Any security/fraud experts on here?

[ParadigmDawg]

Like we don't have enough stuff going on around here...

So Saturday my Mother calls me and asks if I had changed my email address. I had not but I could no access it and when I sent a test email to it it said it had been permanently suspended secondary to SPAM emails sent. My sister also contacted me last week and said she was getting a lot of SPAM from me. So I figured it was hacked and since it said it was suspended, I would just leave it that way. It is a SBCGLOBAL account that I don't really use anyway.

So, I don't think anymore about it and then I pay my bills online this morning. This afternoon, I get a call from my bank stating there is suspicious activity use on my debit card. Charges from AR, MN and UT in the tune of $2,000, all online purchases.

I don't know how people gain this access and I have closed my cards but are they somehow accessing info from my computer? My bank statement did go to the email address that was hacked.

I run the MSE for protection on my CPU and on scan, it doesn't detect anything. Do I need to look at something else?

What else should I do?

 

[j_garcia]

Might be related, might not. If they got your password and that account was linked to your bank account or had emails from it, that might have given them a way into your account. Otherwise, they probably did get the info from your system. This isn't a virus most likely, if that's what it is, but a keylogger or some kind of trojan that dumped info from your system one time.

 

[ParadigmDawg]

Might be related, might not. If they got your password and that account was linked to your bank account or had emails from it, that might have given them a way into your account. Otherwise, they probably did get the info from your system. This isn't a virus most likely, if that's what it is, but a keylogger or some kind of trojan that dumped info from your system one time.

So I don't need to do anything with my CPU?

 

[jinjuku]

AV should catch key loggers. There is the potential that while almost simultaneous these two incidents aren't related. Additionally run Mal-Ware Bytes and also configure your machine to run OpenDNS servers for name resolution.

Oh, and stop hitting those porn sites

 

[its phillip]

I would assume it was a keylogger of some sort that got your email password. Your card could have been compromised that way as well, but it could have also been compromised by an online store with poor security or even have been cloned at a gas station or restaurant.

I would try running malwarebytes antimalware like jinjuku said. I'd also change all my passwords from a different computer and try to avoid using my computer unless I knew it was secure.

Here's a link for malwarebytes:
Malwarebytes Anti-Malware - CNET Download.com

You can also try these online scanners:
Free Online Virus Scan - Antivirus Software - Trend Micro USA
Free Online Virus Scanner | ESET

 

[jinjuku]

Also use a password manager. I use LastPass and love it. The thing with something like LastPass: It doesn't go through the keyboard buffer. So it can't be key-logged.

I like the ability to use the password generator so I never use the same password twice.

 

[its phillip]

Yeah, a password manager is a great idea. I use keepass.

 

[avnetguy]

Only tip I have, don't send/receive anything secure over email. No financial places I deal with (bank, credit cards, etc) have my email address.

Steve

 

[its phillip]

You get paper documents? ew

 

[avnetguy]

You get paper documents? ew

When ever possible no, I login to the account.
email is least secure transport known and a very common point of attack. Most people I know don't even use the secure ports for email.

Steve

 

[ParadigmDawg]

The "Anti-Malware program shows 41 "things" detected. I hit the "remove button after I saved this log. Does anything look bad on here?

Memory Processes Detected: 0
(No malicious items detected)


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 19
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> No action taken.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.


Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> No action taken.


Registry Data Items Detected: 0
(No malicious items detected)


Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.
C:\Users\\AppData\Local\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\Greg\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.


Files Detected: 16
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> No action taken.
C:\Users\GppData\Local\Temp\903201297.Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.
C:\Users\G\AppData\Local\Temp\is1438683437\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\G\AppData\Roaming\ldr.ini (Malware.Trace) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> No action taken.
C:\Users\G\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.
C:\Users\Gr\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.

 

[ParadigmDawg]

AV should catch key loggers. There is the potential that while almost simultaneous these two incidents aren't related. Additionally run Mal-Ware Bytes and also configure your machine to run OpenDNS servers for name resolution.

