Over 1 million tech questions and answers.

user account used to setup servers is being flagged for suspicion of identity theft based on abnormal behavior

Q: user account used to setup servers is being flagged for suspicion of identity theft based on abnormal behavior

hi all,
i had an user account being flagged for suspicion of identity theft based on abnormal behavior. this user account is a domain admin and is no longer accessed by anyone. it was used to setup the hyper-v hypervisors in my environment.
unfortunately, there seems to be alot of kerberos traffic under this account round the clock (1000 records every hourbased on the timeline). however, i did a check and there are no services running using this account. in the excel report, many legitimate
servers are listed as abnormal resources. some of the hypervisors are listed as normal resouces though. may i know how can i identify the cause of these activity?

Read other answers
RELEVANCY SCORE 200
Preferred Solution: user account used to setup servers is being flagged for suspicion of identity theft based on abnormal behavior

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 199.6

Hello,
We have ATA running for about 2-3 months now. Until now I had only fals alerts. That is good I think, but one thing is very annoying.
ATA "learns" what normal user behaviour is. We also have a quite large terminal server farm which daily produces a lot of false Alarms as users not always logon to the same server.
Is there a way to ignore, whitelist or whatever logons to our terminal server farm?
Thanks a lot for your help!

Read other answers
RELEVANCY SCORE 195.6

Occasionally we get these alerts when someone logs into a remote desktop farm and lands on a new (to the user) node in the cluster.   Is there a way to exempt these hosts (preferably via AD group) for this particular detection?

Read other answers
RELEVANCY SCORE 195.6

I have some Suspicion of identity theft based on abnormal behavior alerts and one alert in particular for a user was flagged as requesting access to 32 abnormal resources. When reviewing the alert, I see some resources, both Windows servers and Windows workstations,
tagged as CIFS, some server access flagged as LDAP, etc.
To determine if the user truly accessed the resources listed, what other logs should I be reviewing? Domain controller logs? Netflow/network traffic logs?

If after investigating, I conclude the alert was a false positive and I close and exclude the user, what exactly am I excluding? Any activity from the user, or just the specific activity occurred for that user for those defined resources?
Thx

Read other answers
RELEVANCY SCORE 189.6

Hi,
We installed ATA about a month and a half ago, and we recently began to recieve numerous "Suspicion of identity theft based on abnormal behavior" alerts that show computers with Windows 10 installed accessing other computers in their LAN via SMB(CIFS).
After investiagating this and finding nothing of interest, I searched online and found an article that suggests that these accesses are caused by having Windows Delivery Optimization enabled on your network(It is enabled on our network).
The article suggests that the peer discovery method used in Delivery Optimization might use port 445.
Can you confirm this?

Read other answers
RELEVANCY SCORE 187.6

After several weeks of trying to track down the root cause of the above mentioned ATA alert, we have determined WUDO is possibly causing the above mentioned ATA alert to fire.
ATA is finding that hosts are connecting to CIFS of many other systems as well as port 7680.
I have not found any official Microsoft documentation stating WUDO utilizes port 445 but other users like myself mentioned 445 is used for host discovery.  If this is true, shouldn't ATA detect that WUDO and host discovery is in use and not fire several
times an hour?
If not what work is being done to get this fixed in the next or future ATA release.

Read other answers
RELEVANCY SCORE 179.6

We got this alert and it indicated that a user's account had "Performed interactive login from 2 abnormal servers".  The user said they hadn't.  Looking at the two servers, there are no directories for the user in C:\Users\.  Looking
in the event logs on the two servers, there don't appear to be logons with that user's account.  Are there any more details to be gleaned from ATA that would help us figure this out?

Read other answers
RELEVANCY SCORE 177.2

Getting a bunch of false positives of "identity theft" based upon abnormal workstations that users are accessing.  Why do we know they are false positives?  The source workstation in every alert was doing Windows Updates right when the
alert hit.  The alerts say the workstation usually accesses 30-40 other workstations over CIFS.
So...this is actually normal behavior for Windows Updates with this new feature: "Windows Update Delivery Optimization".  The feature is available on Windows 10 only (which the OS in all of our alerts).  Check out this for more info on
this feature:  https://privacy.microsoft.com/en-us/windows-10-windows-update-delivery-optimization
The Windows Update feature makes the workstation reach out to other workstations for its updates instead of going over the internet.  Thats the problem.  Thats whats generating the list of abnormal workstations accessed.
Any ideas on how to "teach" ATA that this is normal?

