Bank account hacked, advice please?

Status
Not open for further replies.

Will172

Distinguished
Mar 13, 2011
74
0
18,630
So recently my bank account got hacked in to. The theft managed to either physically clone my card or I have a virus/trojan on my computer. I have pretty much ruled out a physical cloning, so I want to check my computer to see if its infected. I already have some anti virus and it came up with nothing, but I read a few articles about a new Trojan floating around and wondered if I could check for this. I get the impression that anti-virus company's are always playing catch up with the latest virus/trojan etc.

So would anyone be able to recommend to me a way to scan my PC better or give me advice on what to do in this situation short of a complete reformat to be safe.

Thanks in advance,

Will
 

Will172

Distinguished
Mar 13, 2011
74
0
18,630
Also I read a couple of the stickies, I'm not being ignorant, I would just quite like a recommendation and a bit of advice!
 

Will172

Distinguished
Mar 13, 2011
74
0
18,630
Well for starters, I can't just 'freeze' my bank account... As for reformatting, I just wanted to know if there was any other options...
 
Hello Will172;

The best way to scan is to use a bootable CD or USB thumb drive.
That way you avoid running your (possibly infected) installed OS. Some of the nastier rootkit packages can defend themselves and hide from the most popular AV/Malware products.
 

hitechgowthaman

Distinguished
Jan 10, 2012
219
0
18,690
Hay only use 1 antivirus + spyware in ur system 2 or more slowdown system ,try superantispyware its fiee instal and do ful scan it detect many virus then delete al virus ,it slow down system so after 2 days uninstal that iam recomend avg free antivirus for u
 

Will172

Distinguished
Mar 13, 2011
74
0
18,630
Okay so at the moment I am trying a couple of cloud based AV's see what comes up. I will post findings, for a bit more advice.

Thanks for all the help so far, really appreciate it.
 

aaab

Distinguished
Oct 18, 2011
623
0
19,010
Have you ruled out it being a different computer?

Personally I would scan the computer. Backup everything then format, then scan the media used to backup said data again just to be sure... this is your bank account at risk and I would want to be VERY careful that it doesn't happen again
 

Will172

Distinguished
Mar 13, 2011
74
0
18,630
Yeah of course, I went over all other computers that accessed my account. The only connections were my PC and my laptop which is a mac. But mainly this computer. The mac I will deal with later on the main issue is my PC.

The results I have back from the Cloud AV's are:

Trend Micro HouseCall:

Found a Trojan - TROJ_GEN.USEHJ21

ESET Online Scanner:

Found Win32/OpenCandy application.

What are these? Problems? Big problems?


 
The biggest problem is that a Trojan is a backdoor to your system. It can give a hacker mob access and control of your system. And it can allow further payloads to be installed on your system like rootkits and keyloggers.

 

aaab

Distinguished
Oct 18, 2011
623
0
19,010
If your ISP allocates static public ip addresses I would call them and get them to change it immediately. The Trojan should be gone after a reformat. But there still may be traces of it in your backups or other computers on your network!!!... so a full scan is necessary before and after the reformat.

 


Yes, they sound like problems.
Look, if you want to make sure the PC is clean, you will need to nuke the HDD (formatting the HDD is NOT enough) then reinstall the OS. I know it is a pain in there, but I would not take any other chances if I were you. you could download the files you think you will need in the future, but keep in mind those files may harbor the infection as well. Hence, after you download them, isolate the backup disk from any PC connection for the time being.
Afterwards, you can proceed nuking the HDD by low-level formatting it using something like Killdisk, for instance. That will zero the HDD and render it to a factory-like state. Run that 2-3 times in a row, just to be sure (you can download Killdisk and burn a CD with the bootable program, then boot from that CD). Then you can proceed with OS installation.
After that, you can run a scan (using the latest updated AV program of your liking, running from a CD, as mentioned before by the others)of your backup disk to ensure no residual infection persists on these files; do NOT boot the OS while doing this. You could actually disconnect the system drive while booting from the AV disk, and run the AV on the backup disk. I know it sounds paranoid, but remember what just happened here and what brought you here to begin with.
Good luck with this project. You might choose to just run the AV as mentioned in above posts without going through this new install, but if it happens again the bank might get antsy about your accounts being hacked again. And you'll end up here again, anyways.
Do not ignore that Mac. It is possible that the hacking happened from that one, as well. They are not as secure as most people think; hackers' conferences remind us of that yearly.
 

Will172

Distinguished
Mar 13, 2011
74
0
18,630
Ah jesus this has all been so much hassle... Okay. Well I guess I will back everything up. Best way to do that by just dragging the stuff I need on to a external HD or what?
 
Yes, you can do that without a problem; make sure you quarantine the backup after you do it, so it does not come in "contact" with any PC until you'll be able to confirm the disk is clean.
 
If you're free of Rootkits I think the usual cleaners can handle a Trojan like
TROJ_GEN.USEHJ21

I'm always leery of Trojans - especially since the found items don't seem to match the severity of your hacked account.
I expected to see some type of keylogger or more spyware.

 

scout_03

Titan
Ambassador
that came from this and see the program they collect from deleted i would try malware bytes safe mode without network and the antivirus also desactivate all restore point before cleacing so it wont come back reactivate after cleaning and test
 
Status
Not open for further replies.