I lost quite a bit of money from my PP account. PP says the transactions came from my computer?
Malware Scan=
Key Logger?
log files
You have two PUPs (Potentially Unwanted Programs) installed - Malware Protection Live and Spigot. Although highly undesirable, neither is particularly malicious and I doubt they would have anything to do with the mystery PayPal transactions.
Did you allow Malwarebytes Anti-Malware to remove them? If not, do so now.
I can see no sign of a rootkit in the MBAM log file, however, I would still scan again with a dedicated rootkit scanner: https://www.malwarebytes.org/antirootkit/?tracking=Awin&awc=5663_1461881507_d847a54ffe82306274df96b64fa5b501
Have you changed your PayPal account password? If not, do so now!
Please use a strong password - minimum 10 characters, no dictionary words, include upper and lower case letters, at least one random character (such as $%^&*), plus a combination of numbers and letters: e.g. CBT#56dct=5STr
How and where do you save your passwords?
Have removed all PUP's
Changed all passwords using 16 characters as you suggested.
Will do another scan per your suggestions.
passwords stored in a word doc not named password...move to a flash card?
Thanks Jim
No root kits per MBAM
Never keep an open list of passwords stored on the computer. One thing I forgot to mention - do not use the same password for different accounts, use a different password for each account.
Either use a password manager, where all passwords are encrypted and protected by a master password. Or, if the computer is in a safe environment, that is at home as opposed to any work or shared situation, print out the list of passwords and keep a hard copy somewhere secure. Then move the digital list (word doc) over to external media (flash card would be fine) as a permanent record.
I do both, I use a password manager, which allows me to log-in to accounts automatically, and keep a book of passwords in a safe place.
Recommended password managers:
Roboform: http://www.roboform.com/how-it-works - free for up to 10 log-ins. Full version (more than 10 log-ins) costs $9.95us for the first year and $19.95us for each subsequent year - well worth the money.
Last Pass: https://lastpass.com/ - free edition more than adequate for one PC/device, Premium edition costs $12.00us per annum (scroll down to the bottom of the page for feature comparison).
Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass
The accounts that were hacked had unique passwords.
Accounts, plural? What other accounts were hacked?
I hate to suggest thus BUT, most likely scenario here is someone you know, or someone who might have had access to the computer at some time.
2 diff PP accounts.
This happened while I was the only person in the house.
What happened while you were the only person in the house Terry? That your PayPal accounts were hacked?
Your passwords could have been accessed and copied at any time prior to the illegal transactions. In fact, it would make sense for a perpetrator to wait for while, until a time when suspicion would not necessarily fall on them.
Don't get me wrong mate, this is all supposition on my part. Merely an educated guess based on the absence of any rootkit/malware or any other obvious explanation.
Moderators
carbonterry2 said
Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass
Sounds like the most likely scenario?
PP says that the transactions came from my computer?
I don't understand how PayPal could say unequivocally that it was your computer. Even if logging the IP address, that still isn't proof positive that the computer was yours. Anyway, PayPal should be able to provide you with details of all the transactions.
If these transactions did come from your computer, a confirmation email would have been immediately forwarded to the email address associated with your account. Did you receive any confirmation emails?
Have you responded to any emails from PayPal recently (prior to the illegal transactions) which asked you to "verify" or "update" your account details, or similar?
Six, OK seven, things that immediately come to mind...
1. PayPal should be able to provide the dates/times/IP addresses that have accessed the account. I would ask for that immediately. From there you can determine anything that looks out of the ordinary.
2. Find out if PayPal can, or will, recover any of the money!
3. Move any additional funds to your bank account and only keep enough in PP to handle any transactions.
4. LastPass was breached last year. If you did not change your password and/or hint there may be a chance that information was accessed, especially if you had an easy/insecure master password/account login. http://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/
5. Immediately change the passwords for other financial accounts and LastPass - use STRONG passwords.
6. Do a full scan with your (updated) AV software. Then scan it again with several of the online scanners from the major players (I'll add links below). Note that some won't be able to run from FF or Chrome.
7. If there is any sign of infection nuke the computer with extreme prejudice - and by nuke I mean wipe it and start from scratch.
http://www.eset.com/us/online-scanner/
http://www.bitdefender.com/scanner/online/free.html
http://www.pandasecurity.com/usa/support/tools_homeusers.htm
https://security.symantec.com/nbrt/npe.aspx
1 Guest(s)