Read other answers
RELEVANCY SCORE 169.2

A user has been identified as Suspicion of identity theft based on abnormal behavior
The log shows that he accessed 37 resources whereas after investigations he confirmed that he did not access 37 resources by himself but logged onto 2 resources alone.
I had gone through your links and articles but i did not answer my question.
please let me know what could be the reason it shows he accessed 37 resources. Why it showed 37 resources accessed when he only logged onto 2 resources. 
If i exclude this user, will the same user never be detected if he really does suspicious access from the same ipaddress to same destination?

Read other answers
RELEVANCY SCORE 124.4

We are trying to investigate the root cause of an alert generated in MS ATA - 'Suspicion of identity theft based on abnormal behavior'.
The user account appears to have connected to a number of machines not seen in the last month via CIFS, according to the alert.
Would this be a false positive (i.e. some 'normal' Windows process or standard tool)?  If not, I will continue digging to try and find out more.
Any guidance is welcomed.

Read other answers
RELEVANCY SCORE 79.2

When I get SAs for "Suspicion of identity theft based on abnormal behavior" I can see the list of target computers and Kerberos services but no timestamp, source computer, or domain controller information.
Where can this data be found in ATA?
The activity log has some of these requests, but not all of them (e.g. requests made for resources in trusting domains)

Read other answers
RELEVANCY SCORE 70.4

Well I am back again...I do not know what to do.. I now so bad I cannot even get a secured loan..I am pretty sure that most scans will not show much..I will send you the hard drive if that is what it will take..I think probly better not to start rambling a bunch of problems .. I have had a few threads closed here.. Is there anyone that can work with me...

Read other answers
RELEVANCY SCORE 70.4

I have a friend that has security problems...how can I get to the registry to view any suspicious activity?
 

A:Possible Identity theft

Read other 7 answers
RELEVANCY SCORE 70.4

Two emails showed up in my Hotmail inbox this morning that I don't understand and don't know how to deal with.

One was from the postmaster advising that delivery of "my" email to [email protected] failed. But I never sent any email to that address. The email showed the following as the email in question:

"From :
<[email protected]>

To :
[email protected]

Subject :
Re: Your archive

Sent :
Thursday, March 11, 2004 9:42 AM

Attachment : DELETED0.TXT (160 bytes)
Your document is attached."

When I tried to open the attachlment, I got this:

"File attachment: your_archive.pif
The file attached to this email was removed
because the file name is not allowed."

The second was from [email protected] to lmy email address, [email protected]. It said:

"Content violation found in email message.

From: [email protected]
To: [email protected]

File(s): your_archive.pif

Matching filename: *.pif"

I have no idea what this is all about. I feel like I should report this to someone but I don't find a way to contact hotmail about it. (Maybe all I need to do is to change my password.)

Anyone have any thoughts? Thanks, grandpaw7
 

A:Identity Theft

Problems you specify are consistent with the netsky virus, i trust your own anti-virus scanner is up-to-date.
Usually means you are in someones address book who has netsky (or one of its variants) infecting their computer, virus passes on to full address book spoofing the sender (using someone else from the address book as the sender), that is why you got the undelivered mail warning.
To be sure update your anti-virus and check computer, then forget it as you can't do anything about someone elses computer.
 

Read other 1 answers
RELEVANCY SCORE 70.4

Hey folks,
Well, I found a charge on my paypal account for about $2200.00. Someone in Moscow tried to buy a very nice camera. Anyway-- I resolved all that and it caused me to take a very close look at my PC. I ran a virus scan and came up with 30+ warnings. These are all files that cannot be accessed by my virus scanner.

I'm using AntiVir PersonalEdition Classic with its updated files. I've copied the log below. Let me know if there is any other information that may be helpful.

Are any of these files malicious or am I alright? I greatly appreciate any help you all can provide.

