On Sunday I woke up to learn somebody had accessed my Skype account, changed my password and changed the email address associated with the account. Then they had charged a large sum of money from my associated credit card to the account - and, I found out later, made two short calls to a mobile phone in Egypt.
I went through Skype's account recovery process, successfully. Skype say they will retore the money I lost - and I have my account back.
I only use Skype on my notebook PC and my iPhone. I hadn't entered my password on either device for many weeks (Skype was permanently logged on).
I'm using Windows 7.
I hadn't seen any evidence of malware on my PC - but I did the following:
* Stopped using PC for the meantime and changed all my web passwords (using another notebook (Apple)).
* Scanned PC using Avira - no threats found.
* Downloaded latest Kasspersky TDSSKiller and ran in safe mode - no threats.
* Updated Malwarebytes and then ran in safe mode - threats found.
Malwarebytes quarantined four files and several folders which it identified as a Zero Access Trojan.
* Donwloaded Hitman pro and ran in safe mode - no threats except PUPs.
* Ran Hitman pro again in normal mode this time - no threats.
* Ran Malwarebytes again in safe mode - no threats.
* Downloaded and ran Symantec's Zero Access removal tool - no threats.
My PC exhibited/exhibits three odd behaviours:
1) When I first suspected malware, I opened System Restore and found no available restore points. This has never happened to me before. My hard drive is very full (around 1GB free). However, I had not ignored any alerts telling me that System Restore was not able to work. I am now able to create new System Restore points.
2) If I enter Safe Mode With Networking, I can't get online. I have tried both using wifi and plugging the lan cable in directly and cannot connect. I can connect fine in normal mode.
3) Sometimes booting up I get a "Please Wait" box between putting in my windows password and the desktop appearing. I don't remember that happening before - but I may be wrong about that.
So I am now wondering if it's safe to start using the PC again! I've had conflicting advice from friends ("It'll be fine" and "Rebuild it").
It seems that some people believe Skype hacks can easily be 'socially engineered' - by telling Skype's customer support that you've lost a password and changed an email address etc... The email address associated with my Skype account was the same (before the @ sign) as my Skype name, which in retrospect seems like a weakness. So perhaps the Skype issue has nothing to do with the Trojan? I have googled "zero access" with "skype" and nothing comes up. I asked Skype how it had happened, and they blamed it on Malware. (No surprises about that!)
Thanks for your help
Edited by EspressoLab2015, 21 April 2015 - 04:56 AM.