Need advice - accounts hacked

I currently run nod32 v3 on both my laptop and desktop and followed the instructions here on how to set it up

This week, my gmail account was hacked, and my paypal about 4 days later.

I am guessing I have some sort of keylogger,

Does anyone have any recommendations on what other software I can run? If nod32 did not pick up anything? I also ran malwarebytes and came up totally cleaned.

Thanks

 

try help from volunteer sites
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

or ask Eset help
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219

were you able to change passwords for the 2 hacked accounts (preferably from some other comp until yours are certified clean)

 

I suggest to format and not try to clean the system. Keep in mind that you should not format if you intend to investigate the data theft and/or ask the help of your local authorities for digital crime.

You should not trust again the system if you don't format the boot hdd and check very carefully all your external storage devices and your other internal hdds.

 

Thanks for advice, my laptop was recently reformatted when i installed windows 7 about 2-3 weeks ago, so i doubt it is that machine but who knows.

I really hate to reformat unless I have no choice, I just want to know which machine really was infilitrated

I will check out those links posted

 

I guess there is a reason your sticking to V3 but V4 has better detection or so I'm told.

 

I just have not upgraded yet on my main desktop.

I did for my laptop since it was a reinstall

I originally made a mistake in my first post, i thought i had v3 on both but when i went to check i must have downloaded the latest version

 

well i upgraded to nod 32 v4 on my desktop and ran all sorts of online security including gmer to make sure i don't have any rootkits

both my laptop which I knew would be clean, and my desktop is

The odd thing is i have not logged into my paypal account in 2 months, i am wondering if my work machine is infected, i know it has symantec and is up to date but who knows, i think that is where i logged in paypal. Luckily paypal is going to reverse the charges to nexon american they did 2 payments of $30 each to nexon

and my gmail account was used to send spam

i already changed my passwords

 

Hi Tannor,

When you decide to reformat (I also think it is probably the best thing to do for your peace of mind) my suggestion is to install something like Shadow Defender, Returnil, DeepFreeze, which will run quickly and easily virtual sessions. Rebooting the system with any of these applications will make sure that any nasty that might have made it onto your system will be deleted. It is however imperative to install such programs on clean systems, and to use them with any web activity.

 

Maybe it's nothing to do with your computer.

Check these links:

http://www.makeuseof.com/tag/check-if-your-gmail-is-hacked-with-activity-monitor/

http://www.google.com/support/forum/p/gmail/thread?tid=66c56da9fbf74f9b&hl=en

http://www.labnol.org/internet/gmail-and-google-apps-hacked/11799/

 

If your work PC turns out to be infected, that might make me feel better that it's not your home PCs.

Keep in mind that NO AV/Antispyware is perfect. Eset, Symantec, you name it. They may all provide very good protection but that cannot detect it all. At work, we use a standard AV on each PC but they are preceded by a firewall based intrusion protection package that includes malware, content and website filtering. And above and beyond that, email is filtered by Postini. And sometimes I still wonder if that is enough!

Anyway, I agree that you should consider using something else to supplement your AV @ home. Osaban's suggestion of running full operating system virtual environments is absolutely helpful but they weren't for me. I didn't like the idea of needing to reboot every time I needed to exit the virtual environment.

I prefer something like Sandboxie or DefenseWall. They take about 2 to 3 minutes to install (and this counts the one time needed reboot) and from that point on, you have very strong protection. I'm using Sandboxie right now and when I close my Firefox session today, everything in it gets closed/dumped.

I recently set up a middle aged friend with his first PC. He knows nothing about this stuff and I was confident he would run into something like the fake AV nasties pretty quick. Sure enough, within the first 2 hours he called and asked what the pop-up meant on his screen. I told him it was fake and had him close the sandbox. After he closed Sandboxie, the fake AV was gone and his PC remained clean. If he had only relied on his real AV, I'm not as sure he could have escaped safely.

 

I am starting to think it has nothing to do with it

I ran wireshark on all 3 pc's, my work, laptop, and desktop since yesterday and looked at protocols like ftp and email, because I went on some hacking forums to see how they set up these keyloggers, and they use either email or ftp to send the info back.

They also talked about how they get around av's by writing their own keyloggers using vb6..but it not perfect


So far I have not seen any pc make a call using any of the above methods.


It just so weird how my paypal and gmail account got hacked in same week and using different email and password.

 

Thanks, I've been using Gmail for ages, and it's certainly useful to know if the account has been accessed by other computers.

 

I have since reformatted and installed Windows 7 64 bit on main desktop.

I went with Avast this time because NOD32 is making my machine so sluggish


I left my laptop alone since that is a new install only two weeks in, and I know I have never logged onto paypal on that system, so it could not have come from there.