my identity and credit card info. was stolen and running a scan I found /users/mac-pc/.trash/cbsidim

-sp1_0_150-1Password-SEO-95581.dmg had OSX.Trojan.Gen . I have no clue on this but the software scanning quarantined it as a virus. Can you tell me what this is.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:found infection OSX.Trojan.Gen somehow attached to my 1password

Comments

  • Hi @shep6352,

    That's not our file for sure. Where did you download 1Password from? It looks like you've downloaded a malware-infected version of 1Password from a site that's not ours. Did you download it from CNET? From a quick google search, it looks as if it came from CNET version of 1Password that is not authorized by us.

    If in fact, you didn't download 1Password from our own site, you may have given the malware the master password and that could've been used to steal your data.

  • shep6352
    shep6352
    Community Member

    well, that could easily have been. I cannot recall but yes, could have downloaded from CNET. I never have quite understood but I have 1 password on all of my devices. I know I have purchased a license that I am sure you can verify. I may very well have tried it from cnet originally. he real question is, where do i go from here? How do I get it on all my devices under the license I own? I do not even know where to start.

  • shep6352
    shep6352
    Community Member

    I do have my original license and order number from 5/14/14. can I destroy all of the versions I am running then re-install clean copies?

  • Hi @shep6352,

    As you already know and I can confirm, you do indeed have a licence for 1Password 5 for Mac so you will definitely be able to install a clean copy of 1Password for Mac from our AgileBits Download page and use your licence file to disable the trial mode.

    What you want to do before this though is be 100% confident that your machine is free from anything nasty and here's where it get's tricky. I personally wouldn't be happy unless I scanned the internal drive from a known clean machine and you know what, if you have doubts scorched earth policy. Save your files, wipe the machine and start over. As you can see I don't take infections lightly. I'm only like this because I've come across machines where the damned things lodged themselves in so deep it was less painful to wipe and start again. Now that's just my personal opinion but I state it because you're a 1Password user and that means you want to take your security seriously.

    Should you decide on this we can make sure you know where the support files are so there isn't any risk of your vault being lost.

  • shep6352
    shep6352
    Community Member

    well, it turns out that file was an installer and in the trash. Apparantley I purchased the license after either my free period was up or maybe the original version from cnet didn't work. I just do not recall. That said, it would appear that the version running on my computer is the lisenced copy. I find it strange that when it loads 1password mini in the toolbar ( from the 1password icon ) it loads a v.4 but when I open the main program it shows the newest version. Nonetheless, we are thinking that when I did install it originally from CNET and created the master password the trojan got that password. like an idiot, I did not change the master password when I bought the program. ( i also bought it again on my iphone/ipad). I have of course changed it since and running live symantec scan all seems clean.

    ( did i mention i hate this stuff :dizzy: )

  • I'm glad you got it all cleaned up. I would suggest keeping an eye out on your credit card and bank statements over the next few months, just in case.

    ( did i mention i hate this stuff :dizzy: )

    We all hate this. :(

  • danco
    danco
    Volunteer Moderator

    If you installed from CNET this "trojan" is likely to be adware rather than anything causing real damage.

    Many of the download sites provide installers that install adware as well as the wanted program. They can get away with it because they do tell you this in very small type and also tell you how to download a version without this.

    Likely effects are a hijacking of your web browser home page, an unusual search engine, and too many ads.

    It's worth using Malwarebytes anti-malware program for Mac. They are a well-respected anti-malware provider for Windows who recently took over the Adware Medic program (and developer) for the Mac

  • shep6352
    shep6352
    Community Member

    well, all good advice. I am checking all my versions to be sure they are my licensed versions. I am going to run current protection, I will look into Malwarebytes for certain this weekend. It is quite disconcerting but seemingly hard to avid. Just want to be smarter about it all.

  • shep6352
    shep6352
    Community Member

    thanks mike...big help!

  • You're welcome.

This discussion has been closed.