Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank details compromised


  • This topic is locked This topic is locked
4 replies to this topic

#1 claddie

claddie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 February 2011 - 10:24 AM

Hi folks

I'd appreciate some help

My online banking has been hacked and as yet I havn't figured out how.

PC is running XP and i use firefox for browsing.

Using AVG free and Spybot search & destroy. Have also scanned with Malwarebytes and SUPERantispyware but nothing significant showing up.

Highjackthis log attached.Attached File  hijackthis.log   9.6KB   4 downloads

Any help would be gratefuly received

Cheers

C

BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:02:19 AM

Posted 05 March 2011 - 12:43 PM

Hi claddie
Welcome to Bleeping Computer.
I'm maranatha and I will be helping you.

First thing to do is read this and deside what you would like to do.


Backdoor Trojan.
Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, collect confidential data and information from the computer, log activity on the computer and more.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would suggest you disconnect this PC from the Internet, change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. If you do any financial dealings with this computer Contact any credit card or banks for possible fraud on your account.


Because of backdoor functionality, many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 claddie

claddie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 06 March 2011 - 07:48 AM

Hi Maranatha

I've read the info you posted and I think it makes sense to do a reformat and re-install to ensure my system is secure again.

Many thanks

C

#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:02:19 AM

Posted 06 March 2011 - 12:29 PM

Hi claddie
I also believe that is the best route to go if you do any financial dealings with your computer.

Let me leave you with some Preventive Recommendations that you can apply after you do your reformat.

The following is a list of tools and utilities that we recommend to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
    To do this just Click > Start > All Programs Click on > Windows Update, and follow the online instructions from there.
    (It is recommended that you have Windows Updates set to download and install automatically.)

  • One of your first defenses against infections and hackers is an Anti-virus and Firewall
    These are a Must Have to help keep you protected in todayís Internet world.
    Here are some good ones and the best part, they are Free!

    Please Download and run only 1 AV and only 1 firewall.

    Anti-Virus
    Avast
    Avira
    AVGFree


    Firewall
    Comodo Firewall > During the setup process you will be given a choice, Please choose: Install the Firewall as a standalone, During installation the Comodo Firewall will change your default search engine to Ask.com, make Hopsurf.com your home page, and will install the Hopsurf.com toolbar, unless you uncheck those options during installation
    Zonealarm Firewall

    Download, Update and scan your computer with the AV. Quarantine/Delete anything it finds.
    Make sure it is kept updated.
    Do regular scans. Most AVís can be scheduled to scan at a given time, this is also recommended.

    Also I suggest you read this.
    Understanding Firewalls

  • Malwarebytes' Anti-Malware (MBAM)
    http://www.malwarebytes.org/mbam.php (Home page)
    Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware.
    Some Key Features:
    Operating Systems: Microsoft ģ Windows 2000, XP, Vista and 7 (32-bit and 64-bit).
    Database updates released daily.
    Works together with other anti-malware utilities.
    This is a free program with the option of Activating a full version, unlocking realtime protection, scheduled scanning, and scheduled updating. There is a one time fee for the full version.
    Remember to ALWAYS check for and install available updates prior to scanning!

  • SpywareBlaster is a Freeware (for personal use) application that will help to prevent the installation of spyware and other potentially unwanted software. It accomplishes this by blocking the installation of many known bad ActiveX controls, spyware and tracking cookies, and restricting the actions of potentially unwanted sites. SpywareBlaster does not require any running or background processes to work once protections are enabled, which means it will not slow down your system in any way.
    Remember to check for and install available updates once a month!


  • SpywareGuard - A Spyware "Shield" to protect your computer, acting much like your antivirus real-time protection. It's features include scanning files for spyware before you open them, blocking spyware downloads in Internet Explorer and monitoring/preventing attempted browser hijacking. Small and lightweight, yet powerful! Compatible with Windows 98, ME, 2000 & XP
    FREEWARE (for personal use)

  • The MVPS Hosts File or similar HOSTS file will actually block a list of known bad sites from even loading in your browser. It can also be used to block ads, banners, 3rd party cookies and more. Operating system compatibility and installation instructions are provided.

  • Install WinPatrol to monitor some key registry locations, file system changes, and other important areas, and have it alert you of the changes BEFORE allowing them to take place.

  • Another thing I would suggest is to installWOT Web Of Trust.
    It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites. When using a search engine, The Ratings show up as small dots next to the web site. Green for Good, Yellow for Caution, Red for bad. Set your cursor on the dot for a small pop up window that provides more information on that web site.
    Web Browser: Internet Explorer, Firefox, Chrome.

Now just because you have security applications installed, they are useless unless updated regularly.
Most of the above recommended applications are updated periodically, and it's up to you to check for updates. Set aside time in a day each month to update all of your protections.

Having any P2P file sharing apps such as Limewire, BitTorrent uTorrent etc.. Is like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I STRONGLY recommend removing and NOT using any P2P applications.


To find out more information about how you got infected in the first place and more great guidelines to follow to prevent future infections you can read
This article by Grinler and This article by quietman7

Surf Safely!
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:02:19 AM

Posted 06 March 2011 - 12:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users