Seems I 'may' be infected

I found out today that my credit card has been used for fraudulently.

This card never leaves the house and is only used online (mostly at reputable sites like Amazon)

Discounting the possibility that someone working at one of the places I buy from has used my card details or passed them on the only other explanation as far as I can figure is that I'm infected

NOD32 Doesnt pick up anything. Same with Ewdio Online scan Adaware and MSAS.

I run NOD32 and Netveda Firewall.

I have looked at the processes and can see nothing strange (not that I'm any sort of expert)
I dont surf 'dodgy' sites.

The transactions have only taken place in the last three weeks.

So..........


1. Will an earlier System Restore Point remedy the situation?

2. If no to the above will the Revcovery DVD (puts the machine back to the state it was in when I bought it) do the trick ?

3. Are there any other online scans recommended that I've missed ?

4. Where is the best place to post a HJT log to receive some attention ?


PS I just tried TrendMicro Online Scan and it comes back with two 'greyware' infections....TRAK_SE.77236 and TRAK_SE>77235. Any ideas?

Thanks in advance

 

Hi Huwge,

I'm sure you immediately contacted your credit card company of your findings, yes ?


Here, what to do after an ID Theft...

http://credit.about.com/library/howto/htid_loss.htm


http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm


And online shopping tips:

http://www.bbbonline.org/OnlineShopTips/


I very much hope some of the infos are helpful to you ~
and Good Luck !!

 

Although it certainly is possible that you've been infected (try some rootkit scanners and an Ewido scan, to be sure), it's also very possible that someone broke into the database of one of the merchants you shop with or even your bank. These things are quite common, so I wouldn't limit the list of suspects.

 

your system is clean Huwge by the look of your hjt log @ gladiator.

 

Thanks a lot for the fast reply Infinity. The transactions have only taken place in the last few weeks. Debating whether a Restore point in November would be sufficent. As I said, all scans come up clean apart from Trend which only finds an Adware reference. For my Card details to have been taken I assume that it would have to be a keylogger or trojan. NOD has been running on the machine from day one and Netveda from day two.

Any other suggestions greatfully received. I have the replacement card now from the bank. I need to use it for EQ2 and WoW. Any other scans or software I can try to confirm all is clean ?

 

Huwge, you're HJT log is clean. If you want to be absolutely sure then go ahead and use the "respawn" disk or scan your drive from a boot disk or on another system, but it is far more likely that your information was obtained from someone else's computer. Database compromises often go unreported, but is a lot more common then they'd like you to think. Any time you make a transaction, your details go through a lot of different computers, any one of them could have been compromised. You may have even been included in one of the Visa database compromises that were recently on the news.

It's a difficult thing to go through, having your details stolen, and anyone in your position is likely to feel the need to take control of the situation, but this isn't what you need to be focusing on. I would contact the authorities, your financial institution, and the merchants that your card was fraudulently used with. They are the ones that can actually help you.

 

Are you sure someone else in your house, like say one of your kids didn't steal it and order things online? Happened to me before, one of the kids stole the number and purchased online game servers etc.

 

Definately not the kids or wife. Card was used for coach and plane tickets. Besides my kids are are only very young.....

 

Of course the fact that your card was used for travel means it will be easier for them to track down the person that did it

 

How about running Rootkitrevealer just in case? HJT logs wouldn't show the presence of a rootkit by definition.

http://www.sysinternals.com/Utilities/RootkitRevealer.html

And of course, have you used the card to pay for anything over the phone? That's another way that your details could have been obtained. Like others here, I'd be more inclined to believe that the card details were snaffled by someone working at one of the establishments that you used your card to pay for goods or services, or possibly a data/security breach of one of their computer systems.