Thanks a lot.
AntiVir PersonalEdition Classic
Report file date: Tuesday, August 14, 2007 13:29

Scanning for 1019984 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Jeremy
Computer name: JEREMY

Version information:
BUILD.DAT : 247 14437 Bytes 5/10/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 4/20/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 3/27/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 3/27/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 3/19/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 19:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 7/10/2007 15:13:41
ANTIVIR2.VDF : 6.39.0.226 1223680 Bytes 8/10/2007 00:03:14
ANTIVIR3.VDF : 6.39.1.0 158208 Bytes 8/14/2007 16:55:21
AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 8... Read more

A:Identity Theft-- What got me?

Hey guys. I posted early yesterday and realized that many prefer to have a hijackthis log. I've since downloaded a number of spyware programs and detection programs. I've also picked up a rootkit revealer. Unfortunately, I'm not 100% sure how to use it.

Anyway, a bit of back story-- came home from a trip and found that someone had accessed my paypal and my hotmail. They'd purchased a $2000.00 camera and had it shipped to Moscow. I'm not longer out cash, but I need to find out how they got my info to begin with. Your help would be incredibly appreciated.
Thanks!

The hijackthis log follows (I can include other logs if you'd like).
Logfile of HijackThis v1.99.1
Scan saved at 3:09:46 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Softw... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

I have tried to mark in bold the identifying characteristics of a computer botnet that has taken over this system. If you are not familiar with the term, Google it. "Zombie net" is another term.First clue: Second line of your log, "WinNT 5.01.2600". That is a NETWORK/b] Operating system system -- not XP and this computer is a workstation of an identity theft perp. The system is hidden, but it can be unhidden under the "view files" features in Windows."lsasse.exe" is a backdoor worm which allows the network operator complete control of your system, mines for passwords, identity information, deletes and replaces files -- a very critical one to find in a system. Google it as well as all other processes on start up.This particular operator exploits IRC channels, incorporating MSN messenger and other chat systems to run in the background. He mines the desktop as well and attaches spyware tools as browser helpers to IE. He collects credit card numbers, bank account numbers, etc. So you can figure out what the purpose is of this network. Because when this botnet is installed the remote "Administrator" keeps full control over the system, you cannot delete system files without their coming back. Any reinstall of your operating system will be subordinate to the master Network. If you try to remove any of the critical worms and trojans like "lsasse.exe", your system will crash and you will have to reboot. Your memor... Read more

A:Identity Theft

[quote]First clue: Second line of your log, "WinNT 5.01.2600". That is a NETWORK/b] Operating system system -- not XP and this computer is a workstation of an identity theft perp. The system is hidden, but it can be unhidden under the "view files" features in Windows.[/quote]Totally false. That is the version number of your updated windows. It should be that number![quote]"lsasse.exe" is a backdoor worm which allows the network operator complete control of your system, mines for passwords, identity information, deletes and replaces files -- a very critical one to find in a system. Google it as well as all other processes on start up.[/quote]Lsasse.exe could very well be a backdoor worm. There is, though, a perfectly legitimate C:\WIndows\System32\lsass.exe file. Make sure you are comparing the spellings correctly.[quote]If you also run WinUtilities, it will clearly disclose your machine is in a network and a workstation now.It will report autoexec.bat and config.sys files as = "0" bytes. The program configuring your system is now "Config.NT".[/quote]Almost all installations of XP and Vista have zeroed out autoexec.bat and config.sys files. They are just not used anymore. I have em and all my vmware test boxes have em.As for Config.nt, this is the standard practice now. Nothing suspicious here.[quote]I have tried to bold some of the tell tale signs of this network on your HJT log. These are not all the... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

Hi i just recently found 3 charges to my credit card that i never did. So i called the company who listed these 3 charges and the thief has charged me 3 times to an adult website. This would mean he has my credit card number and pin number. I was wondering if anyone could help me by taking me through the steps to see if their are keyloggers, viruses, spyware etc. on my computer. Thanks and here is a hijackthis log ::::Update I just scanned with AVG antivirus and found trojan horse backdoor agent IQL, im atempting to delete it Please help fast!!!:::::::$$$$$Ok i am goign to consider reformatting the labtop so i can make sure its 100% clean... So how should i go about saving my data (music/docs), is scanning the cd on the new reformatted computer with a antivirus enough for it to be clean? Also i have an ipod, i have been using it for a while, would it have been infected too somewhere on the hd? what should i do to fix it? thank you$$$$$$$HERE IS A SCAN LOG OF SOPHOS IF IT IS HELPFUL!!!1Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos PlcStarted logging on 5/6/2007 at 13:39:08 PMStopped logging on 5/6/2007 at 13:47:20 PMSophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos PlcStarted logging on 7/17/2007 at 23:21:19 PMWarning: Failed to query live registry key \HKEY_USERS.You may not have access rights to the whole registry. Incorrect function.Hidden: registry i... Read more

