If you are one of thousands of users to receive an email about “Cisco router, vulnerability CVE-2018-0296“, please be aware that it is infected with a Trojan horse. Feel free to read more about it and use our removal guide (second half of the article) in case you have opened it.
A Trojan Horse virus infection is certainly one of the last things that you’d like to happen to your computer and yet you are on this page which most likely means that your machine has already gotten invaded by a scary email “Cisco router, vulnerability CVE-2018-0296” and that you are now seeking help with removing it. More then 6 thousand abuse cases have been found so far. Now, Trojans are definitely some of the worst forms of malware programs that can attack your computer and there are many reasons for that – those viruses are really stealthy, difficult to spot and locate inside the infected machine and their potential capabilities are many meaning that a single piece of Trojan Horse malware could be used to carry out a number of harmful activities inside a targeted computer.
Update: Many users have pointed out in the comment section that the email they have received includes old passwords. We suspect that they could have been obtained from an older hack of one of the major websites out on the Internet. We advise you to set new passwords on all your important accounts. Especially vulnerable are families and businesses, as it is hard to locate the source of the problem.
That being said, you should still not despair even if the malicious “Cisco router, vulnerability CVE-2018-0296” (or some other Trojan) has managed to infiltrate your computer – there are still things you can do to counteract the infection and in the lines below, we will try to show you the most effective methods of eliminating this virus and making your PC safe for further use.
I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
What to expect with a Trojan on your PC
We already said that those threats could be really versatile and that this one of the main factors that make them so dreadful. A Trojan virus the likes of “Cisco router, vulnerability CVE-2018-0296” very similar to Win32/Wajagen.a which hit the internet last week. Scan be used for system corruption, deletion and theft of personal data, espionage, distribution of more malware (Spyware, Ransomware, Rootkits, etc.) and so on and so forth. In general, it’s difficult to predict the actual purpose of a given Trojan Horse attack exactly because of the wide variety of activities that this type of malicious programs could execute. The important thing in all instances of a Trojan Horse invasion, however, is to waste no time and eliminate the noxious program before it gets too late.
Further protection and some more facts about the Trojan Horse malware class
You can use the guide above and/or the anti-malware program we’ve added to it to try and remove “Cisco router, vulnerability CVE-2018-0296” but even if you successfully eliminate the infection, this doesn’t mean you should let your guard down. These threats are really widespread and that is why you must constantly be on the lookout for anything that could land you another similar virus. Usually, Trojans are disguised in some way that allows them to reach more users without getting recognized as malware – spam message/e-mail attachments, pirated programs distributed via sketchy sites, fake web requests, download offers and random misleading links as well as many other kinds of content can be used for spreading “Cisco router, vulnerability CVE-2018-0296” and other similar infections. Be sure to avoid all of those as well as anything else that might not be safe or else your machine might get infected as well.
Also, note that Trojans normally show very very few (if any) infection symptoms and so it’s a good idea to have a good antivirus at your disposal that can help you detect and maybe stop a potential Trojan attack in case there are no visible signs of the malware’s presence on your computer.
SUMMARY:
| Name | Win32/Wajagen.a |
| Type | Trojan |
| Danger Level | High (Trojans are often used as a backdoor for Ransomware) |
| Symptoms | Most of the time there won’t be any symptoms yet, still, if you notice any weird system behavior be sure to investigate further as it might as well be caused by a Trojan Horse infection. |
| Distribution Method | Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods. |
Cisco router, vulnerability CVE-2018-0296 Trojan Removal Guide
Within the next guide, you will be given instructions that will help you remove the Cisco router, vulnerability CVE-2018-0296 Trojan PC virus from your computer. However, before you start carrying out the following steps, we advise you to bookmark this webpage and have it opened on a separate device nearby (a smartphone,a tablet, another PC, etc.) as some of the steps might require a re-start of the computer.
Step 1: Safe Mode and Hidden files and folders
In order to increase your chances for success, you are advised to boot your PC into Safe Mode and to also reveal the hidden files and folders that are on it. If you don’t know how to do that, here are links to separate guides that can help you: Safe Mode Guide; Hidden Files and Folders Guide.
Step 2: Task Manager
Use the Ctrl+Shift+Esc or the Ctrl+Alt+Delete keyboard combinations to evoke the Task Manager. Now, go to the Processes tab and look for anything that has the Cisco router, vulnerability CVE-2018-0296 Trojan name on it. If there’s nothing with that name, look for any processes that use too much RAM, have weird or no description and that generally seem suspicious.
If you find anything, right-click on it and select Open File Location. If you are sure that the process was malicious, delete everything in the file location directory. Then go back to the Task Manager Processes tab and stop the shady process by right-clicking on it and then selecting End Process.
