Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was My Password Stolen From The Aol Server Or My Computer!


  • Please log in to reply
4 replies to this topic

#1 Rougehott

Rougehott

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 March 2006 - 08:51 PM

Hi,

This morning when I tried to log into my AOL Webmail I got a notice that my account was put on hold. I called AOL and was told that my password was stolen and someone was using my email address to send spam. Sure enough, in my sent folder, there were junk emails sent from my account that I was unaware of. Anyway, I'm concerned about the security issue this presents with my computer. I'm wondering if the password was obtained from the AOL server, or if someone actually hacked into my computer. I'm not sure how they could have hacked in, I have Norton, Kerio (the free version) and WEP encrypted Wireless. Anyway, I'm worried that if they got this password they could have gotten other passwords. I do online banking, etc on my computer. I'm not exaclty sure what I should do to ensure my computer is clean and without spyware that is logging my key strokes. I want to be able to do my personal banking, etc but I'm afraid to do it until I'm sure my computer is clean. So far this is what I have done:

1) Updated the definitions for Norton, Adware, Spybot and CW Shredder. I disconnected my wireless and then rebooted. I ran all the programs and this was the outcome:

Norton: detected nothing
Adware: detected a bunch of entries that looked like this: HKEY_Users:5-21-16590 (this was under the MRU List)
Spybot: Detected Nothing
CWS: There were two columns. Uder the first colum: "Scanned" the following appeared "CWS.Look2me" and in the next column "result" it said "not present" there were quite a few files listed in this fashion.

Any help would be very much appreciated. Please advise.

Thanks,

Lauren
(xxxxxxxxxxxx)

Mod Edit: E-mail address was removed for your safety. Please, do not post your E-mail address in an open forum. This could lead to a lot more SPAM in your inbox, than you might want.

Edited by tg1911, 24 March 2006 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:52 AM

Posted 24 March 2006 - 10:32 PM

A couple of other things to try:

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Also this online Trojan scanner:
TrojanScan

In addition to Ad-aware and Spybot, I use:
aČ free
ewido security suite

These 2, will help prevent spyware/malware from being installed in the first place:
Spywareblaster
SpywareGuard

Download these programs, update them, and then run them.
These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

When installing ewido security suite, under Additional Options uncheck:
Install background guard
Install scan via context menu

Helpful Tutorials:
Using SpywareBlaster
Using SpywareGuard
Using Ewido

The first time you run Ewido and , run them in Safe Mode:
How to start Windows in Safe Mode

While you're in Safe Mode, run all of your security programs.

Edited by tg1911, 24 March 2006 - 10:34 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Rougehott

Rougehott
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 March 2006 - 10:36 PM

WILL DO!! THANK YOU!!! :thumbsup: :flowers:

#4 Rougehott

Rougehott
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 25 March 2006 - 11:42 AM

I ran the Trojan Scan and nothing came up.
I installed the Spyware Blaster and Spyguard on my computer.
I ran the Panda Active Scan: Two files came up: that said "Atwola" The details gave the location where it was stored "C:Docs + Settings/Admin/Cookies". I deleted those two files.

In SAFE MODE:

Ran Ewido: one file came up MSN Cookie portal, I deleted that.
Spybot: Came up clean, nothing was detected.
Adware: Six items were found (in regular mode I saw 12 of these similiar files and "thought" I deleted them). They reappeared. One looked like: HKey_Local_Machine_software/microsoft/direct draw/most recent application and the rest looked like Hkey_Users:5-1-5-21-1659 (there was a lot more to this file, it was long... most just a string of numbers though). They were also linked to the acronym MIU (or something similiar to that, I should have written it down--but didn't).
Grisoft and Norton both did not detect anything.

What do I do now? Will I ever be able to use online banking again? Is everything I do being tracked? I don't really understand what is giong on or how serious this is...

#5 Rougehott

Rougehott
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 25 March 2006 - 11:45 AM

I mean to add that my OS is Windows XP Prof.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users