Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My bank account was compromised, was my PC the cause?


  • This topic is locked This topic is locked
9 replies to this topic

#1 jlips

jlips

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 08 March 2012 - 06:47 PM

My bank account was compromised. Without going into too much detail on that, there are some indications that they would have needed access to information on my computer.

I am pretty security conscious and surprised. I run ESET NOD32, MBAM with the paid real-time protection, plus some older products like Spybot Search & Destroy. When I ran ESET 2 weeks ago I got an alert for "a variant of WIN32/InstallCore.D". I am not sure if this was a false positive but I let it quarantine. An internet search did not indicate this a a huge threat.

Otherwise, I have no reason to think there is a problem. I've run MBAM and ESET in the last few days and they came back clean. If someone can help me determine if the source of my bank problems is my computer that would be great. If my computer is the problem I might have a big identity theft problem, if it is just check fraud it can easily be contained.

I run Windows XP home with all updates in place.

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 08 March 2012 - 09:24 PM

McAffee says this
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=631986#
Activities Risk Levels
Attempts to connect to a high risk domain that may pose a security risk.
Creates one or more shortcuts (.LNK files) to provide user accessible links to start a program usually form the desktop or start menu.
Enumerates many system files and directories.
Attempts to send data or commands via HTTP
Process attempts to call itself recursively
Adds or modifies Internet Explorer cookies
No digital signature is present


Submit it to ESET and you can post back the reply
How do I submit a virus, website or potential false positive sample to ESET's lab?



It is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jlips

jlips
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 09 March 2012 - 02:14 AM

I had submitted once before to ESET and never heard back. I resubmitted.

The files that might be corrupted are in the quarantine. It seems the only way to submit to Jotti is to unquarantine them. Is that correct and/or advisable?

thanks.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 09 March 2012 - 11:27 AM

Well we don't want to put that junk back on..

Lets at least be sure it clean in case ESET does not reply.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jlips

jlips
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 10 March 2012 - 11:19 AM

I tried running GMER twice. Both times, I come back to my computer and the screen is black and the computer is completely non-responsive. I had to reboot the PC. Once this resulted in the Microsoft disk check being required at bootup.

I have run defogger and DDS as instructed. Any thoughts on how to get GMER to run? Is this a sign of a security problem? Anything else I can run in place of GMER?

One other data point. Just before I first wrote on bleeping computer for help, I initiated a scan with SUPERAntiSpyware free edition. It took a long time to run and returned "Trojan.Agent/Gen-Autorun[VB] after you had already started helping m. The program this was returned on was given to me two years ago by someone I know. At some point in the past, I got an alert on this, and I thought I deleted it. Regardless, this has been on my computer for years so I don't know if it was always a false positive and unlikely to be the cause of a new problem.

I really would like to go through the whole process of checking my computer to determine if this is the cause of my identity theft issue.

thanks, -jon

Edited by jlips, 10 March 2012 - 11:27 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 10 March 2012 - 11:42 AM

We will check it all.

If GMER won't run skip it and move on.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jlips

jlips
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 10 March 2012 - 12:04 PM

We will check it all.

If GMER won't run skip it and move on.


I ran GMER without it checking files and that worked. The crash is occurring when it goes through 200GB of files. Is it worth posting that log? Let me know, and I'll move over to the other forum.

thx, -jon

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 10 March 2012 - 06:47 PM

If you have a log add it, it may still provide some important info on your malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jlips

jlips
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 10 March 2012 - 07:58 PM

Everything posted to the other forum. Thanks for your help!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 10 March 2012 - 08:21 PM

You're welcome.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users