Step 3: Startup
Use the Winkey+R key-combo to evoke Run. In the newly-opened search bar type msconfig and hit the Enter button.
In the new window go to the Startup and look through the startup programs. If you see anything that looks suspicious (for example, has unknown or no manufacturer), remove the tick from its checkbox to disable it on startup and then select OK.
[add_forth_banner]
Step 4: Localhost
Type notepad in the Start Menu search bar and open Notepad. Click on File and then on Open. Go to the following folder c:\windows\system32\drivers\etc and open the Hosts file. If nothing appears when you get to the etc folder that can be opened, change the file type from Text documents to All files.
Now look at the bottom of the notepad file and see where it says Localhost. Take a look below that and see if there are any IP addresses there. If there are some IP’s, copy them and send them to us in the comments section down below so that we can determine if they need to be removed.
Step 5: Registry Editor
Re-open Run and type regedit. Hit Enter and once the new window opens, press Ctrl+F. In the search bar, type the name of the virus and click on Find Next. See if anything gets found under the name of the virus and delete the registry keys and folders that come up as results.
However, remember that if you delete the wrong registry key, it might do more harm than good to your PC so if you aren’t sure, you’d better ask us in the comments below about what to do if you find anything inside the Registry Editor.
Step 6: Potentially hazardous data
Open the Start Menu and copy-paste each one of the following locations, one after the other and hit Enter after each so that the folder opens:
- %AppData%
- %LocalAppData%
- %ProgramData%
- %WinDir%
- %Temp%
Open each folder location and sort the files by date (from newest to oldest). Now, delete the ones that have been created around and after the time your PC got infected. In the Temp folder, delete everything.
Did we help you remove Cisco router, vulnerability CVE-2018-0296 Trojan? You need help with any of the steps or you simply want to give us your feedback? Feel free to leave us a comment down below – we highly value the communication with the readers of our content!
Got this today. Opened on my iPhone so I’m assuming it won’t infect a Mac. I changed my email password (even though the one listed in the email was not the correct one). And I changed my Mac password and disabled incoming connections. I shut down my Windows machine I use exclusively for a media server till I can scrub it as able to be 100% sure. Am I correct that it can’t infect a Mac? Should I have my ISP check the router?
We have heard cases where macs have been infected as well. We advise on using some sort of protect whether a free or paid anti-virus. It seems you have taken appropriate steps and you should be alright.
Hi, can you explain the same for MAC ?
We will have a guide for mac very soon as we are testing out the methods ourselves.
Hi,
I received this in my junk folder. I have a mac, do you have a guide on how to remove or check if anything has been affected?
Hi, can this affect Mac’s too? How do you clean a Mac?
Macs are affected as well. We will have a mac guide ready within a day or two.
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Your DNS records are fine.
Hi Daniel,
I received this e-mail today, too. I opened it on my iPhone – can this still affect my PC? Can a Trojan horse sit on my phone? (sorry if these are silly questions – I’m a little freaked out!)
You are fine as long as you don’t open it on your computer. We recommend installing an antivirus which lowers the chances of getting infected.
Thanks so much for this information Daniel. I also received this email and freaked. Can you confirm:
1. This is an attempt to install a Trojan and the threats in the email about exposing my online activity to all my contacts are bluffing? Do I need to change passwords in case? And should I change passwords from a different computer in a different location rather than on my phone or home computer?
2 if I opened it on my iPhone and deleted it before it even downloaded to my laptop, I should be ok? No need to scan computer or phone?
3 do you advise antivirus for my phone?
Thanks again for the work you do here.
Hi Helen
1. Most of the threats are empty however there have been cases where curtain links in the emails contain malware that can download onto your computer.
2. You should be OK if you do so.
3. iphones don’t need an antivirus app. Almost all are snake oil salesman
If this trojan horse email was in your Comcast SPAM folder are you safe if you opened it within the SPAM folder but obviously could not and did not click on the original links which were disabled by the Comcast SPAM system?
In theory you should be safe. However we have heard in rare cases that Trojans have a workaround such spam systems.
Hello Daniel, I’ve just received the same email on my iPhone around 6hours ago. I’ve opened it literally just now and I’m not entirely sure what to do first. Please reply. Many thanks.
Bear in mind, I have not opened this email on my PC at all.
Just delete it and to not open any suspicious emails especially from your computer.
Thank you for the fast response. I can proudly say that I only opened it via iPhone on my Email accounts but not directly via my Laptop. I assume that I’m safe doing this as I have now deleted the email off of my iPhone. I have not accessed it from my PC at all.
Should be safe, yes? Let me know, many thanks.
Hi Naht
You are totally safe.
What are the implications of opening this on an iPhone? I have a MacBook computer, does this mean my MacBook is also infected?
There is a much higher chance in infecting you MacBook, Macs have been strongly targeted the last year. As for you Iphone there hasn’t been any information as to viruses that have been able to breach its security.