 

Hi,
My dad's credit card was once used without his consent. He used it for online purchases, but the illegal usage was totally computer-unrelated. Therefore, it is possible that your card was billed by someone with access to your credit card number, and this can be a number of places you shop, or even services you pay by phone.
Mrk

 

I have been through 3 cards in a short period of time. The first time was 500 and I don't know how they got it. The second was 6600 dollars . The last time it was caught before any damage. I hasn't cost me anything. One time my bank called and said someone had gotten some numbers. I have found out that it is real easy to get. I check my Visa account daily to make sure all entries are mine.

 

Could have been cloned in a shop when you handed it over.

 

Thanks for all the replies. i have bitten the bullet and reformatted

 

My dad had his credit card cloned at a gas station...

 

i got this email through about a credit card scam that is doing the rounds (in the uk at least). i dont know if its an old scam, but i only got the email this week. maybe something like this happened...


The following from Suffolk Police:

One of our employees was called on Wednesday from "VISA", and I was
called on Thursday from "MasterCard". Note, the callers do not ask for
your card number; they already have it.

The scam works like this: Person calling says, "This is (name), and I'm
calling from the Security and Fraud Department at VISA. My Badge number
is 12460. Your card has been flagged for an unusual purchase pattern,
and I'm calling to verify. This would be on your VISA card that was
issued by (name of bank). Did you purchase an Anti-Telemarketing Device
for £249.99 from a Marketing company based in (name of any town or
city)?" When you say "No" the caller continues with, "Then we will be
issuing a credit to your account. This is a company we have been
watching and the charges range

from £150 to £249, just under the £250 purchase pattern that flags most
cards.

Before your next statement, the credit will be sent to (gives you your
address), is that correct?" You say "yes". The caller continues - "I
will be starting a Fraud investigation. If you have any questions, you
should call the 0800 number listed on the back of your card and ask for
Security. You will need to refer to this Control Number. The caller then
gives you a 6 digit number. " Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works. The caller then says,
"I need to verify you are in possession of your card". He'll ask you to
"turn your card over and look for some numbers". There are 7 numbers;
the first 4 are part of your card number, the next 3 are the security
Numbers that verify you are the possessor of the card. These are the
numbers you sometimes use to make Internet purchases to prove you have
the card. The caller will ask you to read the 3 numbers to them. After
you tell the caller the 3 numbers, he'll say, "That is correct, I just
needed to verify that the card has not been lost or stolen, and that you
still have your card. Do you have any other questions?" After you say
No, the caller then thanks you and states, "Don't hesitate to call back;
if you do....", and hangs up.

You actually say very little, and they never ask for or tell you the
Card number. But after we were called on Wednesday, we called back
within 20 minutes to ask a question. Are we glad we did! The REAL VISA
Security Department told us it was a scam and in the last 15 minutes a
new purchase of £249.99 was charged to our card. Long story made short -
we made a real fraud report and closed the VISA account. VISA is
reissuing us a new number. What the scammers want is the 3-digit PIN
number on the back of the card. Don't give it to them.


Instead, tell them you'll call VISA or Master card directly for
verification of their conversation. The real VISA told us that they will
never ask for anything on the card as they already know the information
since they issued the card! If you give the scammers your 3 Digit PIN
you think you're receiving a credit. However, by the time you get your
statement you'll see charges for purchases you didn't make, and by then
it's almost to late and/or more difficult to actually file a fraud
report.

What makes this more remarkable is that on Thursday, I got a call from a
"Jason Richardson of MasterCard " with a word-for-word repeat of the
VISA scam. This time I didn't let him finish. I hung up! We filed a
police report, as instructed by VISA. The police said they are taking
several of these reports daily! They also urged us to tell everybody we
know that this scam is happening.

 

I had one of my credit cards (visa) used last year for $170 US to Yahoo in Canada. Interestingly, that particular card had NEVER been used before, and CERTAINLY NEVER been used for any online purchase. CC company investigated and found in my favour, and reinstated the funds. Had me worried for a time though. They never really offered an explanation either. My guess was someone somewhere punched a wrong number?? Of course this was one transaction only.....it would be a serious concern if it were two or three transactions. I don't deal with that company any more, as I asked for a possible explanation, and they failed to reply....