Seems I 'may' be infected

Discussion in 'privacy problems' started by Huwge, Feb 8, 2006.

Thread Status:
Not open for further replies.
  1. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    I found out today that my credit card has been used for fraudulently.

    This card never leaves the house and is only used online (mostly at reputable sites like Amazon)

    Discounting the possibility that someone working at one of the places I buy from has used my card details or passed them on the only other explanation as far as I can figure is that I'm infected:mad:

    NOD32 Doesnt pick up anything. Same with Ewdio Online scan Adaware and MSAS.

    I run NOD32 and Netveda Firewall.

    I have looked at the processes and can see nothing strange (not that I'm any sort of expert)
    I dont surf 'dodgy' sites.

    The transactions have only taken place in the last three weeks.

    So..........


    1. Will an earlier System Restore Point remedy the situation?

    2. If no to the above will the Revcovery DVD (puts the machine back to the state it was in when I bought it) do the trick ?

    3. Are there any other online scans recommended that I've missed ?

    4. Where is the best place to post a HJT log to receive some attention ?


    PS I just tried TrendMicro Online Scan and it comes back with two 'greyware' infections....TRAK_SE.77236 and TRAK_SE>77235. Any ideas?

    Thanks in advance
     
    Last edited: Feb 8, 2006
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    You could try Gladiator Security Forums.
     
  3. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Although it certainly is possible that you've been infected (try some rootkit scanners and an Ewido scan, to be sure), it's also very possible that someone broke into the database of one of the merchants you shop with or even your bank. These things are quite common, so I wouldn't limit the list of suspects.
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    your system is clean Huwge by the look of your hjt log @ gladiator.
     
  6. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Thanks a lot for the fast reply Infinity. The transactions have only taken place in the last few weeks. Debating whether a Restore point in November would be sufficent. As I said, all scans come up clean apart from Trend which only finds an Adware reference. For my Card details to have been taken I assume that it would have to be a keylogger or trojan. NOD has been running on the machine from day one and Netveda from day two.

    Any other suggestions greatfully received. I have the replacement card now from the bank. I need to use it for EQ2 and WoW. Any other scans or software I can try to confirm all is clean ?
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Huwge, you're HJT log is clean. If you want to be absolutely sure then go ahead and use the "respawn" disk or scan your drive from a boot disk or on another system, but it is far more likely that your information was obtained from someone else's computer. Database compromises often go unreported, but is a lot more common then they'd like you to think. Any time you make a transaction, your details go through a lot of different computers, any one of them could have been compromised. You may have even been included in one of the Visa database compromises that were recently on the news.

    It's a difficult thing to go through, having your details stolen, and anyone in your position is likely to feel the need to take control of the situation, but this isn't what you need to be focusing on. I would contact the authorities, your financial institution, and the merchants that your card was fraudulently used with. They are the ones that can actually help you.
     
  8. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Are you sure someone else in your house, like say one of your kids didn't steal it and order things online? Happened to me before, one of the kids stole the number and purchased online game servers etc.
     
  9. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Definately not the kids or wife. Card was used for coach and plane tickets. Besides my kids are are only very young.....
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Of course the fact that your card was used for travel means it will be easier for them to track down the person that did it ;)
     
  11. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    How about running Rootkitrevealer just in case? HJT logs wouldn't show the presence of a rootkit by definition.

    http://www.sysinternals.com/Utilities/RootkitRevealer.html

    And of course, have you used the card to pay for anything over the phone? That's another way that your details could have been obtained. Like others here, I'd be more inclined to believe that the card details were snaffled by someone working at one of the establishments that you used your card to pay for goods or services, or possibly a data/security breach of one of their computer systems.
     
    Last edited: Feb 10, 2006
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    My dad's credit card was once used without his consent. He used it for online purchases, but the illegal usage was totally computer-unrelated. Therefore, it is possible that your card was billed by someone with access to your credit card number, and this can be a number of places you shop, or even services you pay by phone.
    Mrk
     
  13. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have been through 3 cards in a short period of time. The first time was 500 and I don't know how they got it. The second was 6600 dollars . The last time it was caught before any damage. I hasn't cost me anything. One time my bank called and said someone had gotten some numbers. I have found out that it is real easy to get. I check my Visa account daily to make sure all entries are mine.
     
