Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Someone used my paypal account 3

Status
Not open for further replies.
kellan4459

kellan4459

IS-IT--Management
Jul 3, 2003
84
0
0
US
I woke up Saturday morning and noticed my laptop would not start any programs. I went into safe mode and ran virus scan and low and behold I had a trojan. I then restarted the system and ran it again and I had another trojan. Both are removed. I woke up this morning and found that I had a payment out for 700.00 to an asian name to which I've never done business with on my PayPal account. I'm not sure how they got my information so I'm trying to determine if there is a way for me to determine if something was installed with the trojans that is tracing my keystrokes, or some other method of getting my information. I do not store passwords. Can someone provide me with tips to make sure my system is clean. Or if there is some other method they may have hacked my information?

Thanks
 
Sort by date Sort by votes
These are the last few found, the system locked up and the charge to paypal were on Jan 3rd.


12/24/2008 1:42:44 PM Deleted c:\System Volume Information\_restore{A8B950D4-776F-4850-9EF7-3C8A97714200}\RP1243\A0238955.exe Generic BackDoor(Trojan)

1/3/2009 1:52:09 PM Deleted c:\WINDOWS\system32\32cbf473.dll Generic.dx(Trojan)

1/3/2009 8:41:44 PM Deleted c:\System Volume Information\_restore{A8B950D4-776F-4850-9EF7-3C8A97714200}\RP1262\A0244600.dll Generic.dx(Trojan)

 
Upvote 0 Downvote
Have you informed Paypal of the theft?

Liverpool: Capital of Culture 2008
Anfield: Capital of Football since 1892
Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
there were some trojans that were specific to paypal, that logged keystrokes


most "hacks" are via phising emails etc possible DNS redirects as well

if you make sure you virus siganture is upto date you should prevent trojans, maybe try a different AV program as well
 
Upvote 0 Downvote
I have notified PayPal and my bank.

We do not log in to any links via e-mail. If we get any e-mails about our account we go to the website manually and not through the link provided because of such scams.

I have mcafee virus that is updated daily and scans daily, if it were the paypal version you speak of shouldn't this be caught by McAfee? Also would it have given me more than Generic.dx?
 
Upvote 0 Downvote
also, could a program still be running even though the trojan has been detected? and if so how can I tell?
 
Upvote 0 Downvote
Keeping your protection software updated does reduce your risk, but nothing will ELIMINATE your risk. The only SAFE computer is one that is turned off and unplugged. Hundreds of new risks are found each day - what about the ones that were NOT found?

It's also possible that your paypal password wasn't very secure in that it was easy to figure out. That has happened to several of my friends in the past.

Good luck,
 
Upvote 0 Downvote
I'm sure the password wasn't very secure but they would have to get it within so many attempts or I would expect them to be locked out. But I guess 1 attempt daily would allow it to reset or allow time for me to login and clear the unsuccessful tries.
 
Upvote 0 Downvote
i have to disagree with lhuegele, i had an unplugged PC fall off the desk onto my foot



 
Upvote 0 Downvote
as another thought do you access your account anywhere other than you home PC? ie work or web cafe?
 
Upvote 0 Downvote
not paypal, also I was off for the two weeks over holidays and so was my wife.
 
Upvote 0 Downvote
Well, if you want to make sure the immediate risks are totally gone, firstly go ahead, back up any important data, and reformat.

Make sure you have your Restore disk(s) or Windows CD ready for the reinstall, and if you have a restore partition on the hard drive instead, I'd suggest copying an image of it to a separate hard drive if possible, so that it doesn't get formatted with the rest of the disk.

I highly recommend that the only way to truly make sure all threats are history is to wipe the drive clean. That means if you have a restore partition for your system backup, you need to move/copy it to another hard drive if possible. If you have restore disk(s) or a Windows disk for reinstalling your system, then make sure you have them before the system redo.

