Windows 10: Windows attack can steal your logged-in username and password

The issue is with shared drives which mostly involved the enterprise. The threat has increased because of the use of MS account to get access to a shared drive.

 

Hi simrick,

Thanks for the feedback *Biggrin Here are the results:
- I ran RKill with Avira off and there's no issue with the Hosts file, thankfully.
- It's a bit disconcerting that Trovi somehow got through with all the levels of security, but I made the DNS changes you suggested and hopefully it'll help. I ran a test of IPv6 on Test your IPv6., and the summary states 'Your current configuration will continue to work as web sites enable IPv6' but I'm able to browse IPv4 net only and I won't be able to reach IPv6-only sites. There were three 'bad' results with IPv6 in the 'Test Run' tab (Test with IPv6 DNS record, Test IPv6 large packet, Find IPv6 Service Provider). Is this just a service provider issue or should I be making some adjustment?
- Following your link to the ESET instructions in SevenForums, the actual link to ESET isn't what is shown in the screenshot (it's a MAC ESET purchase page). I used this link instead: Free Virus Scan | ESET Online Scanner ESET
It looks a bit different but I guess it's an updated version. Anyway, it found no suspicious files *Smile Huge relief! It's nice to be assured that another install is not necessary in this computer's near future. Many thanks! *Biggrin

 

Okay good!

I think IPv6 is too new, and these are ISP issues. I have Charter for an ISP, and I get no IPv6 yet at all.

They have indeed updated their page; sorry about that. The instructions are basically the same though. Glad it didn't find anything. That's good - it's like a final "all clear".

 

When and if I get an answer, if Malwarebytes Anti Exploit protects against this, I will post here it here. Ok, I just got my answer from pbust a moderator at Malwarebytes Forums:

Windows Credential Leak Flaw - News, Questions and Comments - Malwarebytes Forums

 

Thanks for following up on that Cliff.

 

This is another long standing security & QA issue MS to sort out.

 

Simple solution: don't have a login password - nothing to steal! ;-)

Seriously though, I never set up my systems with a login password. Been like that ever since I used Win 95.

I always found password protected accounts caused more problems than they prevented.

I exercise a bit of caution (online) and keep the system secure with a well-maintained firewall and malware prevention.

Never had any issues.

(Disclaimer: what works for me, may not work for others!)

Cheers,

Mike.

 

You're welcome*Smile

 

Hello, once again another one of these pop-ups that freezes Chrome and gives a phone number to call popped up. I ran through everything, and in AdwCleaner there were 4 things to delete. "Tracing" keys being deleted has nothing to do with key-logging... right?

Could you please (or anyone else knowledgeable on this matter) explain what happens when a script grabs a current login cookie session? How can that be used to be "me" in another browser, and how is that damaging?

As to changing passwords, the main one is for Chrome itself. Does that mean I should be changing it? How about for Facebook (I believe I was logged in at the time?) It's a bit frustrating to be revisiting this issue again, but I appreciate the help, thank you.

 

Hi there

Probably forgotten about in the annals of history -- how many offices can you go into these days and readily pick up something that's even 4 years old !!!!!!.

In any case the Windows OS was so different 20 years ago (at least it should be- surely the whole art of software has improved over 20 years -- at least I hope it has !!!) that the old exploit probably was deemed as non applicable to newer OS'es.

I still think though after all these years - and I've been using Windows ever since Windows 3 -- that Networking still remains a mega problem with Windows -- all my networking is done via LINUX servers and my Windows systems are merely clients - so unless I'm messing around with VM's this type of problem doesn't exist for me --and I'm usually using Firefox as my main browser anyway.

Cheers
jimbo

 

Again? UGH! *Mad How I hate these scumbags!
You can see the developer's documentation here for an explanation of what the tool does.
ToolsLib - [EN] - AdwCleaner documentation - Forum
Tracing has to do with the network.

It's called Session Hijacking and you can read about it here:
Session hijacking attack - OWASP

What I would do is make sure you are logged out of all other sessions. For instance, in Facebook (somewhere - I don't use it much), there is a place to see what all browsers you are signed in on. You can can select to delete all sessions. If anyone has stolen a session cookie from you, that will disconnect them.

Not sure how Chrome works, as I don't use it much.

Honestly, these things can get in from infected webs sites, infected ads, exploits of Flash or Java, unpatched browsers, etc. I use Firefox for my main browser, as it is the most customizable and therefore safest browser. I have browser add-ons (like Flash and Java) set to "ask to activate", I have another add-on which shall remain unnamed (per forum rules), I use WOT to evaluate web-searched sites for safety, I use OpenDNS DNS servers on my NIC to prevent navigating to known bad sites, I use LastPass Password Manager and only log into it when needed, I do not login to the browser to "sync" anything, and I have MBAE for zero-day browser exploit mitigation. All this, plus anti-virus, anti-malware, anti-spyware and CryptoPrevent. Knock wood, I have never had one of these on my system yet, and I do a lot of searching in order to answer threads on this forum. *Wink