Oh, and stop hitting those porn sites

Remember, I need 3rd grade level help when it comes to computers. What does this mean? "OpenDNS servers for name resolution"

 

[Adam]

$2000, huh? So, what did your wife buy?

 

[ParadigmDawg]

$2000, huh? So, what did your wife buy?

Condoms I think.

Purchases were from Wall-Mart, Best Buy and some place called ZAGG in Salt Lake City.

 

[Adam]

Condoms I think.

Reminds me of a saying that my religious buddy told me relating that to eating steak with a balloon on your tongue. Whatever. I'm jealous.

My previous e-mail got hacked, and they were using it to spam people. You know when you read advice to never respond to spam mail - well, some folks don't pay attention to that. That's what clued me in. "Who are you?" Ummm, who are YOU?

 

[hizzaah]

Condoms I think.

Purchases were from Wall-Mart, Best Buy and some place called ZAGG in Salt Lake City.

FYI, ZAGG makes screen protectors.. Invisible Shield I believe..

Reminds me of a saying that my religious buddy told me relating that to eating steak with a balloon on your tongue. Whatever. I'm jealous.

My previous e-mail got hacked, and they were using it to spam people. You know when you read advice to never respond to spam mail - well, some folks don't pay attention to that. That's what clued me in. "Who are you?" Ummm, who are YOU?

I had an email account that started sending spam to people in my contact list.. There ended up being a new entry in my contact list that I didn't know. Once I deleted it, the spam emails stopped. Not sure how that worked, but it did..

 

[BoredSysAdmin]

Remember, I need 3rd grade level help when it comes to computers. What does this mean? "OpenDNS servers for name resolution"

OpenDNS - Parental Controls

The free option could give possibly slightly faster internet access, but you might as well use free google dns servers - 8.8.8.8 and 8.8.4.4
The benefit of OpenDNS really lies with their subscriptions which could help you browse internet more safely.

In general there is only one (mostly) safe way to secure potentially compromised computer - Full wipe. If windows compromised - running A/V checkers is already too late.
Really nasty stuff could even modify PC permanently and even full wipe won't help

One option before full wipe is to do scan with Kaspersky Rescue Disk -https://support.kaspersky.com/4162 - download the ISO and burn it to cd. Boot the PC from the disk and update the database and run full scan. It will take a while, but it's worth the wait.

I highly recommend to get a Google Chromebook and hard limit your online banking/trading only to this device.
Chromebooks: Overview

 

[ParadigmDawg]

The "Anti-Malware program shows 41 "things" detected. I hit the "remove button after I saved this log. Does anything look bad on here?

Memory Processes Detected: 0
(No malicious items detected)


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 19
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> No action taken.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.


Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> No action taken.


Registry Data Items Detected: 0
(No malicious items detected)


Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.
C:\Users\\AppData\Local\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\Greg\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.


Files Detected: 16
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> No action taken.
C:\Users\GppData\Local\Temp\903201297.Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.
C:\Users\G\AppData\Local\Temp\is1438683437\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\G\AppData\Roaming\ldr.ini (Malware.Trace) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> No action taken.
C:\Users\G\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.
C:\Users\Gr\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.

Any thoughts on this stuff that was 'found"?

 

[psbfan9]

Any thoughts on this stuff that was 'found"?

Okay, condoms and screen protectors? This person has a need to cover or hide things. Maybe a sheepskin fetish.

Looks like you download games. Downloadable games are known for being infected with all kinds of nasty stuff like the ones that have already been mentioned; malware, keyloggers, trojans, (again with the condoms?) and virus's.

I'll defer to the experts, but looking at the screen shot you posted, that may be it.

 

[lsiberian]

sbcglobal.net accounts are basically a hackers playground. Your account was probably hacked without the use of your own PC. I had one for over a decade that got hacked a few years back and it sucks. My recommendation is that you not have sensitive information emailed to you. Email is not a secure communication medium.

http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf

The article above tells you the precise legal steps you need to take to clean up your credit. I'm sure you already contacted the Credit Card company to inform them of the fraud. No computer is 100 percent secure and no anti virus will detect the newest viruses. If you are looking for a new email provider check out gmail.