Here's what I'd recommend, start to finish:
[ol]
[li]If you're using any form of broadband, and you do not have a firewalled router, then first go and buy one. Otherwise, the rest of this will practically be useless.[/li]
[li]Backup important files to separate hard drive or external media (CD, DVD, Thumb Drive, Ext Hard Drive)[/li]
[li]Verify you have your OS/Restore disk(s) handy or copy the restore partition to another hard drive.[/li]
[li]Verify you backed up EVERYTHING you want/need to keep - Favorites, Documents, Pictures, Home Videos, personal music, whatever.[/li]
[li]Download DBAN (for your choice of CD, floppy, or now, thumb drive)[/li]
[li]Load DBAN to whatever media type you chose (make sure the computer can boot from that particular media type.)[/li]
[li]Insert the DBAN media into the computer.[/li]
[li]Restart the machine - if need be, go into your BIOS settings with <Del>, <F2>, <F10>, <F11>, or whatever your computer is setup to recognize, and verify it is set to boot from that particular media type before the HDD.[/li]
[li]Once your BIOS settings are verified/changed, save and exit that, boot on into the system. You should boot to Darik's Boot and Nuke - if you got to Windows, you didn't do something correctly - go back and verify what you did.[/li]
[li]Once the DBAN screen comes up, type in autonuke, and leave the machine running. It'll usually take at least an hour or two, so be prepared to just wait - since it CAN take many hours at times, I often just do this before going to bed.[/li]
[li]Once the DBAN wipe is complete, you'll see a black screen with something like "wipe complete, ... hit <Enter> to re-save the results file to floppy." If you see this, remove the DBAN media (assuming not already done), insert your restore/OS media, and restart the computer (If you had to backup your restore partition, now would be the time to put that back, and THEN restart the PC.[/li]
[li]Follow the appropriate steps for reinstalling your system. If you have the choice given (depends what sort of restore/OS media you have, I recommend having at least 3 partitions created - one for Windows/Program Files/Settings, 1 for Documents and such, and 1 for your Swap File or Virtual memory)[/li]
[li]Make sure your copy of Windows is up to date.[/li]
[li]Install security software. I suggest these (all are free, some you have to specify the free version):
[UL]
[LI]AVG Free Edition 8[/LI]
[LI]Windows Defender (installed by default on Vista)[/LI]
[LI]SpywareBlaster[/LI]
[LI]Online Armor Firewall[/LI]
[LI]Malwarebytes AntiMalware[/LI]
[LI]Super AntiSpyware - I'd probably just disable the auto-startup options, and only use for scanning, occasionally.[/LI]
[LI]DrWeb CureIt - not an install, but not a bad idea to keep around.[/LI]
[LI]CCleaner - not really security, but to clean out temp files, where lots of malware likes to hide.[/LI]
[/UL]You can get the first 3 of those at and the rest at www.download.com[/li]
[li]Configure your setup to your liking - other apps, such as any sort of Office Suite, Picture/Media apps, etc.[/li]
[li]If you used imaging software to backup your restore partition... or if you have or want to buy such software, now would be a good time to create an image of your current setup in case something still happens in the future.[/li]
[/ol]

Anyway, I probably went a bit overboard in detail there. But that is what I would personally do if it were my machine, assuming I had the time, or assuming that I could do it one bit at a time over a decent stretch.

Whatever you do, don't get in a hurry, in case you might miss something.

If you have questions on any particular items in my list, ask. You can also look at the item descriptions, and read reviews of them online.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
Thanks, I did a simple format and reinstall last night. Definitely not to that detail. I have a few of the programs you listed but will definitely look into getting the others.

Is AVG better than McAfee?
 
Upvote 0 Downvote
when I say simple I mean a complete format of the main partition, but not of every partition
 
Upvote 0 Downvote
The DBAN format is much more intensive than any format you do with Windows setup. It deletes EVERYTHING - it basically puts your hard drive back to the state just like it came from the store - no partitions, no anything. Well, I'm sure it isn't back to the same as the store, as in not as much life left to it by this time, etc. [wink]

I personally like AVG better for these reasons:
[OL][LI]It's FREE[/LI]
[LI]It consistently ranks with the best of them in "real" antivirus tests - unbiased, not trying to market a product - see [/LI]
[LI]Generally, you'll have far less resource usage with AVG and others than with McAfee. If I were buying an AV setup, I'd get Norton over McAfee, and today, I might possibly get Nod32 over either.[/LI]
[/OL]

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
I'll have to disagree on AVG. I used to have it and it never found anything, including programs that I knew were there. Several of my friends have said the same thing. We are all in the information security field, so we have software that isn't considered kosher, such as netcat. I typically have several malware samples on my system as well. AVG never picked them up.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
TechieMichael,

What do you recommend as apposed to AVG?

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
I'm partial to McAfee right now. I used the Enterprise version a couple of years ago and really liked it. It is a bit resource intensive, but it also seemed to work better than some of the others at the time, like Norton. The place that I worked with had a lot of problems with Norton and it not picking things up. While the home user won't be able to get Enterprise, the home version should be decent as well.

I also have BitDefender installed on a couple of machines and it seems decent as well.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
I have to say I have not had any problems with AVG so long as you keep it upto date and also run something like Malwarebytes or Ad-Aware as well

we used to have McAfee and went to CA due to pricing now moving to Symantec V11, when assesing the differen version i found a comparison table (trying to find the link) and of the free versions AVG was rated the best
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
136
Sameer258
Sameer258
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
37
RodneyMcSnow
RodneyMcSnow
MeesterDull
  • Locked
  • Question
Can't remote into my SonicWall
Replies
0
Views
25
MeesterDull
MeesterDull
lecarbajal
  • Locked
  • Question
Firewalll ASA account
Replies
1
Views
25
brainpk
brainpk
diembi
  • Locked
  • Question
McAfee can stop my not virus process?
Replies
0
Views
33
diembi
diembi

Part and Inventory Search

Sponsor

Back
Top