Karl`s PC Help Forums

What the hell could be going on ?
charles - 17-4-2008 at 08:53

Some weeks ago somebody got into my online banking and opened a web saver account in my name,which showed up online, I had to close that account and open another which was a pain.
Now the other day I found I could not get to view my online accounts as it woud not accept my password,I phoned up the bank and they said the password was changed the day before at 10.20 am, so I told them that I had not changed it.
Anyway they have suspended access to it unitl They send me a new one.
Now How could that happen,could I have an infection which is sending my info to a scammer ? if so is it best to reformat
and start again


Quaver - 17-4-2008 at 09:34

Perhaps post a hijack this on the Virus forum?
Are you sure someone living at your house hasn't changed it? Are there some mischievous kids hanging around in your house?
Do you have wireless router?


SRD - 17-4-2008 at 09:47

Which bank is it charles? Others may be having the same problem and, if it's the bank's security that's been compromised, we can avoid using that bank.


charles - 17-4-2008 at 11:11

Quote:
Originally posted by Quaver
Perhaps post a hijack this on the Virus forum?
Are you sure someone living at your house hasn't changed it? Are there some mischievous kids hanging around in your house?
Do you have wireless router?



There is only me and the wife,even she does not know my username or password,and no I do not have a router.


charles - 17-4-2008 at 11:12

Quote:
Originally posted by SRD
Which bank is it charles? Others may be having the same problem and, if it's the bank's security that's been compromised, we can avoid using that bank.


Halifax


Dreamweaver - 17-4-2008 at 11:48

Have you done a full virus scan recently Charles?


charles - 17-4-2008 at 12:10

Quote:
Originally posted by Dreamweaver
Have you done a full virus scan recently Charles?
I was using AVG 7.5 I have,yesterday purchased the full 8.0 edition, it scans each day at 12 noon, today however it did pick up an unwanted programme which I did not seem to understand so its got rid of that.
I have today had another word with the Halifax and they say the only way people can get your info is to put a trojan in your system and collect every thing you type,
what I don't understand is if like today they send me a temporary password what would the scammer gain because they have not got it,it came to me. also why would they want to change my password as they would need the old one to do that? and they could continue using that.


Quaver - 17-4-2008 at 12:16

Quote:
Originally posted by charles
what I don't understand is if like today they send me a temporary password what would the scammer gain because they have not got it,it came to me. also why would they want to change my password as they would need the old one to do that? and they could continue using that.

They may be just having fun. Have you checked for spyware/malware? Spybot?


charles - 17-4-2008 at 12:21

The virus it picked up says in the vault...

potentialy harmfull virus--hack tool. DEW

Could that have been it ? and is putting it in the vault ok?


charles - 17-4-2008 at 12:23

Quote:
Originally posted by Quaver
Quote:
Originally posted by charles
what I don't understand is if like today they send me a temporary password what would the scammer gain because they have not got it,it came to me. also why would they want to change my password as they would need the old one to do that? and they could continue using that.

They may be just having fun. Have you checked for spyware/malware? Spybot?


I do have also,spyware doctor


John_Little - 17-4-2008 at 12:49

You haven't "confirmed your details" in response to an email request, have you?

But I take it they have fully guaranteed your money. If not, it would rather knock a dent in their business.


John Barnes - 17-4-2008 at 13:24

Judging by some intensive searching on my part
it looks like you have at some stage inadvertently downloaded a malicious joke programme with the exe coming under hack tool Dew, this is quite new and if you Google this it may tell you more about it F.Pri.(w97m)proxy course.
it puts a trojan under your system that will allow information to sent to some out side source.
I would go onto the Symantec site and get a free virus scan and make sure you get a clean system it will be no good just changing your passwords because if the trojan is still on your system it will only report back your new passwords . this trojan could be a key logger .this interprets all your key board typing and will show up any passwords or numbers so it is imperative to get your system clean
personally Charles I never do on-line banking as when I did my 5 years course on computing I got to know guys who could make a computer sing, and no bank is going to advertise they have been hacked or tricked ,it is bad for customer security, I would do all your banking the old fashioned way before computers were thought of . any how that my opinion for what it is worth. jmb