I have only opened the email on my phone, it was in my junk folder but spoofed to look like I’d sent it myself – I’ve not clicked on any of the links and it doesn’t even look like any files are attached. Am I still at risk for simply opening the email on my phone?
That is interesting to hear. Opening it on your phone shouldn’t do any harm. If you have useful insight please let us know.
So I have opened it on my phone only – the other comment threads you’re saying opening it on your phone only shouldn’t do you any harm?
Yes that is correct.
Hi I received this email today. Should I be worried please, I opened it on my iPhone. Will my contacts be emailed with my private information on my phone?
So far we haven’t had any complaints from mobile users. We will keep you posted if we do.
Opened this on an Android Phone, so I assume it hasn’t infected my computer but just to be safe is my hosts file supposed to have this? I was using Norton but I’m about to remove it.
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
0.0.0.1 mssplus.mcafee.com
Looks all good.
Mine showed up in my Gmail spam folder with all links removed. I freaked out a little because it contained an old password in the subject line. However, I’ve done all of these searches — including the registry search — and nothing has shown up as suspicious and none of the scans by SpyHunter and MalwareBytes have found anything. Does this mean I was not infected?
You should be alright. You might want to reset any important passwords as a few users have complained about hacked accounts.
I just got it today and found it from 5 days ago when I actually clicked my sent folder it said it was in my inbox, so I reported it as spam and changed my password. It did have a password I have used on some sites, just not gmail. I have contact gmail’s abuse team, as well. What should I do to protect my information? Thanks for any advice.
From what you have written you have done everything appropriately. Its always a good idea to have an antivirus as most infections are usually caught through shared files between colleges.
Thanks for your advice!
i just opened the email on an iPhone. It’s the wrong password but I’m still really worried that the info will be sent and I don’t think I even have a Cisco router but I’ll have to check when I get home. If I don’t have a Cisco router am I safe? Do i still need to check my PC which I have barely used much in the past 6 months?
You are most likely safe. The creators of the email scam send the email to anyone that they can find.
Hi Daniel, I too received this same email earlier today. This arvo I am trying my best to locate it and delete, given I’m not tht savvy I can’t locate it, it may be gone as a short time ago I ran my McAfee.
However I followed your guide but once I got to Task Manager there is no sign of it at all, so is it not here or removed by McAfee?
Cheers Murray
You most likely haven’t been infected in the first place. Please check you McAfee logs and let us know if it has found anything.
Hi again Daniel, I checked log, seems a lot trying but this was the most prolific Blocked Source IP address all day every minute or 30 secs… fd34:370f:1490::1
There was one phishing… JS/Phish-script.e 5 hours after I received the trojan email
Thanks-Murray
I am glad you have found the source. Could you send the exact location of where you found the script?
JS/Phish-script.e
C:\Microsoft Windows Live Mail\Storage Folders(1)\Recovered items\02-07-2016 823\Bigpond.net 75b\Deleted Item\2465841-2DAA66B5.ew
The… fd34:370f:1490::1
Logs say… Tried to connect with UDP port 53211 on your PC. Source IP address is your own DNS server local network
Thanks Murray
Thank you for sharing we will add the IP into the guide.
Hi Daniel
Received this on my ipad today…. have not opened mail on my mac and will delete it shortly, however
should i be concerned about my ipad being infected?
Hi Gerry.
No need to worry, you are safe.
thank you Daniel
Hi Daniel
Received this on my ipad today…. have not opened mail on my mac and will delete it shortly, however
should i be concerned about my ipad being infected?..
Hi
Is it virus work on ubuntu server and desktop?
We don’t have any information on this. My thoughts are that it wont effect Ubunto systems.
Hi Daniel, got this email yesterday on my iphone and opened it). Notice above that this in itself is ok on an iphone. The same email didn’t get through to Outlook on my computer. Now the silly bit, I forwarded it from my iphone to my same email address to see if this got through to Outlook and it did. The very silly bit is I then opened it on the computer (just a text email with no attachments). Would this still infect my computer of has the original virus link been severed? I am running up to date Norton AV on the computer.
Hi Stuart
The worse case senior is that you may have caught a Miro Virus. You can check the link for more information on Wikipedia for a deeper understanding. I recommend that you do a full scan with your Norton Anti-virus and if it doesn’t catch anything, you can download SpyHunter to scan you System. You don’t need to buy the software to scan your system and check if it is infected. Let us know if you find any results.
23.74.25.192
x9839213.iabsra.avg.u.avcdn.net
Do you have an AVG antivirus on your computer?
Hi Daniel,
Glad I found your article! I received this email on my iPhone last night and immediately reset my passwords and recovery codes etc.
