically destroy the hard drive, and re-install Windows completely."
 
Let's keep to responding to the above!
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
P
Rank
Userlevel 1
Ok I have emailed tech support.
 
Hopefully they will get back to me quickly.
 
Thanks for the advice.
 
Oh, and if anyone has an idea if it is safe for me to do my banking, I am open to discussion.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
LOL I don't have the ability to lock threads but @ you need to stop trolling now. Also you only get one warning so please don't reply.
Baldrick
Rank
Userlevel 7
Hi panzer2181
 
Ok, well, in the circumstances, and given what you have described, I would hold off doing anything of a sensitive nature or that involves information that you would not want anyone else to have access to, until you have heard abck from the Suport Team re. the ticket.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
P
Rank
Userlevel 1
Got it.  I am still very nervous about this... so yah it makes sense to wait and see what tech support has to say.
 
Worse case scenario, I'll go grab that M.2 drive I've been waiting for, and do a fresh Win 10 install...
Baldrick
Rank
Userlevel 7
Hi panzer2181
 
Wise move. The ticketing system is manned 24/7 but of course, at the weekend responses may be slower than usual, so hopefully you can hold on until Monday, by which time you will hopefully have had a response, if not before.
 
Regards, Baldrick
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.