I had a trojan on my system, should i change my master password? [Depends]
Hello,
I had an trojaner on my computer for like 4 days know till my antivirus found it. And removed it. Should I be worried about my 1password data? And what sould I do know?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @ntimo,
Do you recall what trojan it was? If it is capable of copying your keystrokes, uploading files, and you don't unlock 1Password on secure desktops, than you probably should consider your system compromised and take steps to start changing your data.
First thing is to stop syncing your data (this is important as you don't want to change passwords first and sync it to the other side that still have access to your cloud services) and change the password right away from whichever sync methods you're using (OneDrive, Dropbox, Google Drive, etc). This would prevent future changes from being sync'ed to the attacker's machine. If you're using Dropbox, you should go to the Dropbox.com's security page to revoke access to any unauthorized computers.
I would also recommend investing into 2-step verification for your sync service, I know Dropbox has one but I don't know what you use.
Once you're sure that no information is being sync'ed from your computer that hasn't had its password changed, than you should start by changing your 1Password master password and then the password for your highly sensitive sites.
0 -
The trojan was Trojan:Win32/Skeeyah.C!plock. Well I have just changed the 2factor code from dropbox and google. Because I save them in 1PW. And the passwords. From Google and Dropbox and the master password of my 1pw vault. So I should be good now? In dropbox there was no new computer connected to my account. And i revoced access to all apps. Thar where not 1pw or my diary.
0 -
Hi @ntimo,
You should be good but keep an eye out on future infections. I'd consider using a firewall to monitor outgoing connections to make sure nothing suspicious is being moved.
I'm surprised your AV found it today after 4 days, the threat was detected back in late Feb of this year, so it should've been caught on the first day. I'd suspect revising your AV setup to make sure it is updated daily properly.
0 -
Well Iam normaley using Kaspersky but mylaptop is running Windows 10 witch Kaspersky does not support yet. So i have to use windows defender.
0 -
Hmm, that's even stranger because Windows Defender has added it to its definition back in Feb as well as mentioned here: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan:Win32/Skeeyah.C!plock&threatid=2147692023
In that case, I would recommend being very careful on Windows 10.
0
