First Trojan, then bank fraud - am I rid of Trojan for sure?

About 4 weeks ago, the MS Malicious Software Tool (June Edition) picked up a Trojan (Trojan:Win32/Alureon!inf) on my Laptop (running Windows Vista & NIS09). See my original post here:

https://www.wilderssecurity.com/showthread.php?t=244888&highlight=Microsoft+malicious+tool

With the help of some forum members I got rid of the infection. NIS09 never seemed to pick it up. MS tool did the removal which was confirmed by Malware Bytes, SuperAntiSpy and a few online scanners.

However I have just been the victim of bank fraud where about £300 was taken from my account, the transaction was done online ie someone, somehere got into my bank account online using my ID/login and password. My bank confirmed it was fraud, and asked me questions such as where do you access your bank account from eg work or home/both? what antivirus do you use? Do you use wireless connection? Have you ever answered an email asking you to 'click here to login'? Have you given anyone your passwords? etc etc.

My internet banking access has now been closed and I'll have to re-apply for new logins and passwords etc. Will take a couple of weeks to sort out. Luckily the bank will give me back the £300.

However...... am a bit worried about my laptop. Is it still infected? Has NIS09 missed a keylogger? Did Win32/Alureon!inf call out with my logins and passwords to anywhere else?

I am thinking of reformatting my drive and reinstalling all my apps just to be 100% sure am rid of any Trojans. Also not sure about NIS09. I think I'd like to add another couple of apps to beef up the security?

Any advice from you guys much appreciated! A bit scary when people start dipping into your bank account........

 

http://www.qfxsoftware.com/Download.htm
Start using Keyscrambler

It's strange that NIS09 was completely silent about that keylogger.
I think that keylogger/trojan sent out your credit card details. Keyscrambler is really good protection agains them.
You might ask Symantec to check your computer, as they missed one trojan that did damage on your credit card. There is identity safe protection available on IE (With NIS09) You might try that

 

try out the lastpass addon for FF, it works quite well

 

well .....the trojan details are a pointer to what you went through and why...."Win32/Alureon is mostly a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon family may also allow an attacker to transmit malicious data to the infected computer. Alureon may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer."

and don't forget to change all your passwords....

 

Personally, I'd be tempted to format and reinstall Windows.

If you go that route, don't forget to do image backups both right after you've installed and updated Windows and also after you've installed your basic applications. Then if disaster ever strikes again you'll be able to go back to either of those points in a matter of minutes.

I suggest the free version of Macrium Reflect (http://www.macrium.com/reflectfree.asp) for easy and reliable image backups.

 

Wow sorry to hear of your misfortune, some people are just slime doing this kind of stuff to others but the Internet is full of them.
My advice would definately be to format and reload the machine clean. I wouldn't trust it the way it is and you can never be sure there isn't anything else lurking in it not being reported.

I agree with the reply that recommends making new drive images once the machine is reloaded for future recovery.

As for the NIS, well that is up to you but if you look around there are quite a few good competing products that some would say are their first choices. I would add that whatever you choose for your security software that you keep a multi layer approach and don't depend only on one security product whatever brand it is. I personally use a seperate AV, Firewall and three seperate antispyware programs on my machine. Even still you can become infected if your not careful and keep them all updated daily.

Good luck in recovering your money from the bank and here to hoping they catch those crooks.

 

I also would definitely reinstall Windows, and have a couple of images ready for such situations, as mentioned by sbwhiteman

Backing up is ultimately the the safest and quickest way to solve any problem. One thing to absolutely make sure once you test some imaging programs, is to restore an image straight away and see if it works. If you have no problems the first time, chances are that you'll be able to restore without any problems in the future. Another important piece of advice is to keep your images on a USB drive unplugged from your computer.

Along with NIS I would also add either Sandboxie, Returnil, or Shadow Defender. With these programs any trojan would manage to survive until the next reboot or until you clear the sandbox.

 

Appreciate the advice guys, will look into apps mentioned and get a backup/image of clean install so next time will be easier. thanks.

 

i'd also wipe the mbr during re-install
certain banking trojans such as Sinowal/Mebroot stay present in MBR even after a normal format/reinstall

 

A normal format and reinstall of windows replaces MBR as i know.

 

I would do a "zero write" (change all bits to "zero") to the hard drive, then format and re-install Windows. I think that most of the hard drive vendor's diagnostic boot disks have the "zero write" option. You can use Terabyte Unlimited's CopyWipe to do a "zero write" to the hard drive.

 

I've seen some cases where the Windows OS installer does not completely format the disk even if running a full upgrade. You'll want to use a dedicated product to wipe the disk clean, for instance: http://www.killdisk.com/ - the free version should be more than enough (as long as you boot from a CD/USB to clean it).

A general rule of thumb would be: if the format process (not OS reinstallation, tho, I wish ) takes less than 10 minutes, it isn't erasing the disk the way it should. You don't need more than one pass, but you do need one solid pass all the way through the disk - some infections leave remnants on one of the last sectors in the disk.

 

Thanks. Have used Killdisk on HD and reinstalled. Currently running with both NIS09 on defaults (will update to NIS2010 when released) and prevx realtime.

Malware AntiMalware and SuperAntispyware installed for on-demand.

Oh and I have also changed my bank account to another bank just to be sure if any info has leaked it will be no use to anyone. A hassle but worth it for peace of mind.

Thanks to all for advice.

 

then you know wrong

 

Ok, any reference?

 

Format, quick or otherwise, doesn't delete partition. Neither does it remove MBR.

Format creates the file system for the partition.

 

Yes, Infact from a complete format I mean to delete all partitions and then reinstall the OS.