The thing that caught me off guard was that it appears to have been sent from my own account: when I click for more details on the sender it opens my own contact card on my iPhone. Is this something that can be faked?
Ultimately I intend to wipe and delete the email account concerned as it’s 15years old and gets more spam than legit emails these days.
Could you clarify if you opened it through your computer?
No, all done through iPhone. I haven’t opened this account on any PC since receiving this email.
You are all set then.
Only through iPhone, I haven’t used that email account on any PC since seeing that email.
Apologies if this is a duplicate reply, I’m not sure it submitted correctly.
Hi Daniel,
I received this on my Android smartphone today, unfortunately I opened it…should I be concerned about my smartphone being infected? Thanks a lot!
Hi Alessandro
So far we haven’t heard of any cases which include android devices.
HI Daniel,
I received a email in my junk folder today on my mac and i looked at it and it said my account had been hacked in the summer of 2018. Says it sent a email from my account and the password at the time which has NEVER been my password, i have changed it today.
Saying i have to pay bitcoin or my material will be sent to everyone in my contacts. i’m confused and worried, should i be?
Jamie
If you haven’t opened the email on your computer there is nothing to be worried about, If however you opened it through your computer there are instances where Micro Viruses have been install.
Hi Daniel,
Thanks for the article. I received the email yesterday and opened it on my iPhone. It had one of my real passwords although it was an old one that I no longer use. I have a new laptop which hasn’t opened the email so it shouldn’t be infected. Should I be worried about my old laptop and is there a chance of spam emails being sent from it? I have changed passwords again and I think all my currently used devices are clean. Thanks!
Hi CN
There is close to a zero chance that your old computer is involved with this. As long as you haven’t opened it with your new one, and you have taken extra precaution by changing your passwords, there is nothing to worry about.
Thanks Daniel, I’ve done all of the above. It was a bit disconcerting to see they did have one of my passwords, albeit out of date. It wasn’t generic and I thought it would be pretty safe.
Could you let us know for which account it was for as it would help is locate the source.
It was an old password for my hotmail email address. Thanks for your help
Thank you for sharing.
Hi Daniel, i’m happy that I haven’t downloaded any malware as I opened on an iPhone and the email was in a spam folder, how certain are you on the threats contained being empty, are the threats general in nature? Thanks for your help
Hi James, the threats themselves are empty and in the rare occasion that the email is infected as long as you have’t opened it, you will be safe.
Hi Daniel. I received the same email as everyone else. It was allegedly sent to me by myself! It even included an old password in the message!
Was the old password correct? and was it a generic password? examples: 12345678, 1q2w3e4r5t, qwertyzxcvb,
Hi Andrew, received this today with a password I frequently use for low level stuff (like Reddit). I’ve scoured my PC and can find nothing regarding this. Is it possible this has been triggered using information from the reddit hack or may have been installed on another PC I use other than my home PC?
Thanks
Hi Alex,
It is absolutely possible it has hacked an online website as there are thousands of users receiving such emails. Could you please let me know if you used a generic password or a more complicated on.
Hi.
Ive opened the link on my pc, it has a wrong password.
I received a different email, but look a like, a few weeks before that one. I made step 1 to 4 and nothing has been found.
My credit cards was hacked since around a week.
I think I know who is behind this, and I think it is a guy who has a cryptocurrency exchange named maple change, and the credits card charges was used around Ontario. Maybe its two different scenarios, but I think time is concording.
Anyway we can talk further ? Thx
Hi Marty
Sorry to hear that your credit card was hacked. I would advise contacting your bank and file a report if you already haven’t. It is possible that you have other malware on your computer so I advise you to install an anti-virus to scan your entire system. Let me know if you have any updates.
Everything is done since yesterday.
Coming back to topic, the other message I received first was around october 30th ;
Hello there
I’m the hacker who cracked your e-mail as well as device a several months back.
You entered your password on one of the websites you visited, and I intercepted that.
This is your security password of [email protected] on time of compromise: Pandora03
Clearly one can can change it, or even already changed it.
Then again this isn’t going to make a difference, my malware modifie ;d it each and every time.
Do not necessarily consider to contact me personally or even find me, it is impossible, since I sent this email from your email account only.
By way of your email address, I uploaded malware computer code to your Operation System.
I saved all of your current contacts together with friends, co-workers, loved ones plus a entire record of visits to the World-wide-web resources.
Additionally I installed a Trojan on your system.
You aren’t my only prey, I usually lock desktops and ask for a ransom.
Nonetheless I was hit through the web pages of personal material that you usually stop by.
I am in impact of your own fantasies! I’ve certainly not noticed anything like this!
So, when you had enjoyment on piquant web pages (you know what I am talking about!) I created screenshot with using my program by your camera of yours system.
Following that, I combined them to the content of the currently viewed web site.
Now there is going to be giggling when I send these images to your associates!