  14. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Could have been cloned in a shop when you handed it over.
     
  15. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Thanks for all the replies. i have bitten the bullet and reformatted
     
  16. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    My dad had his credit card cloned at a gas station...
     
  17. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i got this email through about a credit card scam that is doing the rounds (in the uk at least). i dont know if its an old scam, but i only got the email this week. maybe something like this happened...


    The following from Suffolk Police:

    One of our employees was called on Wednesday from "VISA", and I was
    called on Thursday from "MasterCard". Note, the callers do not ask for
    your card number; they already have it.

    The scam works like this: Person calling says, "This is (name), and I'm
    calling from the Security and Fraud Department at VISA. My Badge number
    is 12460. Your card has been flagged for an unusual purchase pattern,
    and I'm calling to verify. This would be on your VISA card that was
    issued by (name of bank). Did you purchase an Anti-Telemarketing Device
    for £249.99 from a Marketing company based in (name of any town or
    city)?" When you say "No" the caller continues with, "Then we will be
    issuing a credit to your account. This is a company we have been
    watching and the charges range

    from £150 to £249, just under the £250 purchase pattern that flags most
    cards.

    Before your next statement, the credit will be sent to (gives you your
    address), is that correct?" You say "yes". The caller continues - "I
    will be starting a Fraud investigation. If you have any questions, you
    should call the 0800 number listed on the back of your card and ask for
    Security. You will need to refer to this Control Number. The caller then
    gives you a 6 digit number. " Do you need me to read it again?"

    Here's the IMPORTANT part on how the scam works. The caller then says,
    "I need to verify you are in possession of your card". He'll ask you to
    "turn your card over and look for some numbers". There are 7 numbers;
    the first 4 are part of your card number, the next 3 are the security
    Numbers that verify you are the possessor of the card. These are the
    numbers you sometimes use to make Internet purchases to prove you have
    the card. The caller will ask you to read the 3 numbers to them. After
    you tell the caller the 3 numbers, he'll say, "That is correct, I just
    needed to verify that the card has not been lost or stolen, and that you
    still have your card. Do you have any other questions?" After you say
    No, the caller then thanks you and states, "Don't hesitate to call back;
    if you do....", and hangs up.

    You actually say very little, and they never ask for or tell you the
    Card number. But after we were called on Wednesday, we called back
    within 20 minutes to ask a question. Are we glad we did! The REAL VISA
    Security Department told us it was a scam and in the last 15 minutes a
    new purchase of £249.99 was charged to our card. Long story made short -
    we made a real fraud report and closed the VISA account. VISA is
    reissuing us a new number. What the scammers want is the 3-digit PIN
    number on the back of the card. Don't give it to them.


    Instead, tell them you'll call VISA or Master card directly for
    verification of their conversation. The real VISA told us that they will
    never ask for anything on the card as they already know the information
    since they issued the card! If you give the scammers your 3 Digit PIN
    you think you're receiving a credit. However, by the time you get your
    statement you'll see charges for purchases you didn't make, and by then
    it's almost to late and/or more difficult to actually file a fraud
    report.

    What makes this more remarkable is that on Thursday, I got a call from a
    "Jason Richardson of MasterCard " with a word-for-word repeat of the
    VISA scam. This time I didn't let him finish. I hung up! We filed a
    police report, as instructed by VISA. The police said they are taking
    several of these reports daily! They also urged us to tell everybody we
    know that this scam is happening.
     
  18. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    I had one of my credit cards (visa) used last year for $170 US to Yahoo in Canada. Interestingly, that particular card had NEVER been used before, and CERTAINLY NEVER been used for any online purchase. CC company investigated and found in my favour, and reinstated the funds. Had me worried for a time though. They never really offered an explanation either. My guess was someone somewhere punched a wrong number?? Of course this was one transaction only.....it would be a serious concern if it were two or three transactions. I don't deal with that company any more, as I asked for a possible explanation, and they failed to reply....
     
Loading...
Thread Status:
Not open for further replies.