Sign in with
Sign up | Sign in
Your question
Closed

Bank account hacked, advice please?

Tags:
  • Security
  • Trojan
  • Computers
  • Hacked
  • Antivirus
  • Windows 7
Last response: in Windows 7
Share
January 16, 2012 8:43:25 PM

So recently my bank account got hacked in to. The theft managed to either physically clone my card or I have a virus/trojan on my computer. I have pretty much ruled out a physical cloning, so I want to check my computer to see if its infected. I already have some anti virus and it came up with nothing, but I read a few articles about a new Trojan floating around and wondered if I could check for this. I get the impression that anti-virus company's are always playing catch up with the latest virus/trojan etc.

So would anyone be able to recommend to me a way to scan my PC better or give me advice on what to do in this situation short of a complete reformat to be safe.

Thanks in advance,

Will

More about : bank account hacked advice

January 16, 2012 8:53:23 PM

Also I read a couple of the stickies, I'm not being ignorant, I would just quite like a recommendation and a bit of advice!
January 16, 2012 9:12:43 PM

Back up the system, reformat, and scan in 6 months when the AV companies have figured out how to detect the virus. Also, freeze the accounts.
Related resources
January 16, 2012 9:16:30 PM

Well for starters, I can't just 'freeze' my bank account... As for reformatting, I just wanted to know if there was any other options...
a b 8 Security
a b $ Windows 7
January 16, 2012 9:18:07 PM

Hello Will172;

The best way to scan is to use a bootable CD or USB thumb drive.
That way you avoid running your (possibly infected) installed OS. Some of the nastier rootkit packages can defend themselves and hide from the most popular AV/Malware products.
January 16, 2012 9:23:21 PM

Okay, I will give that a go, and report back with any findings.
January 16, 2012 9:36:07 PM

Use a bootable CD, the virus could infect the USB drive.
January 16, 2012 9:37:10 PM

Hay only use 1 antivirus + spyware in ur system 2 or more slowdown system ,try superantispyware its fiee instal and do ful scan it detect many virus then delete al virus ,it slow down system so after 2 days uninstal that iam recomend avg free antivirus for u
a b 8 Security
a b $ Windows 7
January 16, 2012 9:40:19 PM

fb39ca4 said:
the virus could infect the USB drive.
only if the Win7 OS is also running
January 16, 2012 9:45:08 PM

Okay so at the moment I am trying a couple of cloud based AV's see what comes up. I will post findings, for a bit more advice.

Thanks for all the help so far, really appreciate it.
January 16, 2012 9:53:22 PM

Have you ruled out phishing? E.g. got any emails from your 'bank' and entered your password?
January 16, 2012 10:05:52 PM

Yes that was ruled out with the security officer with the bank.
January 16, 2012 10:12:57 PM

Have you ruled out it being a different computer?

Personally I would scan the computer. Backup everything then format, then scan the media used to backup said data again just to be sure... this is your bank account at risk and I would want to be VERY careful that it doesn't happen again
January 16, 2012 10:28:27 PM

Yeah of course, I went over all other computers that accessed my account. The only connections were my PC and my laptop which is a mac. But mainly this computer. The mac I will deal with later on the main issue is my PC.

The results I have back from the Cloud AV's are:

Trend Micro HouseCall:

Found a Trojan - TROJ_GEN.USEHJ21

ESET Online Scanner:

Found Win32/OpenCandy application.

What are these? Problems? Big problems?


a b 8 Security
a b $ Windows 7
January 16, 2012 10:36:40 PM

The biggest problem is that a Trojan is a backdoor to your system. It can give a hacker mob access and control of your system. And it can allow further payloads to be installed on your system like rootkits and keyloggers.

January 16, 2012 10:41:54 PM

Okay so what can I do about the Trojan. Is this all just going to boil down to a reformat?
January 16, 2012 10:49:10 PM

If your ISP allocates static public ip addresses I would call them and get them to change it immediately. The Trojan should be gone after a reformat. But there still may be traces of it in your backups or other computers on your network!!!... so a full scan is necessary before and after the reformat.

a b $ Windows 7
January 16, 2012 10:50:33 PM

Will172 said:
Yeah of course, I went over all other computers that accessed my account. The only connections were my PC and my laptop which is a mac. But mainly this computer. The mac I will deal with later on the main issue is my PC.

