Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit Card Details Stolen Twice - Keylogger?


  • Please log in to reply
1 reply to this topic

#1 Bignose2

Bignose2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 May 2018 - 01:28 AM

Hi,

 

Window 10, up to date. no other installed

 

Trying to keep this short & mostly I would like to know if I am probably safe now.

 

8 May 2018, I had fraudulent C/Card payments. £200 & £800 - C/Card refund OK.

I suspected (& still think) some online hack of somewhere card details held, I don't usually save but over the few years is a chance I have save, none recent.

 

9th May

Full scan with Defender & this found, I also usually run Adwcleaner runtime but nothing found.

TrojanDownloader:O97M/Donoff

It showed a doc file in my documents. I am so extremely careful about links in email so amazed how this got there

Quick scan or whatever is in the background did not pick up on this, only the full scan.

I was not especially worried, I wondered if an old file that has just been sitting there, not run but found will full scan, maybe it was, wife is careful but does use this PC from time to time.

 
11th May
Must have done another scan,
Exploit:O97M/CVE-2017-11882!rfn
Lists a different doc file.
Not sure how this was not picked up with the 9th May scan or was not fully removed or something else, new defintions perhaps?

 

Few scans since & Adwcleaner

 

14th May New card

Activated & I only entered registered this card on PayPal - All on same PC. Did not put card details anywhere else.

 

Later that night I got a warning text from Bank, sure enough fraudulent payment, This was the first payment & stopped OK. £200 to fast food delivery

Direct or online card - Not via paypal

 

I will mention & not sure why not picked up before but 99% sure can't be the issue but of course I am not an expert but generally pretty savvy. Trojan:Win32/Tilken.B!cl . This was Actiador.exe. A file on my D drive, about 4 years ago something I downloaded. Alcholhol CD writer/image thingy. Definately not run or even looked at for years but am surprised why not picked up now but of course the databases are updated all the time.

 

Changed all passwords using a chromebook. Is on same network though.

 

I just feel it is not a keylogger but is seems the most likely. Postman I trust, never had problems before. The bank new card dept must be secure.

 

Since I have run (Still not used that PC for anything important)

 

Adwcleaner
Zemana

MalwareBytes Root Beta
Malwarebytes - Installs - removed after
Kaspersky Security Scan - Installs - removed after

Chrome's Clean-Up computer

Windows 10 PC up to date & back on defender

 

Nothing found on any of these.

 

Not used ESET yet, will after posting this.

 

If I had had a keylogger good chance they would have got my PayPay password so I just feel things would have been worse, I did not change this after the first fraud.

 

I would like to stick with Defender as main AV btu would like a few run time scanner advise.

 

I mainly use chrome on the PC

Are Chromebooks safer?

 

I really don't want a format, I have so many things that have been tweeked over the years, would be days

 

Everything runs fine, seems fine.

 

I have quite a large wifi network, lots of devices, nothing suspicious, very quite rural,



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 PM

Posted 18 May 2018 - 03:26 PM

Hello and welcome, lets get a deeper look at what's happening.
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users