Fake Lloyds Bank Incoming BACs Documents delivers Trickbot via equation editor exploits — 4 Comments

    • Just allowing edit might not be enough to infect you. You normally have to allow content as well. BUT these do use various exploits that allowing editing might be enough
      First look in temp folder go to start/run & type %temp% < press enter> and see if any new temp files were created after you opened the doc
      then look in C:\Users\< your user name>\AppData\Roaming\LogMonitor if that folder exists then you have been infected
      you will probably have to enable hidden files to see it If that folder doesn’t exist then you should be OK

  1. Same problem – allowed editing – *Facepalm!

    There were several items in the temp folder which may have come in just before or just after I opened the Word doc. The text in the Word doc was never visible.

    Checked to find the …\LogMonitor folder and that does not seem to exist (I showed hidden files and folders).

    What kind of temp file should I have been looking out for? I now have lots that look like this…f8d611e0-f341-4d9b-8473-9d8e802d76ac.tmp (10 now) – are these the sort of thing?

Leave a Reply

Your email address will not be published. Required fields are marked *