A:Identity Theft

Hi Vince86,I'm really sorry to hear about what has happened. In my opinion you should just go ahead and reformat and get it over with. Even tho it is possible that you lost your credit card details in another way--for example, someone may have fished a receipt out of the trash or an unscrupulous employee saved your data when you used it to purchase something--computers infected with backdoors have become epidemic in the last year and the only way to be 100% sure is to wipe your hard drive and reinstall Windows.The following articles may help with how to do that and making the decision.How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I ReinstallHelp: I Got Hacked. Now What Do I Do? Part IIYou've already gotten some of this advice in your Am I Infected topic: http://www.bleepingcomputer.com/forums/t/100420/trojan-horse-backdoor-agent-iql-identity-theft/Reformatting is a pain, but when you do that be sure to secure your system first before getting on the net again. For further info on what you need and how you may have gotten infected, see How did I get infected?, With steps so it does not happen again!You had the basics covered, but I noticed in some of your previous posts that you have Limewire installed and you are worried about losing your music. While P2P programs can be used legitimately, their use is a major avenue for distributing malware. Cracks and free music and other media you actually pay for one ... Read more

Read other 24 answers
RELEVANCY SCORE 70.4

Recently, I have had my personal particulars stolen, leading to me losing a considerable amount of money. I believe someone had stolen the information from my past internet transactions, though i do not know how. Any help would be appreciated.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 7:47:49.96 on Sat 12/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1695 [GMT 8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.e... Read more

A:Identity Theft

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

This morning I got an email in my Spam folder that my SSN has been compromised in a Dark Web. It did know my first name. I don't know what to make of it...is it a Scam? and what exactly meant by a dark web? When I clicked on the button for more info, it opened to what looked like a company that offers identity protection, which makes me believe that this is a hoax, but using my name has me a bit nervous. Has anyone else received such notice?
 

Read other answers
RELEVANCY SCORE 70.4

Hi, i got in this evening and my old man had had Paypal fraud investigators on the phone, asking him if he had made any large transactions this evening.

turns out someone has got into his ebay account, changed his email address and house address (without him receiving an email to confirm?)
then they have paid using his paypal account, and they had changed the address there as well, and registered a different credit card (although still using his name!)

no information of these changes were sent to his original email address, so i am wondering have they got access to everything on the PC (emails, passwords (norton password manager) etc )

he says he never clicks on links through emails unless he knows the source but i couldn't be sure about that.

i did a spybot search and it found Win32.Agent.PZ, and i have seen this linked to fraud in one brief google search.... as you can see urgent help is needed to know what these scum bags know and how they got the info.

here is the highjack this log (don't know if i have the latest version but here it is anyway)

please let me know if you need anything else, thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 23:23:53, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syst... Read more

A:possible identity theft help please!!!

just done an ad-aware scan and found some nasty key-logging type trojans! with a Tac rating of 10

question about key loggers; can they recognize astrixed characters where the password has been automatically filled by Norton Password manager (and/or google Autofill) i think i know the answer

also is there anyway of finding out what has been recorded and/or sent by these things?

thanks
 

Read other 1 answers
RELEVANCY SCORE 70.4

So yesterday i became part of the statistic of people who fallen into identity theft. Someone got my account information and transfered a large sum of money out of my bank account. I was wondering if it is possible to detect key loggers or any other type of software that may have leaked this information. I understand that it may not have to do with something off my computer but i have reason to believe they obtained my login information which could only be taken from this computer. Any help is greatly appreciated.

here is my log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:17 PM, on 9/25/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files (x86)\Malwarebytes' ... Read more

Read other answers
RELEVANCY SCORE 70.4

DDS (Ver_09-03-16.01) - NTFSx86
Run by eMachine at 13:53:46.79 on Tue 08/01/2006
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.3325.2480 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\WINDOWS\ModPS2Key.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:... Read more

A:Identity Theft

BUMP, please

Read other 19 answers
RELEVANCY SCORE 70.4

Hi all

On 2001 I sent a Yahoo email to enquire about alternative mdicine product in USA. When I googled my name I found a copy of the enquiry on http://www.greenspun.com/bboard. When I contacted them to protest I have been told it is up to webmaster. Two weeks ago I opened a hotmail email address & found out that the same ULR with the same enquiry printed my hotmail address instead of the Yahoo one.
Whom shall I complain to?
 

