VBA:Logan.666 malware?

J_B
J_B Posts: 6,714 Forumite
Part of the Furniture 1,000 Posts Name Dropper Photogenic
I've been running various AV and Malware scans and Bitdefender (free) has identified 7 threats all of which are called VBA:Logan.666
They all seem to be in my various Thunderbird profile back ups in the 'sent' folder.
Should I be worried, and if so, do I have to dig deeper to find them and remove?

Comments

  • So I'd always treat any threats seriously, whether or not this is the cause of your mailbox issues is hard to determine.

    There isn't a lot of online info on that virus, but VBA viruses can live in any MS Office document and therefore are very easily distributed and executed. They have the capabilities to access credentials etc.

    I'd recommend the following:

    1. Remove the virus using the tools in the scanner or identify the files that contain the virus and delete them.
    2. Keep scanning repeatedly until you are sure you have eradicated it completely.
    3. Make sure you are on a supported version of MS Office and have installed all updates.
    4. Make sure Windows updates are all up to date.
    5. You haven't said but if you are on an old version of Windows or MS Office then now is the time to update (eg Windows 7/8 and Office 2016 or older).
    6. Latest versions of all other software - eg Thunderbird client etc
    7. Go through your list of installed applications and remove anything you don't recognise or need.
    8. Doe the same as above for all other devices that may have access to your email / web accounts
    9. Do you have your passwords stored anywhere - eg an excel spreadsheet, password manager, browser etc? If so, this could be an issue
    10. Put 2 factor authentication on your IONOS webmail account
    11. Review all your passwords for all accounts and make sure you are following best practice

  • J_B
    J_B Posts: 6,714 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    edited 9 May 2024 at 12:42PM
    So I'd always treat any threats seriously, whether or not this is the cause of your mailbox issues is hard to determine.

    There isn't a lot of online info on that virus, but VBA viruses can live in any MS Office document and therefore are very easily distributed and executed. They have the capabilities to access credentials etc.

    I'd recommend the following:

    1. Remove the virus using the tools in the scanner or identify the files that contain the virus and delete them.
    2. Keep scanning repeatedly until you are sure you have eradicated it completely.
    3. Make sure you are on a supported version of MS Office and have installed all updates.
    4. Make sure Windows updates are all up to date.
    5. You haven't said but if you are on an old version of Windows or MS Office then now is the time to update (eg Windows 7/8 and Office 2016 or older).
    6. Latest versions of all other software - eg Thunderbird client etc
    7. Go through your list of installed applications and remove anything you don't recognise or need.
    8. Doe the same as above for all other devices that may have access to your email / web accounts
    9. Do you have your passwords stored anywhere - eg an excel spreadsheet, password manager, browser etc? If so, this could be an issue
    10. Put 2 factor authentication on your IONOS webmail account
    11. Review all your passwords for all accounts and make sure you are following best practice

    1. Despite me asking Bitdefender to remove them, it doesn't - they are just marked as 'blocked'
    2. Will do
    3. MS Office 365 is fully up to date
    4 Win 10 Home - ditto
    5. See above
    6. TB 78.14.0
    7. Will do
    8. Will investigate - just have Android Moto G using K9 Mail
    9. Yes
    10. Will investigate
    11. Will do

    I have 'drilled down' and found the offending file (hopefully) email in my sent items from 2015 when I informed someone that their system had been hacked and they had spammed me!!
    Will do another bitdefender scan now and report back.

    Very Many Thanks
  • J_B
    J_B Posts: 6,714 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    By deleting many of my old TB profiles in various back up folders Bitdefender now 'only' finds two issues.
    One in my current TB profile (random letters and numbers dot default) and another in a different TB profile (random letters and numbers dot IETimport) that was last modified two days ago
    It is showing that the file is still in my sent folder despite me deleting it and it no longer being there.

    Hmm

Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.6K Banking & Borrowing
  • 252.5K Reduce Debt & Boost Income
  • 452.9K Spending & Discounts
  • 242.5K Work, Benefits & Business
  • 619.2K Mortgages, Homes & Bills
  • 176.3K Life & Family
  • 255.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.