Jump to content

Desperate for help (Banking information stolen FOUR times!)


Recommended Posts

I really need help.. I can't afford professional services to fix my new computer.

 

Since last November, my banking information has been stolen four times now. The most recent a few days ago.

I have outruled that it happened here. I am sure it is computer related. What's more strange, the transactions are all going to donations to religous organizations around the country.

 

I have a new Windows 8.1 PC computer. Last night I restored it to factory condition because system restore didn't protect me.

I even downloaded a VPN switcher program, that didn't prevent my information from being stolen either.. I'm not convinced returning it to factory

condition is really going to do the trick.

 

These hacks have happened on my old laptop, and my new computer.

 

I have of course scanned with Lavasoft, Spybot, McAffee.. it doesn't stop the hacks.

 

So as I said, my PC was restored to original factory settings last night. Not convicned this will do the trick.

 

Can some one please help me locate this trojan/worm or whatever it is stealing my information? Clearly there

is a keylogger I cannot be rid of at this point.

 

 

 

 

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Thanks Kevin,

Everything works accordingly on my system.. But some how my debit card number has still been stolen four times now.

It isn't going on in my community, that I'm sure of. I live alone, no one is stealing my card in preson.

 

Which begs the question, it has to be on this computer. Even when I bought a new computer to avoid it, it happened again any way.

 

So last night I re-installed windows 8 to factory settings.. but I read that doesn't always wipe out all trojans/worms.

 

Malwarebytes Anti-Root RootKit said it detected nothing...

 

Here are the files you requested from Anti-root attached.

mbar-log-2015-03-03 (17-52-40).txt

system-log.txt

Link to post
Share on other sites

There are many reasons why your CC details have been harvested, as you say within the community, your PC or possibly a router, if that is how a connection is made to the internet...

 

An infected system that has the OS reinstalled can still be infected if the hard drive is not formatted before the reinstallation is done.

 

I assume passwords for the breached cards have been changed after each occasion? I would definitely reset the router (if one is ued) to clear that possibility. Go to the router manufacturers website for instructions...

 

Next,

 

W also need to run a very thorough online AV scan to ensure nothing has been missed...

 

ESETOnline.png Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 


Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:


Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:


Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Let me see the log from ESET in your next reply......

 

Kevin...

Link to post
Share on other sites

John,

 

I have to state this for the record. My computer was working flawlessly after the re-install in terms of performance (only).

The moment I ran this scanner my entire computer is not working correctly... I can't click on any icons, everything is working

like it now has a virus installed disrupting all the basic functions. I also downloaded the 30 day trial but havn't used it yet.

The only thing I am running is the Online free scanner and my entire windows ceased to work properly..

 

I'm responding in another computer to write this. It's stuck at 5% on Scanning, with only 57 files scanned, and 10 minutes of time has elapsed.

Also cannot use the computer.

 

This is really strange....

Link to post
Share on other sites

Also yes passwords were changed, but I have no evidence that any accounts have been logged into..

My gmail never shows any IP addresses that aren't my own in the sign in activity, and other accounts usually have record

when another computer logs in.....

 

It's just my actually Debit card number that continues to be stolen literally weeks after I've gotten a new one. Four times now unfortunately.

I feel like maybe I'm being targeted. I'm really desperate for help.. I don't understand why my new PC with windows 8 would cease to operate

correctly for the first time ever since having it. This has never happened before until I started to run the free scan you just told me to run.

Link to post
Share on other sites

Also,

I'm really sorry I keep writing here..

 

But I just did an emergency shut down.. And I can't even log on yet.. It's trying to install windows updates and I'm seeing "We couldn't complete the updates, undoing changes, don't turn off your computer"... Again. Windows 8.

Link to post
Share on other sites

If ESET scan was set the way I asked I see no reason why your system should respond as you state, no changes would have been made when the scan was running... It would have been a purely diagnostic scan....

 

 

To perform the scan:

 

  •  

  • Make sure that Remove found threats is unchecked.

 

If you power the system off during a scan or even when the system is idle it can cause damage, not only to the system but also the hard drive......

 

What is the current status....

Link to post
Share on other sites

The entire system stopped working. I couldn't do anything other than move the mouse around. I mean it started operating as if a virus was there all of a sudden.

I havn't seen that sort of chaos since the old days with earlier Windows systems.. My system showed no signs of a virus of that nature until I started the scan. The scan as I said, wouldn't get passed 30 files, and elapsed for 10 minutes with no progress as all of this was going on.

 

It left me with no choice but to force a system shut down.. I did exactly as you stated and am not blaming you at all.

I feel like I'm being targeted, as if some one knew I was running that software and just put a stop to it..

 

For the last 20 minutes it's been this on my Windows 8 start up screen "Windows couldn't' complete the updates, undoing changes, dont turn off your computer".. I am unsure if it will ever get out of that screen...

Link to post
Share on other sites

Ok Kevin,

After much patience, it took a couple of hours just to get my computer to process the moves it took to get to PC reset.

It was as if it took 5 minutes for each click of my mouse to be recognized.. Finally I was able to actually click Reset PC.

System restore totally failed. My PC is back up and using it now.

 

The first thing I did was log into my Gmail, and check log in sessions. My Laptop and PC are coming from the same IP address all of a sudden (never have had this happen before).

I just reset this PC to factory settings, so how could it match up with my laptop IP? Not sure if that's any indication of anything. They should be different..

 

Is there another program we can use to get you the information you need to find out what is on this PC permanently now? I'm too nervous to try that 

diagnostic tool again... It was sheer luck that I was even able to get it to reset this time as I stupidly forgot to make backup CD's or a backup USB.

Link to post
Share on other sites

Most home routers are set, by default, to use a service called Network Address Translation (NAT) to provide Internet access. It takes your internal traffic, assigns the router's public IP as the source, and then tracks the return traffic to send the response to correct inside IP.

To see your internal IP address's, go to a command prompt (Start > Run > type cmd and hit enter) In the black window type ipconfig and hit enter. your internal IP will be displayed in the list under your network adapter. Do the same for both computers, they should differ...

 

Next,

 

Reset your router: http://setuprouter.com/networking/how-to-reset-your-router/

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Next,

 

Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop.

 


Double click theaswMBR.exe icon, and click Run
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

Post those logs,

 

Thanks,

 

Kevin......

Link to post
Share on other sites

Hi Kevin,

I really hate to say this but resetting my router isn't something I can do right now. 

My room mate upstairs has a separate unit, and the router is in his place. He has a night job and sleeps all day so I'm not able to cause him the trouble.

Is this an absolutely necessary step?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.