Nevertheless I know you do not want that.
Hence, I expect payment from you with regard to my quiet.
I believe $900 is an acceptable cost regarding this!
Pay with Bitcoin.
My BTC wallet address is 1KcmRAkSDgiCyK68RhSWZpfo6ZRe4JFdoZ
In case you do not understand how to do this – type into Google ‘how to send money to the bitcoin wallet’. It is not difficult.
Right after getting the given amount, all your data will be promptly destroyed automatically. My trojan will ad ditionally get rid of itself through your operating system.
My Computer virus have auto alert, so I know when this e-mail is read.
I give you 2 days (Forty-eight hours) in order to make the payment.
In case this does not happen – every your contacts will certainly get ridiculous photos from your darkish secret life and your device will be blocked as well after two days.
Do not be foolish!
Cops or buddies won’t support you for certain …
PS I can give you advice with regard to the future. Never key in your security passwords on unsafe internet sites.
I wish for your discretion.
Goodbye.
Hi Marty
They are certainly using the same strategy to try to scam you into paying them. Please let me know if any anti-virus find anything on your computer.
Hello,
I also received this email on iPhone but also opened on PC.
What should I do???
Download an any anti-virus, we recommend SpyHunter. You don’t have to buy it, just scan your computer and let us know the results.
I have Mcafee on my pc,is this enough?
In most cases it enough. Did it find anything?
My Pc has blocked about 13 different IP addresses
Well there seems to be a reason for this. Can you send us the IP addresses.
161.69.29.159
fd3e:7f7d:6c68:0:26a7:dcff:fe3e:5060
161.69.13.20
51.141.124.232
52.109.120.23
161.69.29.159
104.82.84.158
161.69.17.42
161.69.17.42
161.69.36.37
161.69.36.25
63.140.43.54
93.194.220.29
104.103.243.169
161.69.29.159
23.37.43.27
My biggest concern is can I use online banking from my phone?
And is there anything else what should I do on my Pc and phone?
It would be safer to do your online banking on your phone then on your PC. So far I can’t see nothing out of the ordinary. I will need to do a further analysis on the Ips.
Hi Daniel,
I received this email on 10th November. I first opened it on my iPhone and I don’t remember if I have opened it on my Mac since then. From your earlier messages it seems that I shouldn’t worry as long as I didn’t open it on mac, right? However, I am slightly worried about it because I seem to have the message in the ‘sent’ folder of my gmail account too. Is that a thing that is possible without being hacked? Actually the email account that the spam email claims to have hacked is a work account that I manage through my gmail account. The gmail account has always had what I believed to be a strong password. I don’t remember the password of the work account but it could be weak. Do you have any instructions on checking whether my mac is infected? Are you sure that iphone can’t be infected.
In the meantime I have changed the passwords to my gmail accounts using a friend’s computer. Should that be safe?
Thanks!
Hi Prannay
Just to clarify, the email was sent to you from your own email? You have the exact same email in your sent emails?
Yes, that’s right! I have the exact same email in my sent email folders.
PS: I wrote another post when my earlier post didn’t become visible for a while. Sorry, didn’t mean to spam.
The same has happened to me. Scam email sent from my own email. Seems like a modification to the original scam email.
Could you send me the modification version here please.
Hello Dan, I received the email today and I opened it on my iPhone. It has my old password in it. If I wipe my laptop completely will that remove the virus if I have it? And if I were to set my computer back to default, and save my pictures and music onto a usb and then later back onto my laptop, will the virus come back as I know they can attach themselves to files. My laptop has been acting differently recently so I want to take action. And I wouldn’t mind resetting it back to factory settings and wiping it all!
Hi Rose
Well the approach that you would take would be the most effective. Make sure that you scan all the files you are going to save onto the usb, also make sure that your usb will not be infected when downloading the files. You can also just upload the files to the cloud. I recommend using pcloud cloud services as it will encrypt your files when uploaded which gives an extra layer of security if they were ever hacked. I would still recommend downloading an anti-virus to see if anything shows up.
Thank you for your reply. Okay I will try scanning all my files before putting them on my USB. How will I know if my USB is infected or gets infected? I don’t want to infect everything currently on the USB either! I am going to reset to factory and then continue to do antivirus! Damn viruses are a pain.
If you do it in safe mode you run less of a risk if you do it them. Again I recommend using cloud storage as too many people have had there files compromised with ransomware.
Hi Daniel,
I received this email on November 10th. I first opened it on my iPhone but I am not sure if I have opened it on my Mac laptop since. I am particularly worried because this same email also appears in the ‘sent’ folder of my email account. Is that possible without the email actually being hacked? I have changed my password since using a friend’s laptop. Actually the account that seems to be hacked is a work account that I manage via my gmail account. The mail appears in the ‘sent’ folder of the gmail account though.