A:Identity theft

Read other 16 answers
RELEVANCY SCORE 70.4

Hello,

My mother in law was called by a company she was told was kaspersky. They said her computer had been infected by an FBI virus, and told her the computer was compromised by hacking. She said they asked her to allow them to access her computer for a fee and they would fix it. She agreed but says she did not make any changes to her computer to allow them access, they just had access and started the process. She could see them going in to her computer and creating files etc. I'm just hoping there is a way to see and delete any files that could allow them back in to her computer. Thanks so much for your help in advance. Here is the log and I have attached the attach.zip but i didn't see an ark file.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Patricia at 16:26:16 on 2012-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2877 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\... Read more

Read other answers
RELEVANCY SCORE 70.4

I get a strange email today saying I authorized over 600$ from my paypal account to a website called DHGATE.COM. I did not authorize this at all!

I went to paypal and put in a claim saying I didnt authorize this transaction. Paypal asked me to change my password, and said my account is frozen for the time being.

Im wondering if I someone got infected by a trojan/keylogger? Any help appreciated.. I did the netstat -n in command prompt and may have noticed some strange connections...


DDS
------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.0
Run by Davey at 22:10:26 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1682 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k n... Read more

Read other answers
RELEVANCY SCORE 70.4

In October of last year I found that someone got my credit card number and tried to purchase items with it online. This was taken care of with the credit card company but I'm wondering if there is still some kind of access to my computer going on. I'm running Windows 7 64 bit and have Avast internet security. I use usatoday.com as my home page and on it there is a personalized weather column. This keeps changing to McLean, Va but I live in Michigan. I change it and within a day it goes back to the other location. I have downloaded and ran hijack this. It tells me that my system does not let it have write access to the host file. I also have run spybot and there is no problems showing up. I have included my hijack this and hope there is something that can be figured out. Thanks!

A:Possible identity theft

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437235 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

I use an external firewire based sound card sometimes with my Z61m (PreSonus Firebox).  This last time I went to use it, the application software that I use would not recognize the card as being present. I went into system, hardware manager, and got a message that I was not signed in as an administrator.  Never happened before. I have 3 accounts on this machine.  Mine (an administrator account), one for my wife, and one for my son. When I press the thinkvantage button to and hit the 'system information' button it shows that my son is the current user! How can this be and does anyone know of a fix for it? 

Read other answers
RELEVANCY SCORE 70

My poor wife may have been hacked today and I am trying to figure out how or if it's just random events that seem like she's been attacked. Our son is home sick and she was home with him all day. She posted some photos on Facebook and within in 30 minutes the following happened:

1. Paypal said a transaction for a small amount had been approved.
2. She got e-mails from Facebook and TurboTax asking for temporary password resets.

She was able to have paypal stop the payment, they had flagged it before she called.
Facebook said the user logging into her account was in Jakarta (Screams IP mask or VPN) but she got that reset.

Biggest concern now is do they have all of our banking and financial records? Should we reset all passwords to all of these things? Or is this a random phishing attempt gone wrong. So far, since this happened about 10 hours ago, there has not been any credit card or banking activity that is not our own.

Very Bizarre. I've checked and reset our router to make sure that had not been hacked. Trying to figure out how they got access to those random things and if we should be worried.

Please help.

A:Identity Theft Attempt

Biggest concern now is do they have all of our banking and financial records? Should we reset all passwords to all of these things?Change all passwords to all accounts, and the passwords to any and all email accounts associated with any other accounts. This should be done from a clean computer, and not the one we're scanning for possible malware.It would also be a good idea to call and check with companies concerning any accounts you may be worried about.As for any malware being on your machine, let's see this:I know it looks like a lot, but it's really just a lot of text asking for only 5 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that ico... Read more

Read other 11 answers
RELEVANCY SCORE 70

Hello!

