Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC was taken over remotely and was buying Itunes gift cards on ebay.


  • Please log in to reply
6 replies to this topic

#1 pyro926

pyro926

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 May 2016 - 07:20 PM

Hello.

I didn't find anything like this in the searches, if it needs moved to another topic, I apologize.

Yesterday morning my computer was accessed by an unknown person and they were buying 2 $100 ITunes gift cards on Ebay. I watched the cursor move around my screen and select items, so I know it wasn't someone physically accessing my pc. They were not able to complete the purchase because I shut my computer down. I was able to get a screenshot of the checkout page and the email address he was trying to send the gift cards to. They were able to download "Webbrowser Passview" and access many of my saved passwords. I have since changed all my important passwords.

 

I have team viewer installed on my PC and it was suggested to me that was how they gained access. I can attach the log for this incident if that would help.

I am running my pc on safemode at the moment and unhooking from the internet when it's not in use.

I have avast as my antivirus. I'm running Malwarebytes right now. I'll add the results if it shows anything.

 

My questions are:

How do I prevent this from happening again?

Who (if anyone) should I report this to?

 

Thank you for any help you can provide.

-Gabe


Edited by Orange Blossom, 16 May 2016 - 12:43 AM.
Moved to AII from General Security. ~ OB


BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:08:19 AM

Posted 15 May 2016 - 07:53 PM

  You have already turned off any and all remote access services, remote client/host services, and Teamviewer for now?


Edited by RolandJS, 15 May 2016 - 07:54 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 pyro926

pyro926
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 May 2016 - 10:33 PM

I turned off TeamViewer, but I'm not sure how to shut down the rest.

#4 RolandJS

RolandJS

  • Members
  • 4,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:08:19 AM

Posted 15 May 2016 - 10:49 PM

I googled "shutting off remote access" and got this:

https://www.google.com/search?q=Shutting+off+remote+access&rlz=1C1VSNC_enUS601US601&oq=Shutting+off+remote+access&aqs=chrome..69i57j0l5.13999j0j4&sourceid=chrome&es_sm=122&ie=UTF-8

Ignore URLs about setting up remote access; there are several about disabling/shutting down remote access.

Perhaps google:  "shutting off remote access Windows [what you have - 7, 8, 8.1, 10]" -- probably will give you the info you need.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 pyro926

pyro926
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 17 May 2016 - 11:03 PM

I did get remote access turned off. Do you think it could have been team viewer?

#6 RolandJS

RolandJS

  • Members
  • 4,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:08:19 AM

Posted 18 May 2016 - 05:31 AM

I did get remote access turned off. Do you think it could have been team viewer?

I do not know.  I'll listen in and learn right alongside with you from the wisdom of the others in BC.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 LookAPancake

LookAPancake

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:09:19 AM

Posted 30 May 2016 - 03:01 PM

Have you talked to anyone in any chatrooms lately that could have possibly gained access to your TeamViewer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users