Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop accessed remotely without my knowledge?


  • Please log in to reply
3 replies to this topic

#1 MWraith

MWraith

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 August 2017 - 03:53 AM

I would like to know if the subject line is possible, and if so, how to detect it.

The issue arises as follows:

i) Yesterday I noticed that my available credit card balance was around £1000 lower than expected.

ii) I contacted my bank (Nationwide) to ask what the pending charges were. I did not recognise any of them.

iii) They informed me that the charges were all made via a device that I had used to make other, earlier, transactions. They told me some of these transactions and I was able to identify the device as my home laptop (it's a gaming laptop and has never left my desk). No other person has access to my apartment or my laptop. They say that they were able to confirm this by something called 'DeviceID'. They confirmed that this is not MacID, VolID, or IP, but would not go into any further details.

iv) I was able to obtain the times of the transactions from Nationwide. Three of the transactions occurred at a time when I was at the laptop, using it to watch Youtube videos and also to watch SkySports. The fourth transaction occurred while I was asleep.

v) I have checked my laptop with Malwarebytes and a couple of other antiviruses. I have checked my running processes one by one. I have run Netstat but not sure I would know a suspicious IP if I saw one and checking them manually seemed difficult. I have never installed any remote access software such as Teamviewer of any kind.

vi) (If it matters) My laptop is not connected by Wifi. I have (and at all material times had) an ethernet cable plugged into it directly from the router.

 

vii) (Also if it matters) Until I contacted my bank I had not the slightest idea that anything might possibly be wrong with my laptop. Malwarebytes has never found a threat, the laptop runs smoothly and fast without any slowdowns and just generally functions like one would expect a high-end gaming laptop to function.

Basically I don't think there is anything wrong with my laptop and think my bank are full of it when they say the transactions were made from my laptop. I think they are either (i) incompetent; or (ii) saying that my laptop is the source of the transactions so that they can deny my refund request (likely due to carelessness rather than malice).

First: is it even possible that someone else had access to my laptop remotely without my knowledge in this way? Second: if it is possible how could I find out if it was happening?

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:14 PM

Posted 26 August 2017 - 05:59 AM

Welcome to BC...

Were these purchases something that would need to be shipped to an address? If so, did the bank tell you where the purchases were shipped?

I agree that it is likely the bank does not know if your computer was used or not. But just to be sure you can start a new topic in the malware removal

forum to confirm that there is no malware on the computer. Another suggestion is to access your router and secure it by replacing the default password

with your own, blocking remote access and confirming its firewall is active.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 MWraith

MWraith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 August 2017 - 06:10 AM

Hi,

 

Okay I'll do that.

 

The purchases were made at a travel agency, a hotel booking agency, and a taxi company. I asked for more information but my bank wouldn't provide it. It doesn't seem like anything purchased from them would need to be shipped, though.



#4 buddy215

buddy215

  • Moderator
  • 13,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:14 PM

Posted 26 August 2017 - 08:11 AM

The first two...travel agency and hotel booking...many websites run by criminals posing as those two. Not unusual for

them to be involved in CC fraud. My prepaid debit card was used by criminals to make purchases at an obviously criminal

website posing as a clothing business. In my case, I was reimbursed the $600 within 2 weeks. I don't use regular CCs or any

bank debit card that I have a checking or savings account with for online shopping.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users