Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reading .cap File and finding malicious activity


  • Please log in to reply
4 replies to this topic

#1 Cibot

Cibot

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 04 February 2018 - 09:56 AM

Hello,

 

in followup of my thread : https://www.bleepingcomputer.com/forums/t/669746/steam-password-keylogger/#entry4438386

I've created this one to seek help and to try get someone with enough knowledge to find something malicious. 
I don't know if you can even identify malicious activity in these network captures but if you know how you COULD please do tell me.

 

My problem is that basically there is some service/application/whatever that somehow gets my steam password and most likely sends it over the internet to somebody.

I'm running glasswire, which is pretty much a Firewall program and shows you internet activity. I couldn't find anything really suspicious there.

 

I've listed everything I've done to identify the problem in the thread above.

Here is the Microsoft Network Monitor cap, if you need it : https://ufile.io/s8cha

 

I'm connected with LAN and have a Windows 10 PC. I've reset my router so I don't think it's compromised. 

 

Attached Files

  • Attached File  MTB.txt   24.26KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:12:03 AM

Posted 05 February 2018 - 12:43 PM

Are you getting an e-mail from Steam saying that someone is trying to log into your account, or are you getting an e-mail from Steam with a code to authorize your Steam account on a new machine?



#3 Cibot

Cibot
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 05 February 2018 - 02:40 PM

It's an email with a code. Meaning they got the password and account name right. 



#4 Kilroy

Kilroy

  • BC Advisor
  • 3,335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:12:03 AM

Posted 06 February 2018 - 12:47 PM

Have you updated the firmware on your router?

 

Have you changed your Steam password?



#5 Cibot

Cibot
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 07 February 2018 - 01:12 PM

Yes I have reset my router and updatet to the latest patch. It's a 7430 Fritz Box.

Yes I have changed my password.

All measures I've taken yet, have been described in the above posted link.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users