My questions are this:
1) How worried should I be about opening it on iPhone?
2) I am almost sure that I didn’t open it on my Mac laptop, but how can I check if it is infected?
3) Is it possible for Sophos free home edition to have missed this trojan?
Thanks!
Hi Prannay
1. It would be a precedent case if you iphone is hacked.
2. It is more likely that your email was hacked, but it is hard to determine the method used.
3. In your situation I would try a few anti-viruses to see if they find anything. If they do, run the file through virustotal.com as it will compare the suspicious files against 60 other anti-viruses.
2. Thanks. I have already changed the passwords of the gmail account but am scrambling to change the passwords of the work account.
Given the hack, should I be particularly be more worried about anything apart from the trojan itself?
3. I have started Sophos on a full system scan (as opposed to background scan that was already switched on). Will update you if I find something.
New question:
4. I was considering updating to Mojave in any case. Will it help in the trojan removal to update it immediately?
Thanks a lot!
Consider updating your OS to the newest version as security patches are updated as well. Overall Macs are still safer to use then PC computers, but the trends has really been turning in the past year.
Thanks! I have updated my mac, and full system scan using both Sophos and Avast didn’t flag anything. I will wait for your mac guide to see if my system is infected.
Hi, I have received the same email as everyone else in my spam folder. I opened on my Google phone but delete the thing after reading it, assuming it’s nothing more then spam mail. Should I be worried about anything?
Opening it on you phone shouldn’t be a problem.
Hi there Dan. This is what I found under local hosts.
# 127.0.0.1 localhost
# ::1 localhost
0.0.0.1 mssplus.mcafee.com
Please let me know if you think these are a problem. Thanks for your help. Ed.
Hi Ed
All is in check. You are good.
Opened this today on my iPhone 7…… do I need to be worried?
Nothing to worry.
Hi Daniel, search of the registry found the following under software/wow6432Node: Name ab (default) Type REG_SZ Data (value not set). Should I delete this?
Hi Jo
It seems fine.
it went to my SPAM folder on yahoo email, but i still opened it because i saw my old password on it and freaked out…. should i be concerned?
also can it really do what it threatened to do? as in send my contacts all the info of my history and files?
Hi Nick
Could you let me know from which email address the email was sent from and also for which account did you see your old password for?
I work in IT support. Had a user receive this type of email in their Hotmail Junk folder but it showed their laptop’s current Windows login PIN instead of email password. They changed the Hotmail password and soon received another email from their own Hotmail address stating that they know the password has been changed (didn’t show the new password) and they still have access. I have asked them to change the PIN and scan the PC with Malwarebytes’ Antimalware. Is this likely to clear it?
Hi AK
It seems that hotmail’s security has been compromised as other users have also mentioned that they have too received emails with there Hotmail password. I recommend switching to another email provider as well as scanning there pc with at least 2-3 anti-viruses.
Hi just got this threatening email seemingly from my own hotmail account. Opened it on pc (doh now know that was bad idea). Email all text, no links. Nothing odd found in processes or startup or by avg internet security. Should i be worried?
Hi Tc. I have same problem. What’s happened in your case? Solved?
Just delete the email. If you have, there isn’t much you should do.
Hello i have too received this on my android phone while scanning i did find malware i deleted that? should i be worried?
Hello i have too received this on my android phone while scanning i did find malware i deleted that? should i be worried?i am in danger?
Hi,
Today I received my fourth email from the beginning of November in this matter. Device that I could log in through the Cisco router (probably at work) is my android phone, Unfortunately I read all e-mails on my laptop. All e-mails contained my e-mail with old passwords, the present never appeared. No attachments to the email, except one where there was an “unsubscribe” link, which I obviously did not press.
I will add that passwords included into emails I used before February this year, Changed after someone took my account on Instagram.
Only today’s e-mail talks about the Cisco router, before:
2/11 – You entered a password on one of the insecure site you visited, and I catched it.
6/11 – How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.
14/11 – I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
16/11 – The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I have McAfee anti-virus installed, I also checked the computer as shown above and didn’t found nothing.
Emails look like they were sent from my email account, but they are not. The difference between sending and receiving an email is 7 hours (sent by 1 am, delivered at 8 am).
The question is, can my phone be infected? I also have McAfee installed on it.
I received Security Alert. “You account has been hacked. Password must be need changed. (your password:ockey)” I have no idea what this password is “ockey”. I did change password and set up 2 step verification for email. Can this scam really take pictures and video from iphone and send to all my email contacts? Btw how did they send an email from my email?
I have also warning message from “that” hacker saying they use (or used) “CVE-2018-0296”.. My system is Mac Mini late 2012 currently with Sierra 10.12.16, Is it a workable idea to renew (replace) the entire hardware with unused reserved until (since 2012) for hardware accident recovery to restore the system from “Backups.backupdb” cultivated at external backup HDD (always connected) ??. My question could be restated that doing so will the Trojan also come back too, or not.
