Anybody else been hit with the Russian spyware attack of VBS:Gamaredon-CM

Two on Tour · Mar 22, 2022

Both our pc's at home have been attacked with this Russian malware.
Our AVG anti-virus caught it, but it has quarantined all my Thunderbird email accounts and a few other parts of our system.

Jimbohorlicks · Mar 22, 2022

Not heard of that one but thanks for the heads up.

irnbru · Mar 22, 2022

Two on Tour said:
Both our pc's at home have been attacked with this Russian malware.
Our AVG anti-virus caught it, but it has quarantined all my Thunderbird email accounts and a few other parts of our system.

How would we know? Does something pop up on the screen?

Two on Tour · Mar 22, 2022

irnbru said:
How would we know? Does something pop up on the screen?

Your anti-virus should do if you keep it up to date.

Andacami · Mar 22, 2022

Yep AVG caught it for me. Thunderbird email, prefs.js. Could also impact Firefox browser and other Mozzilla based apps.

Yikes!!!

Two on Tour · Mar 22, 2022

Andacami said:
Yep AVG caught it for me. Thunderbird email, prefs.js. Could also impact Firefox browser and other Mozzilla based apps.

Yikes!!!

Just trying to find a way of getting rid of it now !!
Do you have the full version of AVG or the freebie ?

Andacami · Mar 22, 2022

Just the one PC so far...

Andacami · Mar 22, 2022

Two on Tour said:
Just trying to find a way of getting rid of it now !!
Do you have the full version of AVG or the freebie ?

Full.

I use Revo uninstaller to get rid of Thunderbird and all its files and registry settings.

Just rerun AVG, all clear.

Emails via web anyway

Andacami · Mar 22, 2022

AVG have definition and program updates this evening, worthwhile installing them of course.

Figaro · Mar 22, 2022

What are Thunderbird emails ?

Just smiffy · Mar 22, 2022

I’ve got an iPad…. The only virus I’ve known over 8yrs is covid….

Andacami · Mar 22, 2022

Figaro said:
What are Thunderbird emails ?

Thunderbird is an email program from Mozzilla. It is used to read and compose emails on your computer.

Figaro · Mar 22, 2022

Same as Outlook or Gmail ?

Taran_Las · Mar 22, 2022

I only get a virus if I go to iffy porn sites

.

Realist · Mar 22, 2022

Taran_Las said:
I only get a virus if I go to iffy porn sites.

You as well.

Andacami · Mar 22, 2022

Figaro said:
Same as Outlook or Gmail ?

Yep. Although Gmail is more of an app as it's primarily web based.

the1andonly · Mar 22, 2022

Taran_Las said:
I only get a virus if I go to iffy porn sites.

my son ( it guru) says thats now an old wife tale as porn is such a legit business now that they cant afford to be associated with virus's. More likely to be ifffy game forums.

icantremember · Mar 23, 2022

Two on Tour said:
Both our pc's at home have been attacked with this Russian malware.
Our AVG anti-virus caught it, but it has quarantined all my Thunderbird email accounts and a few other parts of our system.

Yes, it was picked up and quarantined by AVG.

I only installed AVG about 10 days ago after I removed Kaspersky having been warned it could be a problem.

Gellyneck · Mar 23, 2022

Figaro said:
What are Thunderbird emails ?

Figaro said:
Same as Outlook or Gmail ?

In simple terms Thunderbird is an email client for managing your email accounts.
Instead of having to log into multiple GMail \ Outlook \ etc email accounts you can link them all to Thunderbird and view \ use all your accounts in one screen \ desktop.
I've got about a dozen email accounts linked to Thunderbird so one login \ password instead of twelve! One of these accounts has 100's of masked accounts associated with it.

Gromett · Mar 24, 2022

False positive I believe.

rod_vw · Mar 24, 2022

VBS:Gamaredon-CM was secured by AVG yesterday when I accessed Facebook! It happened twice then I guess Facebook got rid of it off their systems.

Gromett · Mar 24, 2022

AFter doing more research on this I am inclined to believe that this is a false positive.

VBS is for visual basic script... .js files are javascript and are nothing to do with VBS.
Gamaredon are a spear fishing outfit who target the people they want to attack. Usually organisations. They do not do widespread attacks like this appears to be.

Due to this and the widespread nature of the reports that happened right after a signature file was updated I believe this is a false positive and I wouldn't worry about it.

Gromett · Mar 24, 2022

Microsoft discloses new details on Russian hacker group Gamaredon

Join today's leading executives online at the Data Summit on March 9th. Register here. The Russia-linked threat actor Gamaredon, which

maislsenders.com

Anybody else been hit with the Russian spyware attack of VBS:Gamaredon-CM

Two on Tour

Jimbohorlicks

irnbru

Two on Tour

Andacami

^{_{Subscribers do not see these advertisements}}

Two on Tour

Andacami

Andacami

Andacami

Figaro

^{_{Subscribers do not see these advertisements}}

Just smiffy

Andacami

Figaro

Taran_Las

Realist

^{_{Subscribers do not see these advertisements}}

Andacami

the1andonly

icantremember

Gellyneck

Gromett

^{_{Subscribers do not see these advertisements}}

rod_vw

Gromett

Gromett

Microsoft discloses new details on Russian hacker group Gamaredon

Latest journal entries

Woodside field

Scotland 2023

Wandering to the Balkans (Croatia, Bosnia Hertztagovina, Montenegro)