Ebay/Hotmail hacking

[Lowe]

Right, I'm throwing this out to the masses because I'm at my wits end.

My wife runs an ebay based shop and she's had a week of hell due to people of dubious parentage hacking into her accounts. I have absolutely no idea how they're managing to get in. Both accounts have strong passwords (random letters/numbers) and we're even using random letters and numbers for the security questions to stop people guessing those. I've run Microsoft Security Essentials over the computer several times, and nothing has popped up and also Malwarebytes whatnot which again reports nothing amiss.

So far this has happened 5 times in as many days and once they get access to the account they go on a rampage selling iPhones. So far they've run up a bill totalling £500. Ebay themselves are next to useless, however they've agreed to refund the money and have sorted the feedback/sales but they say that there's nothing else they can do to secure the account. Hotmail appears to be the same, no matter what I do with passwords etc they still manage to get in.

So - I'm guessing the computer is being compromised in some way. It's running Win7, fully up to date. Any suggestions?

[Phage]

What Av are you using ? Wireless ?

[Lowe]

Microsoft Security Essentials and Malwarebytes. Ethernet wired connection.

[Domestic_Ginger]

You are not changing the passwords from the same computer each time? Same browser?

Spybots is what I use occasionally.

[Lowe]

It has been changed from the same machine yes, we're going to try from another later on. Even worse, they've now managed to get into our actual proper online shop, separate from eBay. This just got a whole lot more serious.

[Ferral]

Try running TDSS Killer, you may have this rootkit. Happened to me and my whole system became compromised and booted into a dodgy anti virus phishing thing whenever I booted up :

http://support.kaspersky.com/viruses...?qid=208280684

I personally dont like Microsoft security essentials, I use Comodo now as it is not intrusive and not a system hog. If you decide to get Comodo select the bottom one in the list as it is AV and Firewall :

http://personalfirewall.comodo.com/free-download.html


It sounds like they have some sort of backdoor trojan / key logger or browser hijack installed on your machine. Get your downloads done on the security side of things then disconnect the machine from the net. Boot into safemode with network (just to do the needed updates for the programs), uninstall Malwarebytes. Then re install mawarebytes and update & scan and then run the TDSS Killer and setup Comodo and do full system scan before putting the machine back online in full boot.

[Phage]

Comodo do a great firewall, not sure about their AV offering. Do exactly as Ferral describes, but also runa few other scans such as SuperAntiSpyware before going back online.

If all else fails, nuke the disc from orbit and rebuild.

[Ferral]

The Comodo AV is actually very functional, works perfectly. Since I got shot of Avast (which is what I had installed when I got compromised), since Comodo installation I have had no bother at all. It picks up if a system file has been changed in any way and alerts you where you can do a clean / ignore or delete. If it cant deal with it, item gets put in a Sandbox and file details get sent to Comodo where it gets scanned and fixed if needed.

[b0redom]

In the mean time, might be worth running your business from a Linux BootCD / HDD. At least you can then be sure you've isolated the OS as a potential attack vector and for most eBay type stuff which is run from a browser anyway, you'll probably not notice the difference.

[Domestic_Ginger]

My house mate at uni spent some time setting up keloggers on the uni machines. Was only really funny because he picked up another housemates login info!

[blueball]

My house mate at uni spent some time setting up keloggers on the uni machines. Was only really funny because he picked up another housemates login info!

Wonder how many laws that breaks? Not funny and not clever.

[mycarsavw]

Remove the network cable from the back of the suspect machine.

Read this thread and start with the step by step processes.

Download the tools they suggest on another machine (use your Mac) and transfer them to the machine using a pen drive.

I've just finished cleaning a fourth laptop in as many weeks, one cleanup required signing up and posting on the above forum. Hopefully yours isn't as terminal

[jimborae]

Another vote for TDSS killer if the Alureon root kit (and associated variants) is your issue.

[Pob255]

It sounds like something nasty is going on.

Stop using that machine. if you've got a spare hard drive put a linux install or just another windows copy onto that, unplug the old hard drive and now use the spare.

checking settings on the router/modem might be a good idea too.

Hope you get this sorted, and please us know how this turns out.
(as my other half runs both an ebay shop and online shop too I really don't want to have her fall into this as well)

[killie99]

Remove the network cable from the back of the suspect machine.

Read this thread and start with the step by step processes.

Download the tools they suggest on another machine (use your Mac) and transfer them to the machine using a pen drive.

I've just finished cleaning a fourth laptop in as many weeks, one cleanup required signing up and posting on the above forum. Hopefully yours isn't as terminal

This is an excellent step by step guide.

[Lowe]

I wish it were as simple as just using another machine or firing up into Linux. Problem is all the postage is handled by a program that will only run under Windows. :/ That makes the whole Linux thing a little more awkward. At the moment she can copy paste info from the order straight into the postage program, it prints the labels and away we go. Having to manually type all the addresses in is a no go I'm afraid.

Still, I'll have a look at the machine when I get home and go from there. Thanks all for the help thus far...