I got this from my university running an Outlook server. They had a secure password and logged into my account to send the email. In the last couple weeks I got a similar email with a different password that wasn’t an email account password. I no longer have that since the password was very insecure and I deleted it. I’m really unclear as to whether it originated from a trojan, whether somehow my Firefox profile was read via Javascript as the result of visiting some sketchy website, or whether the Outlook server was hacked. I really hope it’s the server. What antivirus do you recommend? Are there any good free ones? If it’s my machine I’m a lot more worried since that means they have access to all of my passwords.
I received this email on Tuesday and saw it today in my Spam folder (Gmail). The password he sent me was one I never used anywhere. It was just my mail username followed by the provider, like examplegmail. But I still can’t figure out how he could send it from my account. The mail says “Note to yourself” and it was sent by my email account, yet I can’t see anything in my sent folder. I openned it on my Android Phone and don’t have a Cisco router. Please let me know what you think.
I found 2 of these emails in my junk folder, supposedly sent from my account even though emails I’ve sent to myself before never appear there in the junk folder. It’s a hotmail account, but since in the junk folder, will anything malicious take effect? Opened on a Macbook and nothing showed up on a full Sophos scan, should I be worried or are the scammers just trying their luck? Is there a protection guide for Mac yet? Any advice would be appreciated as it says there is 48 hours to take action.
hi, thanx for this page and help.
Of course I received this email (several times ) like everybody here. Opened it on my PC and want to be sure if all is clean after Malwarebytes and Avast anti virus scans.
I followed all of your instructions, found nothing weird on task manager, startup or registry editor. Here’s what I found on the Hosts file :
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 local.skyfonts.com
So, doctor ? May I take more pills ?
hello
Can someone tell me about this freeware : RansomwareFileDecryptor 1.0.1668 MUI ? Is it reliable ?
Which ransomware will you be decrypting?
Thanks taking time for an answer.
As I said I received several times the “Cisco router, vulnerability CVE-2018-0296” Email Scam ; so I tried this freeware. But this ransomware is not mentionned in their list.
What seems strange to me is when decrypting JIGSAW for example, it found 536783 infected files on my C drive.
For the 20 ransomwares listed, the scan with RFDecryptor gave me infected with more than half of the list.
Are any of your files encrypted at the moment.
No files seems to be encrypted, excepted that I noted that some C: Windows folders were locked. (names such as 92bxxxxxxxxxxxxa931585), and when I went on security informations on files in those folders, I found authorizations for an “unknown user”, which I deleted.
What I was wondering is why RansomwareFileDecryptor found so much infected files that avast or malwarbytes never saw ? (all 2 are updated)
And by the how can I see when a file is encrypted ?
Thx for your help.
It seems like you have taken the nessesary steps. You will notice write away if any of your files were encrypted, All your files will have the same file type name, such as filename.datawait filename.pumax filename.pptx and so on. I don’t think any of your files are infected. If they where encrypted you won’t be able to access them.
Hi Daniel. Unfortunately I received the email in my ‘focussed’ inbox folder and opened it on my hp laptop this evening. Although they used a old password in the subject heading of the email it was very similar. I carried out a virus and file threat scan but no threats were found on my windows defender anti virus program. Do I need to do anything? The email said I have 48 hours to pay the bitcoin sum! Thank you in advance. Could I have a reply as soon as possible please?!
I recommend changing all your important passwords. Use more then one antivirus to check your system. The claims in the email are most likely false, however by opening it you can get infected. Where there any links in the email?
Thank you for getting back to me so quickly. I will change all of my passwords. I only have the one antivirus program (windows defender security) with my firewall as ‘on’ and my ransomware protection as ‘on’. There was a hyperlink which I didn’t click on, to pay for the bitcoins. What is the best option I should take? Should I just ignore the email and just change my passwords.
Hi,
Received my second spam email today this morning with the same basis of the first one just like everyone else. Although they are based on the same principle, scaremongering and bullying you into handing over money to keep them quiet, I think they are from 2 different spammers but working for the same company as I’ve noticed between my 2 spam emails that the BitCoin account that they want you to pay the money into, have 2 totally different BitCoin account numbers. There could be a company created to fleece money out of people by getting hackers to work for them by spamming people the con.
Liam.
Hi Daniel. This same threat happened to my wife’s PC about a hack (Cisco router, vulnerability CVE-2018-0296). She has Windows Defender running and has done another full scan along with changed her important passwords. My question, how can a Cisco router hack work when we’re using a D-Link router? Thanks!
