Windows Defender identified and removed a threat on my Win10Pro PC called "Trojan:Script/Cloxer.A!cl". But there is no information on the web on this trojan, searching for this yields little/nothing. The Windows Defender info on this is only that they consider it severe and: This program is dangerous and executes commands from an attacker and the microsoft.com description on this is here.
How can I get more details on what this virus does/did? What are the commands it may have run? Does is try to obtain user names and passwords? Does it find and upload files someplace? Is it a crypto miner? Spyware? DoS zombie? How was my system impacted? Should I totally wipe and re-install? I'd just like to know what this Trojan does/could do so I can gauge the impact of it and I'd like to know the vectors it uses as to how it got on my system.
I do keep my system up to date (on Win10 Pro V 1709 Build 16299.248) and my Defender is up to date and I run it often, but I have no other protection.
UPDATE: On the point that this post may be a duplicate - I disagree and feel this is NOT a dupe. Mainly I am looking for specific details on the Cloxer virus, not how to remove it (but that referenced post is good and a logical next read for viewers of this post).
Answer
It is very likely that nobody knows, except the author (if it is a human). The script was identified by an AI, thus given a meaningless name and providing no information about what the behaviors are. For all we know, it was an AI that created it as well.
Most of these scripts are Adware and don't work well. It may not have infected your computer and only been present in your browser cache or download files. Getting a timestamp and location of where Defender found the virus might give you a sense of how severe the problem is. If the file has been quarantined, it could be examined. A lot of these are in javascript now so we can see exactly what they do.
First thing, though, is change your passwords. In case it was a keyboard logger, it may have those. If you wipe and restore your computer every time a virus lands on it, then that's all you'll ever do. If you had a security clearance and it was a national security issue, you'd already have people doing it for you. Think about your biggest exposure (bank logins, paypal, etc.) and change those passwords. Then try not to worry about the rest.
No comments:
Post a Comment