Right TDSS didn't find anything so that's one down. Got rid of MSE and have now installed Comodo, cor 'eck lots of options that mean nothing to me lol!
Still, it's running a scan and now has picked up 1 threat so far: Heur.Packed.Unknown@-1
Dunno if that's real or a false positive but we'll see. SuperAntispyware and Malwarebytes are running too, nothing so far.
"Nuke the entire site from orbit. It's the only way to be sure."
-- Ripley (Aliens)
ik9000 (13-04-2011)
Right - I've nuked it into quarantine for now, submitted it for analysis too. I'm not convinced it's dodgy but we'll see.
Superspyware has found some tracking cookies and is still scanning but I didn't think those would be of a keylogging variety.
So... I'm more and more convinced that it's not the computer after all. This is bloody weird. :S Still, going through Malwarebytes now to see if that picks anything up. I'm wondering if they've somehow got into Hotmail by guessing or brute forcing, then have simply been using the 'forgot password' gubbins on the other sites to get into those. Argh!
Definately good advice. Some distros (knoppix certainly) allow you to run your home directory (and also key environment settings) from an (optionally) encrypted usb stick, so you have the benefit of a persistent environment without a vulnerable hard drive.Originally Posted by b0redom
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
http://forums.hexus.net/help-technic...ml#post2067394
Appreciate that, but it was just as a clean machine to reset all the passwords should your win7 machine prove to be compromised.
I guess you are using the SmartStamp application. Don't know if that would run under WINE.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
You can't really trust AV apps to find the latest malware.
Use tcpview to identify suspicious connections - try logging on to Ebay with dummy credentials and see if any info is submitted to to unusual IPs. I also use smsniff by Nirsoft as a simple sniffer for this purpose.
I once had to deal with the PC of a 'friend of the family' infected with..... well, everything. Out of pure curiosity, and expecting to never fully clean it, I tried cleaning it anyway. When I finished, every AV and anti-malware app I tried was finding nothing, but I knew something was still on the PC because every form I submited in Firefox (not IE) was having the corresponding information sent to a Leaseweb server in the Netherlands. I think it turned out to be a malicious Firefox plugin or extension.
So, basically monitor & sniff the traffic yourself, and from there look in to what processes, services or add-ons might be causing that traffic.
Also maybe check for hardware keyloggers?
In the past few months there have also been some MBR-based malware. GMER and Rootalyzer are useful for these sorts of things.
edit: Also, PayPal and Ebay offer a Security Key. However, they can be bypassed by an army of cheap labour in Asia and an instant keylogger
Ah right - I brought my Mac home and got the wife to reset everything on that at the in laws house so hopefully that's sorted for now. We're trying to get in contact with eBay to freeze the account as well for the next few weeks, but their phone number isn't working. :/
Yes she uses Smartstamp. I'm considering ditching the PC altogether and getting a Mac Mini for her, then chuck Parallels or similar on it just for Smartstamp. Might be a whole lot easier!
I can't advise you with regards to your problem but I'm in a similar situation where I rely on a Windows only program for my business. I run it through Parallels on my Mac with no issues whatsoever and would recommend it as an option to others.
An Atlantean Triumvirate, Ghosts of the Past, The Centre Cannot Hold
The Pillars of Britain, Foundations of the Reich, Cracks in the Pillars.
My books are available here for Amazon Kindle. Feedback always welcome!
What I suggest
Backup your important files and run a Avast Antivirus or NOD32 scan on them.
Next, full format your hard drive and reinstall Windows and all apps.
A bit of a overkill, but much quicker than battling with spyware/malware. Once a machine is infested with spyware, it's a constant battle!
Yes indeed - I'm surprised you're battling this with AV. Only way to be sure is to do a complete reinstall. Well worth the peace of mind, even if it is a tedious task.
Lowe - if you have something you have to ask where it has come from, in my experience of repairing computers, such malicious software doesn't appear out of thin air.
I definitely recommend a run of hijack this, get your mac out and google any unfamiliar processes.
Do you keep your OS/Browser/Flash/Java up to date? For the sakes of saving time and hassle, I'd do a safe mode boot, back up any files you need to an empty drive, maybe scan the drive if you have the resources to do so, but don't do it on the same computer. Then fresh install Windows.
If it's possible, maybe you should consider running weekly backups of Windows as I do, just in case anything does ever happen again.
Also, with regards to password (I'm sure your clued up already): http://www.businessweek.com/magazine...4036460585.htm
I had to repair a similar issue a while back, where the 'client' had logged in to online banking to make some changes, only to find a few days later £2,500 had gone missing from her account. After digging around it was a Java exploit, MSE found the issue and repaired it, I also cleaned up some files and examined processes after. It seemed the original exploit was obtained through a pron website her husband was visiting, ofc I didn't tell her that
Personally, I would copy my data onto usb key/another computer. Then Nuke the computer doing a complete reinstall, its the only way to be sure. You can never fully trust a compromised computer again, nuke it.
If you did want to use a linux system as it would be harder to break, you could run a windows VM for the postage program. You could end make a copy of the windows VM and run it via a snap shot so every time you boot it, the disk reverts to the orginal image!
(\__/) All I wanted in the end was world domination and a whole lot of money to spend. - NMA
(='.*=)
(")_(*)
![[GSV]Trig is online now](https://forums.hexus.net/images/hex_statusicon/user-online.png)
Might I suggest looking at her facebook account, there are lots of things on there that could be a potential mine field as far as dodgyness goes, like on like this that and the other to view pictures and various other random "apps" that are installed on the front of facebook and tie into your email/social media lifelines..
Ditching a PC for a Mac is hardly a solution though, I thought higher of you
You assume it was the husband... or were you able to tell by the login?It seemed the original exploit was obtained through a pron website her husband was visiting, ofc I didn't tell her that
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
