Spyware/Keylogger found on machine......

Hi guys,

We've found a Key Logger on someone's PC in our U.S offices. The trojan is Trojan.Boaxxe and it has indeed spotted 'Spyware.Ursnif' all over the place. We had some fraudulent activities occur in November 2017.

I've even included the snapshot for you of the findings. When I go to the .txt files you can see, it definitely has November dates which is when the frauds occurred. However, if I go to the 'Tojan.boaxxe' location which is in the Appdata\Local\YJPack location, the date for that is 2015. I'm trying to work out when the actual keylogger was installed.

Is there anyway of finding that out? And how on earth would a keylogger have been installed? Would it usually be through a manual installation or a possible script via phishing etc?

Thank for helping
Yashy
Spyware.jpg
LVL 1
YashyAsked:
Who is Participating?
 
Hello ThereConnect With a Mentor System AdministratorCommented:
1. If possible, disconnect from the Internet.
2. Enter the Safe Mode and run Disc Cleanup or anything that deletes all your temp files.
3. Still in Safe Mode... run all necessary scans. Deep scans!
Some free tools: Kaspersky TDSSKiller for removing rootkits, Malwarebytes and HitmanPro for removing malware, AdwCleaner for removing adware.
4. Try to remove all 'unknown publisher' apps as well as recently downloaded files.
5. If nothing helps, you should consider reinstalling your OS.
Good luck!
0
 
masnrockConnect With a Mentor Commented:
My bet would be on phishing being the root cause. You don't allow remote access directly to user systems, correct? Also, I notice you never mentioned whether users have administrative rights on their machines, which can be an issue in and of itself.

You could utilize a forensic tool like Redline from FireEye to conduct an investigation on that system. It will show you all sorts of activities such as logons and file creations.
0
 
YashyAuthor Commented:
That's right, we don't have anybody allowed for remote access. Also, nobody has Administrative rights.

I will definitely look into the 'Redline' application. Appreciate your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.