LSemmens - 17-4-2008 at 13:42

It may be worthwhile getting yourself over to the virus help forum, Charles and letting Pancake give your system the "once over"


charles - 17-4-2008 at 14:25

Quote:
Originally posted by John Barnes
Judging by some intensive searching on my part
it looks like you have at some stage inadvertently downloaded a malicious joke programme with the exe coming under hack tool Dew, this is quite new and if you Google this it may tell you more about it F.Pri.(w97m)proxy course.
it puts a trojan under your system that will allow information to sent to some out side source.
I would go onto the Symantec site and get a free virus scan and make sure you get a clean system it will be no good just changing your passwords because if the trojan is still on your system it will only report back your new passwords . this trojan could be a key logger .this interprets all your key board typing and will show up any passwords or numbers so it is imperative to get your system clean
personally Charles I never do on-line banking as when I did my 5 years course on computing I got to know guys who could make a computer sing, and no bank is going to advertise they have been hacked or tricked ,it is bad for customer security, I would do all your banking the old fashioned way before computers were thought of . any how that my opinion for what it is worth. jmb


I only have it online to check my bank account and investments, by putting that virus in the vault won't that put an end to it ???


Quaver - 17-4-2008 at 14:45

Quote:
Originally posted by charles
I only have it online to check my bank account and investments, by putting that virus in the vault won't that put an end to it ???

If you have one virus, the chances are you could have more. Why not post a hijack this log for Pancake to look at just to make sure?


Dreamweaver - 17-4-2008 at 14:47

It should be the end Charles,
but I have found Symantic (link is at the top of the page) to be a thorough scan that picks up on virus' that other's don't.


John Barnes - 17-4-2008 at 16:46

If you are doing a virus check also turn off your system restore and when virus check is finished turn it back on again as a virus can lurk within and re surface when you have completed your virus check.
in the vault is safe .jmb


charles - 17-4-2008 at 16:53

Quote:
Originally posted by John Barnes
If you are doing a virus check also turn off your system restore and when virus check is finished turn it back on again as a virus can lurk within and re surface when you have completed your virus check.
in the vault is safe .jmb


How do I turn off the system restore John ?


Quaver - 17-4-2008 at 17:07

Quote:
Originally posted by charles
How do I turn off the system restore

In WinXP, Control panel - system - system restore - turn off system restore.


charles - 17-4-2008 at 17:14

Quote:
Originally posted by Quaver
Quote:
Originally posted by charles
How do I turn off the system restore

In WinXP, Control panel - system - system restore - turn off system restore.


Cheers,why does one have to turn off restore ?


Dreamweaver - 17-4-2008 at 18:58

Quote:
Originally posted by John Barnes
If you are doing a virus check also turn off your system restore and when virus check is finished turn it back on again as a virus can lurk within and re surface when you have completed your virus check.
in the vault is safe .jmb


But don't forget to turn it back on after scan :)


Daz - 17-4-2008 at 21:18

TBH, if I'd been hit like this, I'd be re-formatting the disk, scanning all of the remaining files I intend to keep, and starting from scratch with the rest.

I'd not be taking a chance anywhere, especially where my finances were concerned.

Once I was happy I was clean, I'd be using a proper anti-virus and anti-spyware tool.

Online scans here....

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan.htm

http://www.kaspersky.com/virusscanner


scholar - 17-4-2008 at 21:39

Quote:
Originally posted by charles
Cheers,why does one have to turn off restore ?

I think your answer is included in what Jmb posted:
Quote:
a virus can lurk within and re surface when you have completed your virus check.


John Barnes - 17-4-2008 at 22:25

Because when a virus check is instituted it does not check the restore files so when you reiceve a clean system after a virus check the virus lurking in the system restore files will re infect your clean system jmb

ps if I get anything that is so difficult to remove remember you can always try starting in safe mode and delete from there pressing F5 while booting up will do the trick in XP and if no joy then i do as Daz suggests reformat and install again if I remember correctly you have a system disc. jmb


scholar - 18-4-2008 at 03:07

Well explained, Jmb.;)

I often think about the opportunities for computer learning, here. I am so much more satisfied when I apprehend the instructions, instead of following them without real understanding.


charles - 18-4-2008 at 09:16

Quote:
Originally posted by John Barnes
Because when a virus check is instituted it does not check the restore files so when you reiceve a clean system after a virus check the virus lurking in the system restore files will re infect your clean system jmb

ps if I get anything that is so difficult to remove remember you can always try starting in safe mode and delete from there pressing F5 while booting up will do the trick in XP and if no joy then i do as Daz suggests reformat and install again if I remember correctly you have a system disc. jmb



I will get it reformated, the chap who did it created a partition
for a D drive so it would be easier to do without losing lots of stuff,but could a virus also be in there ?


charles - 18-4-2008 at 09:18

Quote:
Originally posted by Daz
TBH, if I'd been hit like this, I'd be re-formatting the disk, scanning all of the remaining files I intend to keep, and starting from scratch with the rest.

