As title, keep your eyes peeled on your systems for a file called twext.exe.
I had an email from eBay today stating that my account might have been compromised blah blah and they had removed items listed by a 3rd party and I had to reset my password etc. It was a genuine email.
Anyway, I reset my password etc, then I got to thinking, how did this happen and is my PC clean. I had just ran HijackThis about a week ago and all was well.
So I ran HijackThis only for it to find an entry called twext.exe. A little searching and I soon found this is supposedly a password stealing type of trojan.
It's located in the System32 folder somewhere as a deeply hidden file.
Little bugger is a backdoor trojan bot that edits the userinit and allegedly tries to steal password information and upload it to a server. Although I am not sure exactly what passwords it looks for and how it does so?
So I swiftly removed this by turning off System Restore and scanned using MalwareBytes. Everything now appears clean, although I have just had to spend the last hour or more changing all of my passwords - all email accounts, forum accounts, ebay, paypal, my router, the works.
Now, maybe it's a coincidence that my eBay account was allegedly compromised and this file was also on my system, but I was not prepared to take the chance.
This is just a heads up for everyone to be vigilant and check your system regularly. I would consider myself pretty careful whilst online and I do update regularly, but it just goes to show that it can happen easily to anyone. I have no idea where this file came from, or how it got through 'the net'.
I had been running Norton AV, with Norton Personal Firewall, Spybot (using Teatimer) and SpywareBlaster and this is the 1st time anything nasty has got through.
One time too many in my opinion though, so I have changed my AV to Avast and will check my system even more than normal now.
I am also wondering if I should install SuperAntispyware along with my current spyware software, or remove them and install it, or just leave as is?
I had an email from eBay today stating that my account might have been compromised blah blah and they had removed items listed by a 3rd party and I had to reset my password etc. It was a genuine email.
Anyway, I reset my password etc, then I got to thinking, how did this happen and is my PC clean. I had just ran HijackThis about a week ago and all was well.
So I ran HijackThis only for it to find an entry called twext.exe. A little searching and I soon found this is supposedly a password stealing type of trojan.
It's located in the System32 folder somewhere as a deeply hidden file.
Little bugger is a backdoor trojan bot that edits the userinit and allegedly tries to steal password information and upload it to a server. Although I am not sure exactly what passwords it looks for and how it does so?
So I swiftly removed this by turning off System Restore and scanned using MalwareBytes. Everything now appears clean, although I have just had to spend the last hour or more changing all of my passwords - all email accounts, forum accounts, ebay, paypal, my router, the works.
Now, maybe it's a coincidence that my eBay account was allegedly compromised and this file was also on my system, but I was not prepared to take the chance.
This is just a heads up for everyone to be vigilant and check your system regularly. I would consider myself pretty careful whilst online and I do update regularly, but it just goes to show that it can happen easily to anyone. I have no idea where this file came from, or how it got through 'the net'.
I had been running Norton AV, with Norton Personal Firewall, Spybot (using Teatimer) and SpywareBlaster and this is the 1st time anything nasty has got through.
One time too many in my opinion though, so I have changed my AV to Avast and will check my system even more than normal now.
I am also wondering if I should install SuperAntispyware along with my current spyware software, or remove them and install it, or just leave as is?