The results I have back from the Cloud AV's are:

Trend Micro HouseCall:

Found a Trojan - TROJ_GEN.USEHJ21

ESET Online Scanner:

Found Win32/OpenCandy application.

What are these? Problems? Big problems?


Yes, they sound like problems.
Look, if you want to make sure the PC is clean, you will need to nuke the HDD (formatting the HDD is NOT enough) then reinstall the OS. I know it is a pain in there, but I would not take any other chances if I were you. you could download the files you think you will need in the future, but keep in mind those files may harbor the infection as well. Hence, after you download them, isolate the backup disk from any PC connection for the time being.
Afterwards, you can proceed nuking the HDD by low-level formatting it using something like Killdisk, for instance. That will zero the HDD and render it to a factory-like state. Run that 2-3 times in a row, just to be sure (you can download Killdisk and burn a CD with the bootable program, then boot from that CD). Then you can proceed with OS installation.
After that, you can run a scan (using the latest updated AV program of your liking, running from a CD, as mentioned before by the others)of your backup disk to ensure no residual infection persists on these files; do NOT boot the OS while doing this. You could actually disconnect the system drive while booting from the AV disk, and run the AV on the backup disk. I know it sounds paranoid, but remember what just happened here and what brought you here to begin with.
Good luck with this project. You might choose to just run the AV as mentioned in above posts without going through this new install, but if it happens again the bank might get antsy about your accounts being hacked again. And you'll end up here again, anyways.
Do not ignore that Mac. It is possible that the hacking happened from that one, as well. They are not as secure as most people think; hackers' conferences remind us of that yearly.
January 16, 2012 10:51:00 PM

Ah jesus this has all been so much hassle... Okay. Well I guess I will back everything up. Best way to do that by just dragging the stuff I need on to a external HD or what?
a b $ Windows 7
January 16, 2012 10:53:29 PM

Yes, you can do that without a problem; make sure you quarantine the backup after you do it, so it does not come in "contact" with any PC until you'll be able to confirm the disk is clean.
a b 8 Security
a b $ Windows 7
January 16, 2012 10:53:39 PM

If you're free of Rootkits I think the usual cleaners can handle a Trojan like
TROJ_GEN.USEHJ21

I'm always leery of Trojans - especially since the found items don't seem to match the severity of your hacked account.
I expected to see some type of keylogger or more spyware.

a c 204 $ Windows 7
January 16, 2012 11:42:19 PM

that came from this and see the program they collect from deleted i would try malware bytes safe mode without network and the antivirus also desactivate all restore point before cleacing so it wont come back reactivate after cleaning and test
a b 8 Security
a b $ Windows 7
January 16, 2012 11:45:39 PM

scout_03 said:
that came from this and see the program they collect from http://www.XXXXXXXXXXXXXXXXXX i would try malware bytes safe mode without network and the antivirus also desactivate all restore point before cleacing so it wont come back reactivate after cleaning and test


Hi :) 

We are not allowed to put links to illegal sites on here....

All the best Brett :) 
a b 8 Security
a b è Antivirus
a c 426 $ Windows 7
January 16, 2012 11:51:04 PM

Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent. These versions are detected by Microsoft’s anti-malware products.
a c 204 $ Windows 7
January 16, 2012 11:52:26 PM

@ Brett928s2 whas not to go illegal just to inform that where it came from and what they use to help protect others so no one else got in that
a b 8 Security
a b $ Windows 7
January 16, 2012 11:58:59 PM

scout_03 said:
@ Brett928s2 whas tnot to go illegal just to inform that where it came from and what they use to help protect others so no one else got in that


Hi :) 

Thats an ILLEGAL site and you posted a link to it.....in my reply you should notice I XXXX the link...

All the best Brett :) 
a b 8 Security
a b è Antivirus
a c 426 $ Windows 7
January 17, 2012 12:03:13 AM

I deleted the link.
Let's get back to helping the OP!
a c 204 $ Windows 7
January 17, 2012 12:06:26 AM

@ area 51 reopened thank's
a b 8 Security
a b è Antivirus
a c 426 $ Windows 7
January 17, 2012 12:07:46 AM

Your Welcome!
a b 8 Security
a b $ Windows 7
January 17, 2012 12:16:29 AM

Hi :) 

I fix viruses EVERY day at my company....

Here is what I would do for this particular one...

