Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for second opinions on compromised data.


  • Please log in to reply
3 replies to this topic

#1 Goobley

Goobley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 20 March 2014 - 09:55 AM

Hi everyone,

I've frequently visited this site to read up on solutions when I've had to fix problems for people, but I've never had to post before.

 

Yesterday I received an email from a free-to-play game company (cryptic Studios for Star Trek Online) stating that they had blocked an attempt to access my account (due to different I.P. address like what SteamGuard does). I looked up the I.P. address and it turned out the be Chinese. Due to this I quickly logged on and changed my password. However I haven't touched this game in months (probably since last November if I had to guess), so I'm rather surprised about such a message now. I don't care about the game account at all, I just want to keep the rest of my data safe.

 

My immediate reaction was that it was due to malware, so I ran Adwkiller, TDSSkiller, full MSE scan and full MBAM scan. The only one that turned up anything was MBAM which turned up one half downloaded PUP installer in Chromes temporary files (sort f thing that happens if one mis-clicks on a link and then clicks cancel when the 'Choose download location' window pops up. So there was no installed malware that could be detected by any of these decent pieces of kit. As I was thinking about it afterwards, I realised that I can't believe that it could be a keylogger or anything as I haven't used the games in so long, nothing was detected by the AVs and I must have typed several hundred megabytes of text since then.

 

To be safe I changed my important email passwords and linked the game account to an email account that contains nothing other than spam I don't want on useful accounts. I concluded that as there's nothing obvious I can see wrong with my computer that the problem must be at the company's end or somewhere in between the two. What are your thoughts on this?

 

Bonus question: I've been using MSE as my main AV for years now and the only malware I've ever had was a browser hijack via the hosts file (due to my own stupidity). I always keep an up to date copy of MBAM ready to run, if I detect a problem on mine or someone else's machine. Should I be using a different AV, possibly better than MSE?

 

Cheers!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:33 AM

Posted 20 March 2014 - 11:17 AM

From what you describe, it appears your online account may have been hacked or spoofed (email address forged). When that happens, the first thing to do is change your password (or reset your email account password which you have already done. Sometimes just doing that will resolve the issue.

Hopefully you created a strong password.Just because your account was hacked does not mean your computer was compromised or infected with malware, However as a precaution, the next step should be to perform a full scan with your anti-virus and anti-malware tools...again which you have already done.

As for replacing MSE because it does not appear to be finding anything, you may want to read:
Choosing an Anti-Virus Program
Supplementing your Anti-Virus Program with Anti-Malware Tools

Resources for dealing with Spam and hacked Email:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Goobley

Goobley
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 20 March 2014 - 12:03 PM

Thanks for this,

I believe my system is clean and all of my important passwords follow a similar scheme to the one described in your link - for tings like forums I only have one or two simple ones as nothing major can get compromised. From the research I've done I'm replacing MSE with avast free. Hopefully I won't be affected by anything so I won't even notice the difference :)

Thanks again, I'll just keep a closer eye on things over the next few days to see if anything dodgy goes down.

 

EDIT: A full avast scan confirmed again that my machine is clean (I was worried when it found a file, but it was in adwkiller's quarantine already!), so I'm just going to suggest that they got into my account another way and that the rest of my data is safe. Thanks!


Edited by Goobley, 20 March 2014 - 02:10 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:33 AM

Posted 20 March 2014 - 04:27 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users