Stolen Money

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Stolen Money
Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
1
April 28, 2016 - 11:39 am
sp_Permalink sp_Print

I lost quite a bit of money from my PP account. PP says the transactions came from my computer?
Malware Scan=

Key Logger?

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
2
April 28, 2016 - 11:46 am
sp_Permalink sp_Print sp_EditHistory

log filesmal-1.JPGImage Enlarger

mal-2.JPGImage Enlarger

sp_PlupAttachments Attachments
Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
3
April 28, 2016 - 6:28 pm
sp_Permalink sp_Print sp_EditHistory

You have two PUPs (Potentially Unwanted Programs) installed - Malware Protection Live and Spigot. Although highly undesirable, neither is particularly malicious and I doubt they would have anything to do with the mystery PayPal transactions.

Did you allow Malwarebytes Anti-Malware to remove them? If not, do so now.

I can see no sign of a rootkit in the MBAM log file, however, I would still scan again with a dedicated rootkit scanner: https://www.malwarebytes.org/antirootkit/?tracking=Awin&awc=5663_1461881507_d847a54ffe82306274df96b64fa5b501

Have you changed your PayPal account password? If not, do so now!

Please use a strong password - minimum 10 characters, no dictionary words, include upper and lower case letters, at least one random character (such as $%^&*), plus a combination of numbers and letters: e.g. CBT#56dct=5STr

How and where do you save your passwords?

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
4
April 29, 2016 - 11:57 am
sp_Permalink sp_Print

Have removed all PUP's
Changed all passwords using 16 characters as you suggested.
Will do another scan per your suggestions.
passwords stored in a word doc not named password...move to a flash card?

Thanks Jim

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
5
April 29, 2016 - 12:10 pm
sp_Permalink sp_Print

No root kits per MBAM

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
6
April 29, 2016 - 6:01 pm
sp_Permalink sp_Print sp_EditHistory

Never keep an open list of passwords stored on the computer. One thing I forgot to mention - do not use the same password for different accounts, use a different password for each account.

Either use a password manager, where all passwords are encrypted and protected by a master password. Or, if the computer is in a safe environment, that is at home as opposed to any work or shared situation, print out the list of passwords and keep a hard copy somewhere secure. Then move the digital list (word doc) over to external media (flash card would be fine) as a permanent record.

I do both, I use a password manager, which allows me to log-in to accounts automatically, and keep a book of passwords in a safe place.

Recommended password managers:

Roboform: http://www.roboform.com/how-it-works - free for up to 10 log-ins. Full version (more than 10 log-ins) costs $9.95us for the first year and $19.95us for each subsequent year - well worth the money.

Last Pass: https://lastpass.com/ - free edition more than adequate for one PC/device, Premium edition costs $12.00us per annum (scroll down to the bottom of the page for feature comparison).

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
7
April 30, 2016 - 12:00 am
sp_Permalink sp_Print

Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
8
April 30, 2016 - 12:01 am
sp_Permalink sp_Print

The accounts that were hacked had unique passwords.

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
9
April 30, 2016 - 1:17 am
sp_Permalink sp_Print sp_EditHistory

Accounts, plural? What other accounts were hacked?

I hate to suggest thus BUT, most likely scenario here is someone you know, or someone who might have had access to the computer at some time.

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
10
April 30, 2016 - 3:46 am
sp_Permalink sp_Print

2 diff PP accounts.
This happened while I was the only person in the house.

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
11
April 30, 2016 - 4:03 am
sp_Permalink sp_Print

What happened while you were the only person in the house Terry? That your PayPal accounts were hacked?

Your passwords could have been accessed and copied at any time prior to the illegal transactions. In fact, it would make sense for a perpetrator to wait for while, until a time when suspicion would not necessarily fall on them.

Don't get me wrong mate, this is all supposition on my part. Merely an educated guess based on the absence of any rootkit/malware or any other obvious explanation.

Avatar
dandl
Lexa, AR
Member
Forum Posts: 471
Member Since:
April 28, 2013
sp_UserOfflineSmall Offline
12
April 30, 2016 - 9:00 am
sp_Permalink sp_Print

carbonterry2 said

Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass

Sounds like the most likely scenario?

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
13
April 30, 2016 - 10:30 am
sp_Permalink sp_Print

PP says that the transactions came from my computer?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
14
April 30, 2016 - 11:32 am
sp_Permalink sp_Print sp_EditHistory

I don't understand how PayPal could say unequivocally that it was your computer. Even if logging the IP address, that still isn't proof positive that the computer was yours. Anyway, PayPal should be able to provide you with details of all the transactions.

If these transactions did come from your computer, a confirmation email would have been immediately forwarded to the email address associated with your account. Did you receive any confirmation emails?

Have you responded to any emails from PayPal recently (prior to the illegal transactions) which asked you to "verify" or "update" your account details, or similar?

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
15
April 30, 2016 - 7:11 pm
sp_Permalink sp_Print

Six, OK seven, things that immediately come to mind...

1. PayPal should be able to provide the dates/times/IP addresses that have accessed the account. I would ask for that immediately. From there you can determine anything that looks out of the ordinary.

2. Find out if PayPal can, or will, recover any of the money!

3. Move any additional funds to your bank account and only keep enough in PP to handle any transactions.

4. LastPass was breached last year. If you did not change your password and/or hint there may be a chance that information was accessed, especially if you had an easy/insecure master password/account login. http://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/

5. Immediately change the passwords for other financial accounts and LastPass - use STRONG passwords.

6. Do a full scan with your (updated) AV software. Then scan it again with several of the online scanners from the major players (I'll add links below). Note that some won't be able to run from FF or Chrome.

7. If there is any sign of infection nuke the computer with extreme prejudice - and by nuke I mean wipe it and start from scratch.

http://www.eset.com/us/online-scanner/
http://www.bitdefender.com/scanner/online/free.html
http://www.pandasecurity.com/usa/support/tools_homeusers.htm
https://security.symantec.com/nbrt/npe.aspx

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
9 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1273

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet