First Trojan, then bank fraud - am I rid of Trojan for sure?

Discussion in 'malware problems & news' started by silverfox99, Jul 20, 2009.

Thread Status:
Not open for further replies.
  1. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    About 4 weeks ago, the MS Malicious Software Tool (June Edition) picked up a Trojan (Trojan:Win32/Alureon!inf) on my Laptop (running Windows Vista & NIS09). See my original post here:

    https://www.wilderssecurity.com/showthread.php?t=244888&highlight=Microsoft+malicious+tool

    With the help of some forum members I got rid of the infection. NIS09 never seemed to pick it up. MS tool did the removal which was confirmed by Malware Bytes, SuperAntiSpy and a few online scanners.

    However I have just been the victim of bank fraud where about £300 was taken from my account, the transaction was done online ie someone, somehere got into my bank account online using my ID/login and password. My bank confirmed it was fraud, and asked me questions such as where do you access your bank account from eg work or home/both? what antivirus do you use? Do you use wireless connection? Have you ever answered an email asking you to 'click here to login'? Have you given anyone your passwords? etc etc.

    My internet banking access has now been closed and I'll have to re-apply for new logins and passwords etc. Will take a couple of weeks to sort out. Luckily the bank will give me back the £300.

    However...... am a bit worried about my laptop. Is it still infected? Has NIS09 missed a keylogger? Did Win32/Alureon!inf call out with my logins and passwords to anywhere else?

    I am thinking of reformatting my drive and reinstalling all my apps just to be 100% sure am rid of any Trojans. Also not sure about NIS09. I think I'd like to add another couple of apps to beef up the security?

    Any advice from you guys much appreciated! A bit scary when people start dipping into your bank account........
     
  2. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
    http://www.qfxsoftware.com/Download.htm
    Start using Keyscrambler ;)

    It's strange that NIS09 was completely silent about that keylogger.
    I think that keylogger/trojan sent out your credit card details. Keyscrambler is really good protection agains them.
    You might ask Symantec to check your computer, as they missed one trojan that did damage on your credit card. There is identity safe protection available on IE (With NIS09) You might try that ;)
     
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    try out the lastpass addon for FF, it works quite well
     
  4. thathagat

    thathagat Guest

    well .....the trojan details are a pointer to what you went through and why...."Win32/Alureon is mostly a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon family may also allow an attacker to transmit malicious data to the infected computer. Alureon may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer."

    and don't forget to change all your passwords....
     
    Last edited by a moderator: Jul 20, 2009
  5. sbwhiteman

    sbwhiteman Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    63
    Personally, I'd be tempted to format and reinstall Windows.

    If you go that route, don't forget to do image backups both right after you've installed and updated Windows and also after you've installed your basic applications. Then if disaster ever strikes again you'll be able to go back to either of those points in a matter of minutes.

    I suggest the free version of Macrium Reflect (http://www.macrium.com/reflectfree.asp) for easy and reliable image backups.
     
  6. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    Wow sorry to hear of your misfortune, some people are just slime doing this kind of stuff to others but the Internet is full of them.
    My advice would definately be to format and reload the machine clean. I wouldn't trust it the way it is and you can never be sure there isn't anything else lurking in it not being reported.

    I agree with the reply that recommends making new drive images once the machine is reloaded for future recovery.

    As for the NIS, well that is up to you but if you look around there are quite a few good competing products that some would say are their first choices. I would add that whatever you choose for your security software that you keep a multi layer approach and don't depend only on one security product whatever brand it is. I personally use a seperate AV, Firewall and three seperate antispyware programs on my machine. Even still you can become infected if your not careful and keep them all updated daily.

    Good luck in recovering your money from the bank and here to hoping they catch those crooks.
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I also would definitely reinstall Windows, and have a couple of images ready for such situations, as mentioned by sbwhiteman

    Backing up is ultimately the the safest and quickest way to solve any problem. One thing to absolutely make sure once you test some imaging programs, is to restore an image straight away and see if it works. If you have no problems the first time, chances are that you'll be able to restore without any problems in the future. Another important piece of advice is to keep your images on a USB drive unplugged from your computer.

    Along with NIS I would also add either Sandboxie, Returnil, or Shadow Defender. With these programs any trojan would manage to survive until the next reboot or until you clear the sandbox.
     
    Last edited: Jul 21, 2009
  8. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Appreciate the advice guys, will look into apps mentioned and get a backup/image of clean install so next time will be easier. thanks.
     
  9. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    i'd also wipe the mbr during re-install
    certain banking trojans such as Sinowal/Mebroot stay present in MBR even after a normal format/reinstall
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    A normal format and reinstall of windows replaces MBR as i know.
     
  11. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would do a "zero write" (change all bits to "zero") to the hard drive, then format and re-install Windows. I think that most of the hard drive vendor's diagnostic boot disks have the "zero write" option. You can use Terabyte Unlimited's CopyWipe to do a "zero write" to the hard drive.
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've seen some cases where the Windows OS installer does not completely format the disk even if running a full upgrade. You'll want to use a dedicated product to wipe the disk clean, for instance: http://www.killdisk.com/ - the free version should be more than enough (as long as you boot from a CD/USB to clean it).

    A general rule of thumb would be: if the format process (not OS reinstallation, tho, I wish :D) takes less than 10 minutes, it isn't erasing the disk the way it should. You don't need more than one pass, but you do need one solid pass all the way through the disk - some infections leave remnants on one of the last sectors in the disk.
     
  13. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Thanks. Have used Killdisk on HD and reinstalled. Currently running with both NIS09 on defaults (will update to NIS2010 when released) and prevx realtime.

    Malware AntiMalware and SuperAntispyware installed for on-demand.

    Oh and I have also changed my bank account to another bank just to be sure if any info has leaked it will be no use to anyone. A hassle but worth it for peace of mind.

    Thanks to all for advice.
     
  14. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    then you know wrong
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok, any reference?
     
  16. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    Format, quick or otherwise, doesn't delete partition. Neither does it remove MBR.

    Format creates the file system for the partition.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, Infact from a complete format I mean to delete all partitions and then reinstall the OS.
     
Loading...
Thread Status:
Not open for further replies.