Discovered a very bad security flaw today that appeared to use onedrive to steal data off my sons pc which was infected by several viruses and Trojans which a clean pc as of this writing could not detect the infection causing the breach, but was able to detect some of the older type infections that the virus opened a doorway for.
For all I know, it could be a breach in onedrive itself that could be an issue, so wanted to mention it here due to what I saw.
My son called me after he slammed his pc down when he noticed onedrive downloading trainers off my hard drive partition. When I heard this I was worried at first of items with my info floating around the net, so when I got home and checked his pc, noticed they actually didn't get any trainers, but only the shortcuts I made for some. They downloaded to a folder that had no real name except for a lot of characters and numbers. I pulled the harddrive and ran a scan on my own pc as when I booted my sons pc back up, couldn't connect to the internet.
So many infections, I formatted the ssd drive and restored from a clean image I made a week prior. After plugging the drive back into his pc and booted up, his pc ran fine 20 minutes until again onedrive started downloading files that were not even sections meant for onedrive. I pulled the drive and ran scan again which turned up nothing. Plugged it back in and few minutes after bootup, Trend went off with trojan warning. Shortly after that, ports slammed shut and internet was lost. Formatted yet again and restored from Image to have similar problems happen all over again.
What was most annoying part was realizing onedrive was the culprit in reinfecting my sons pc and only way to stop it was to unsubscribe, and then restore yet again from image. Moment I let the pc reconnect to onedrive, it would be reinfected and couldn't remove a single file.
I got around this by using an old formatted Android phone, and using wifi, downloaded onedrive and deleted everything on it.
Lost count how many times I restored my sons drive today, but since the complete wipe of one drive, no further issues.
Im hoping all that was taken was a few icons. Not sure where infection came from. Logs don't show much except infected files. I also pulled the extra drives that held anything of importance, so only thing on my kids computer are games. I even removed all trainers and reset everything just to be doubly safe. Also spent 2 hours on my own pc changing passwords. Im only posting about this here because of the failed trainer theft, in case anyone else has seen similar and at least a temp way to fix it for now.
Important Board Topics
Trending Topics