1, Boot into Safe Mode without networking

2, Install and run the LATEST version of Malwarebytes Anti-Malware 1.60.0.1800 (from a USB stick)

It MUST be that version as its definitions are only 20 days old and you do NOT want to be on the net yet...

3, KEEP running a Full SCAN (NOT QUICK) until it finds everything it can and removes it...
Then reboot back into safe mode and do it all again....until it finds Nothing...

4, Then connect your network cable...

5, Then boot to a Norton Internet Security 2012 disc (not 2011) and allow it to up date from the disc in dos... then run a FULL SCAN and keep doing that until it says nothing found...

6, Reboot back into Windows, update Malwarebytes run ANOTHER FULL SCAN then update NIS12 and do the same...

That WILL WORK....

All the best Brett :) 
a b 8 Security
a b $ Windows 7
January 17, 2012 12:22:43 AM

I'd be interested in knowing if the OP can even get into Safe Mode.
a b 8 Security
a b $ Windows 7
January 17, 2012 12:24:18 AM

Brett928S2 said:
Then boot to a Norton Internet Security 2012 disc (not 2011) and allow it to up date from the disc in dos
Another good example of running an AV check without the OS already running.
a b $ Windows 7
January 17, 2012 12:26:17 AM

Dont assume that it didn't happen on the Mac. Macs are just as vunerable these days as PCs. Mac has been gaining more and more market share. The more popular they get, the more viruses you will start to see.
a b 8 Security
a b è Antivirus
a c 426 $ Windows 7
January 17, 2012 12:27:04 AM

The drivers don't load in safe mode which really hinders MBAM's capabilities. If possible I and others always recommend running it in normal mode. If the scans are taking so long though, I'm guessing you're also using the Full Scan option. This is seldom required as it generally won't detect anything that the Quick Scan doesn't pick up except perhaps minor traces that are harmless (and even that is rare and I've never seen it do so myself).

MBAM.com ^
a b 8 Security
a b $ Windows 7
January 17, 2012 12:27:56 AM

SR-71 Blackbird said:
http://forums.malwarebytes.org//index.php?showtopic=999...

Malwarebytes was designed to run in normal mode ^


Hi :) 

I realise that but take my word it works even better in safe mode plus its quicker... average full scan (safe mode) 20 mins...average full scan in normal windows assuming someone can get into windows (1 hour 15 minutes)

Not that I use it a lot lol :) 

All the best Brett :) 
January 17, 2012 9:01:33 AM

Hi, thanks for all the new responses, I am going to spend some time backing all my stuff up now. Then I will try boot in to safe mode with the malwarebytes program.

Problem is I can't spend a huge amount of time doing this as I am in the middle or writing a dissertation :/  nightmare.

Thanks again for all the help!
a b $ Windows 7
January 17, 2012 11:49:50 AM

also contact your bank about getting your mony back!
January 17, 2012 12:02:35 PM

Malwarebytes is the way to go, dont trust avg rescue cd or anything else. even if they do find trojans etc they never get them all.

I ran AVG rescue cd on an infected computer and although it found loads it done nothing to rectify the problem. 2 scans with Malwarebytes one in safe mode and one in normal mode and the computer was as good as new.

Also if the Theft of your money resulted in you going into an unauthorised overdraft you will incure charges everyday for being overdrawn. If you report the theft to your bank they will freeze your account while they investigate which could take months to complete in which time you will have recieved many automated letters from the bank demanding that you pay them the overdrawn fees, your account may even get passed onto a debt collection agency.

After the banks investigations if they believe you, all overdrawn charges will be dropped and you will get your money back but what they dont tell you is that your credit rating will be majorly affected because you have been overdrawn for so long and your account may be classed as in default even though it isnt and its not your problem.

So just make sure you get them to amend your credit report if it comes to that. The reason i am saying all this is because this is exactly what happened to me around 3 years ago.
January 17, 2012 12:21:09 PM

Thanks davedurg09 I have done a malwarebytes scan and it came up with a few more nasty things, so I decided I am just going to nuke the HDD which was a recommendation a few posts back. I have a problem though. I am using Active KillDisk for windows, and I have seleted what HDD to nuke and how etc. But it is asking me to confirm the action and type in Erase-All-Data.. and my keyboard won't work. I tried a USB one and a Old school purple ended one and I can't type anything. I can't get the onscreen keyboard either. Any idea's?
January 17, 2012 12:22:41 PM

Ah as soon as I posted that I thought about trying a different USB slot.. That worked.
January 17, 2012 12:30:01 PM

So far I have run two cloud AV's they came up with similar results. I have run my own Avast AV, and that came up empty. And I have run Malwarebytes 3 times last two it came up empty after deleting the nasties found the first time.

