If a computer got infected with a virus or a trojan and the user interacted with Keepass, is there a chance that the malicious software would be able to get the password database?
In other words: Does the user have to change all passwords as soon as a virus got detected on the system?
Optional follow-up: How about if browser plug-ins are involved, like Keefox for Firefox?
Best Answer
If a virus is on your computer at the time any program handles sensitive data, you're hosed.
KeePass does as much as it can to protect your passwords from malware, but no solution can be bulletproof; once malware is running on your computer, the machine cannot be trusted. Let's look at some of the security features:
If you did unlock the database while malware was present, you should definitely change your passwords.