Hi Daniel,
I received the mail this morning. All but identical to the ones described above. I unfortunately opened the mail on my phone (android). I deleted the mail using Outlook on my desktop without opening it. I then downloaded and bought SpyHunter5. SpyHunter indicated that my desk top was infected with Zlob.trojan. I have Bitdefender running on both my desktop as well as my phone, Bitdefender on my phone reported nothing. I ran it on my desktop after SpyHunter and it has reported nothing.
below is a copy of my hosts file
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Below is a copy of what was reported by SpyHunter.
Any advice would be very welcome
Cheers
Roger
hklm\software\classes\wow6432node\ clsid\{56b38f40-4e70-11d4-a076-0080ad86ba2f} hklm\software\classes\wow6432node\clsi d\{56b38f40-4e70-11d4-a076-0080ad 86ba2f}::[(defau)) hklm\software\classes\wow6432node\clsi d\{56b38f40-4e70-11d4-a076-0080ad 86ba2f}\lnprocserver32 hklm\software\classes\wow6432node \clsid\{56b38f40-4e70-11d4-a076-0080ad86ba2f} \progid hklm\software\classes\wow643 2node\dsid\{56b38f40-4e70-11d4-a076-0080ad86ba2f}\programmable hkrn\software\dasses\wow6432 node\dsid\{56b38f40-4e70-11d4-a076-0080ad86ba2f}\vefSIOnndependentprogid hkrn\software\wow64 32node\dasses\dsid\{ 56b38f40-4e70-1 d4-a076-0080ad86ba2f}
hkrn\software\wow64 32node\dasses\dsid\{56b38f40-4e70-1 d4-a076-0080ad86ba2f}::[(defaut)) hkrn\software\wow643 2node\dasses\dsid\{56b38f40-4e70-1 d4-a076-0080ad86ba2f}\nprocserver32 hkrn\software\wow643 2node\dasses\dsid\{56b38f40-4e70-1 d4-a076-0080ad86ba2f}\progld hkm\software\wow643 2node\dasses\dsid\{56b38f40-4e70-1 d4-a076-0080ad86ba2f}\progranmable hkrn\software\wow6432node\classes\clsid\{56b38f40-4e70-11d4-a076-0080ad86ba2f}\verSlOnndependentprogid
hklm\software\wow6432 node\rnicrosoft\windows\curre ntversion\explorer\browser helper objects\{56b38f40-4e70-1 d4-a076-0080ad86ba2f}
Hi Roger,
Thanks for writing, to me they seem as false positives. I don’t think you have been infected with anything from the information given. I recommend writing to the Spyhunter HelpDesk as they will pay special attention to your case and will double check things for you.
Hi Daniel,
Thank you for the prompt response I will get hold of SpayHunter Help Desk.
Best Regards
Roger
Your welcome.
Hi Daniel,
I searched for Cisco using the registry editor search and the only thing that came up was this:-
__x_Windows_CUI_CSearch_CInternal_CCommon_CIScopeChangedEventHandler
Thoughts?
You don’t need to touch this, its fine.
Hi, sorry you have replied to so many of these messages already. I opened this email on my Android phone. It was in the spam folder, I have deleted it on my phone and never opened it on a PC is there any chance it could infect my phone or PC?
From what you have wrote you are fine.
Hi Daniel,
I received the e-mail in my junk box. The e-mail supposed to be sent from my account. I opened on my laptop. There was no link. Just text message. I read it. I use eset as an antivirus. It did not detect anything. Also there was no old passwords mentioned in the text message. Do I need to do anything or this is just a scam?
Thanks in advance.
Emre
It is just a scam. Sometimes there are attachments that could be harmful.
I got this last night on my old school email. The think is that I’m using my phone, not a computer. What should I do?
You are fine.
Ok thank you very much. I actually logged out of the account because I do to have any use for it anyway and I bought Lookout premium for my phone just In case.
Hi – i’ve tried all of the options and did not find anything too suspicious. Disabled one program in Startup which was called “Program” so this was probably the most tricky one.
as for the hosts this is what I found:
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
thanks for your help!
I got this today in my junk folder using webmail instead of an email software client. I did open it in my safari browser. Did i get infected? How can i check on a mac?
Were there any links in the email?
Hello, Daniel!
I also received that email today, there are no links on the email. I received in my junk mail folder.
I am sending you the information below the Localhost:
# 127.0.0.1 localhost
# ::1 localhost
Thanks in advance,
Manny
Very thorough article. Fortunately, these messages are being picked up by my email provider’s spam filter, and I don’t have the trojan
I received this email a few days ago and opened it on my iPad as it was ‘to me’, ‘from me’ and and ‘I’ was the subject. After reading it I deleted. When I went to my iPhone’s email I noticed it was there too in the trash. I never received it on my Mac computer. Is it possible a iPad could have a
Trojan horse and if so, how would I go about deleting it? Please Advise.