I had a trojan on my system, should i change my master password? [Depends]

ntimo
ntimo
Community Member
edited July 2015 in 1Password 4 for Windows

Hello,
I had an trojaner on my computer for like 4 days know till my antivirus found it. And removed it. Should I be worried about my 1password data? And what sould I do know?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • MikeT
    edited June 2015

    Hi @ntimo,

    Do you recall what trojan it was? If it is capable of copying your keystrokes, uploading files, and you don't unlock 1Password on secure desktops, than you probably should consider your system compromised and take steps to start changing your data.

    First thing is to stop syncing your data (this is important as you don't want to change passwords first and sync it to the other side that still have access to your cloud services) and change the password right away from whichever sync methods you're using (OneDrive, Dropbox, Google Drive, etc). This would prevent future changes from being sync'ed to the attacker's machine. If you're using Dropbox, you should go to the Dropbox.com's security page to revoke access to any unauthorized computers.

    I would also recommend investing into 2-step verification for your sync service, I know Dropbox has one but I don't know what you use.

    Once you're sure that no information is being sync'ed from your computer that hasn't had its password changed, than you should start by changing your 1Password master password and then the password for your highly sensitive sites.

  • ntimo
    ntimo
    Community Member
    edited June 2015

    The trojan was Trojan:Win32/Skeeyah.C!plock. Well I have just changed the 2factor code from dropbox and google. Because I save them in 1PW. And the passwords. From Google and Dropbox and the master password of my 1pw vault. So I should be good now? In dropbox there was no new computer connected to my account. And i revoced access to all apps. Thar where not 1pw or my diary.

  • Hi @ntimo,

    You should be good but keep an eye out on future infections. I'd consider using a firewall to monitor outgoing connections to make sure nothing suspicious is being moved.

    I'm surprised your AV found it today after 4 days, the threat was detected back in late Feb of this year, so it should've been caught on the first day. I'd suspect revising your AV setup to make sure it is updated daily properly.

  • ntimo
    ntimo
    Community Member

    Well Iam normaley using Kaspersky but mylaptop is running Windows 10 witch Kaspersky does not support yet. So i have to use windows defender.

  • Hmm, that's even stranger because Windows Defender has added it to its definition back in Feb as well as mentioned here: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan:Win32/Skeeyah.C!plock&threatid=2147692023

    In that case, I would recommend being very careful on Windows 10.

This discussion has been closed.