I'd not be taking a chance anywhere, especially where my finances were concerned.

Once I was happy I was clean, I'd be using a proper anti-virus and anti-spyware tool.

Online scans here....

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan.htm

http://www.kaspersky.com/virusscanner



I have AVG PAID VERSION 8.0


Quaver - 18-4-2008 at 09:26

Why not ask Pancake for his advice? He's the expertkewl_glasses You may not need to reformat?


charles - 18-4-2008 at 10:01

Quote:
Originally posted by Quaver
Why not ask Pancake for his advice? He's the expertkewl_glasses You may not need to reformat?



To be quite honest,I have forgot how to do the high jack log


Quaver - 18-4-2008 at 11:42

http://www.bleepingcomputer.com/files/hijackthis.php


charles - 18-4-2008 at 11:49

Just had the virus or whatever analised by avg it comes back as follows.

"D:System Volume Information_restore{9782C258-B89A-4B76-BAAB-F596BED4751A}RP279A0110036.exe" - detection is correct

What does all that mean ?


charles - 18-4-2008 at 12:47

Quote:
Originally posted by Quaver
http://www.bleepingcomputer.com/files/hijackthis.php



Cheers have done that now, who is pankake is he a wizard in these things ?


Quaver - 18-4-2008 at 12:57

Quote:
Originally posted by charles
Cheers have done that now, who is pankake is he a wizard in these things ?

Yes:magic)


LSemmens - 18-4-2008 at 14:38

See my comment after you HJT log, Charles. Pancake is our resident Anti nasty expert. He's in OZ, so may not be on at the same time as you.


John Barnes - 18-4-2008 at 20:52

By the look of things of what you posted Charles your virus has been detected in the restore system so turn off system restore on the D drive then do your virus check and then turn the system restore back on, I agree Pancake is your man for hijack logs and ridding your system of nasties but I am not being funny here Charles I think you may struggle with some of his involved advice he may give you, as you will have to be au -fait with your knowledge of computers to accomplish some of his remedial actions, but i hope you clear the system of your nasty jmb


charles - 18-4-2008 at 21:40

Quote:
Originally posted by John Barnes
By the look of things of what you posted Charles your virus has been detected in the restore system so turn off system restore on the D drive then do your virus check and then turn the system restore back on, I agree Pancake is your man for hijack logs and ridding your system of nasties but I am not being funny here Charles I think you may struggle with some of his involved advice he may give you, as you will have to be au -fait with your knowledge of computers to accomplish some of his remedial actions, but i hope you clear the system of your nasty jmb




Cheers John,
I think a reformat is the answer don't you ?


John Barnes - 18-4-2008 at 22:26

I have just looked at your hijack and the other guy has told you to get rid of of Cleanator it is 04 on your log this a dangerous exe file that keylogs and passes info onto some unknown source .jmb

you have my email if you need a disc or two jmb

I have sent a u2u message


scholar - 19-4-2008 at 03:40

If anyone doesn't know, a keylog is a program that keeps track of each key you press on the keyboard and makes a file from them.

From Jmb's description, this is a serious problem.:o

It would record when you type passwords, PINs, etc.


charles - 19-4-2008 at 08:46

Quote:
Originally posted by John Barnes
I have just looked at your hijack and the other guy has told you to get rid of of Cleanator it is 04 on your log this a dangerous exe file that keylogs and passes info onto some unknown source .jmb

you have my email if you need a disc or two jmb

I have sent a u2u message


I have just got rid of cleanator, how could something like that get on my pc? and do you think that was the reason for my problems at the bank ?


LSemmens - 19-4-2008 at 12:21

It's a good chance, Charles. If you've managed to find that one, I bet there will be others, wait and see what Pancake has to say.