Now I have backed up everything on to my external HD and scanned that a couple times it found nothing both times.

Now I have made a boot USB with Active Kill Disk on it and I am currently Nuking both of the HDD's, using the One Pass Zeros method. Although if anyone things I should use any other of the methods let me know!

(Network cable has been out through all of this) After that has all completed, I plan to reload back on Win 7 Ultimate 64bit, and install all of my drivers from the old CD's to get it back up and running. Then I will install the anti virus and firewall etc and just do another system scan to be sure. Then load up the external HD scan that once more. Then start to load up the stuff I backed up. Il prob set a backup point or something here, but is that pointless if I get another virus?

After all that Network cable back in and start to download programs I need etc.

Any gaps?

Also, I have some online storage that I put work on to so that I can access it from my mac and stuff at uni. Do I need to clear all that out too or?
a b 8 Security
a b $ Windows 7
January 17, 2012 12:40:56 PM

Hi :) 

PLEASE tell me you are NOT going to load on the same anti-virus that allowed this to happen ?

All the best Brett :) 
January 17, 2012 12:44:12 PM

Haha no of course not, I had a look at something that someone posted, and I am going to use Avira AV and comodo firewall. I might buy Malwarebytes too since it seems like a great bit of kit. I have a VPN too, although I have no idea if that help for viruses etc...

Also another thought. My Mac. I know a lot more about PC's then Mac's even though my knowledge isn't great. What am I going to do about it? I didn't see anything on the MBAM's website about it working on Mac's.
a b 8 Security
a b $ Windows 7
January 17, 2012 1:38:43 PM

Hi :) 

Please do NOT use AVIRA FREE version.... in my computer shops we get LOTS of people with the 3 A`s as we call them...AVIRA, AVG, AVAST and those people ALL have viruses...

With antivirus software you REALLY do get what you PAY for....

I fix viruses EVERY day and ALL of my machines run Norton Internet Security 2012...Norton also does a version for Macs by the way....

All the best Brett :) 
a b $ Windows 7
January 17, 2012 1:53:53 PM

Will172 said:
So far I have run two cloud AV's they came up with similar results. I have run my own Avast AV, and that came up empty. And I have run Malwarebytes 3 times last two it came up empty after deleting the nasties found the first time.

Now I have backed up everything on to my external HD and scanned that a couple times it found nothing both times.

Now I have made a boot USB with Active Kill Disk on it and I am currently Nuking both of the HDD's, using the One Pass Zeros method. Although if anyone things I should use any other of the methods let me know!

(Network cable has been out through all of this) After that has all completed, I plan to reload back on Win 7 Ultimate 64bit, and install all of my drivers from the old CD's to get it back up and running. Then I will install the anti virus and firewall etc and just do another system scan to be sure. Then load up the external HD scan that once more. Then start to load up the stuff I backed up. Il prob set a backup point or something here, but is that pointless if I get another virus?

After all that Network cable back in and start to download programs I need etc.

Any gaps?

Also, I have some online storage that I put work on to so that I can access it from my mac and stuff at uni. Do I need to clear all that out too or?

OK, sounds like you are on the right track. I don't think that your online backed-up files are infected, one because you probably loaded them up one by one after personally working on them, and two because the similar back-ups on your HDD came out clean (if I understand correctly from your posts). As a precaution, after re-loading the AV on the PC re-scan the back-up HDD one more time, then if you want to check the files saved online you could download them and scan them locally. I am pretty sure they'll be clean.
Setting up a restore point is useful when stubborn programs mess up with your settings or you run into a "dirty" install/uninstall. For viruses, I don't think they're helpful. Does not hurt to have one as a clean system image.
The one-pass killdisk should work fine for you, that is what the free version gives you. I don't believe any trojan can survive this, but if you want to make sure you could run it again after it's done. I never encountered any instance where any data (including viruses) survived the first pass.
January 17, 2012 2:26:16 PM

Okay Norton it is! Thanks again, will let you know how it all goes... Still nuking the HDD's.. Got a 90GB SSD which nuked in like 10 mins.. and a 1TB Samsung F3 and its going to take 2hrs 30mins...
      • 1 / 2
      • 2
      • Newest
!