Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank Fraud - Please check logs.


  • This topic is locked This topic is locked
3 replies to this topic

#1 L33

L33

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 28 November 2011 - 01:01 PM

I'd like to think I'm a knowledgeable guy when it comes to computers (Programmed since I was like 11 (27 now) and am very careful on what I click, what sites I visit.
I used to help remove spyware for RL friends, and people on other forums that have been infected.
I just want to be sure I haven't missed anything.

I only use this pc for banking, browsing facebook, coursework etc.
I'm running Kaspersky 2012 internet security, have javascript/flash etc disabled in all my browsers, have the hosts file to block access to sites, spybot immunise.

I've run scan after scan, combofix, dds, hijackthis, autoruns, runscanner,TDSSKiller, silent runners.vbs and many more.
I usually run these every week or 2 just to be sure no-one has managed to use my pc while I wasn't looking and put anything on on.
I'm like safety mad when it comes to virus'.

None of the scans are detecting anything and there's nothing I can see either.
I had a few 100 pounds removed from a bank account I only used only once for Steam as my paypal and my online bank card wouldn't work.
Nothing has been taken from my other account and my savings account
Steam was recently hacked and they said the database may have been compromised.

I have edited the log slightly:
  • Removed [Internet Settings\ZoneMap\Domains] as they was fine and I had added them all or spybot had.
  • And have done some research before I posted commented with ">->" before the sentence.
(But I haven't removed any entries apart from Zonemap list.).

I also don't download torrents/games/music or anything of the sort.
I had ran DDS.scr and nothing on there was out of the ordinary.
So i ran combofix and decided to post the log (I know it says don't run or post logs for this unless asked but nothing came up using it.

Is there any things else I can do, I've read the help files etc.
Hope you can help me ease my mind.
Thanks in advanced.
Lee.

@Edit
Haha, forgot to click attach after browsing for combolog.txt.

And a hijackthis log attached.

Attached Files


Edited by L33, 28 November 2011 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 L33

L33
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 02 December 2011 - 11:19 AM

Shameless Bump!

Edited by L33, 02 December 2011 - 11:19 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:31 PM

Posted 03 December 2011 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The only observations I can make on your ComboFix log are these.

c:\users\User\Documents\~WRL3751.tmp
' >-> this was a temp file that contained a word doc I had written for an exam.


If you need this file it can be restore from the ComboFix quarantine folder.
===

2011-11-27 17:43 . 2011-11-27 17:43 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
>-> This is a folder that contains the steam WiseCustomCalla.dll

Temporary files/folders should be deleted if not cleared by the application.

The rest of the log is clean.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:31 PM

Posted 08 December 2011 - 02:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users