I was not entirely sure where to post this topic so I chose this forum seeing as it seemed the place to put it.
Anyways my mom is not the most technologically smart person in the world, and she knows nothing of phishing attacks.
I literally just caught her like 15 minutes ago filling in information to a "WalMart Gift Card" site. She did this
by using the Bing! search engine, searching WalMart, and clicking on the "sponsored" link that said "Official WalMart"
website. After this she said she filled in information, and decided to stop because it asked for her cell phone
number. Being the paranoid generalized anxiety disordered person I am, I got really worried that she might have given
more information that she was willing to tell me. (She claims she only gave her address and name, but I don't believe her,
as well as don't believe her when she told me it was the first time she ever did this sort of thing). So, my question is,
is there any possibility of identity theft? Should I be worried? I know that some websites can retrieve information without
having a new page loaded or a continuation of the "information process" (although she did hit the continue button anyways).
Thanks to anyone who helps me out!
Andrew

A:Possibility of identity theft?

Can you find back the URL of the presumed phishing site? For example by looking into the browser history?

Read other 4 answers
RELEVANCY SCORE 70

Hi,

My brother strongly recommended this site for fixing my problem. A few weeks ago my bank card was zapped by a few fraudulent charges. I went through the process of cancelling the card and ordering a new one. Then this morning I was contacted a second time about charges made to a different credit card! The only connection I can make between the two is their use to pay bills and purchase items on my home computer. I am running Windows Vista 64bit. I have previously run the latest versions of Avast! virus scan, Malwarebytes anti-Malware software, and Spyware Terminator, but I've had no success in locating anything malicious. Can you help me make sure my system is clean?

- Geldeth

A:Identity Theft--is it my computer?

Since this is rather sensitive subject you'll do better with some more advanced checks...Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 2 answers
RELEVANCY SCORE 70

On July 7th an intrusion took place on my machine that allowed a user in Singapore to access information that specifically led them to e-commerce sites that I had visited giving them access to my accounts. (Amazon.com, Zazzle.com, ShopStarWars.com and MBNA Credit Card site) :evil: Orders were placed but nothing was shipped thankfully.

I am running Norton Internet Security 2004, SpyBot v 1.3 updated 8.11.04 and HiJack This v 1.98.2.

Spybot cleared off several tracking cookies and the last step I feel to have a review of my HiJack This log.

Any help provided in reviewing this information will be greatly appreciated!

Here is the log I ran today;

Logfile of HijackThis v1.98.2
Scan saved at 9:40:49 AM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ge****c.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\WINDOW... Read more

A:HiJack This Log and Identity Theft

Welcome to TSF.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop or Temp folder. This is required because HijackThis will create backups and we don’t want them to be deleted.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):

C:\WINDOWS\notepad.exe

Make sure to close any open browsers you have. Check and fix the following in HijackThis (make sure not to miss any):

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FD... Read more

Read other 1 answers
RELEVANCY SCORE 70

Where can I get identity theft protection? I had my purse stolen, and I am very concerned about someone using my identity.
 

A:Where can I get identity theft protection?

You need to call the 3 credit bureas..Experian, TransUnion and Equifax and put an initial fraud alert on your report. You can do so over the phone.
 

Read other 2 answers
RELEVANCY SCORE 70

I recently found out that a bulk email was sent out to people in my address book ( it appears to be my address book from another time) and appears to be from me but I did not send it. The address that shows in the sent from address bar is [email protected]( i do not have a valp.org email) . There is a clickable link in the email. It is signed by me at [email protected] ( i do have that aol email address). How do I find where that is coming from and stop it from happening again? I am able to obtain a copy of the email if that would help. I do not have the exact same names in my present address book in outlook express. I don't see any addresses saved in Aol. I have a mail envelope in my internet explorer that will no longer let click it.
 

Read other answers
RELEVANCY SCORE 69.2

Hello
My computer has been acting strange for some time. On August 22 while in Google accounts, the app warned me of authorization problems of some kind. I immediately turned suspicious. I ran a Malwarebytes scan and found 15 errors. I attached the log. I've also noticed some of my files and programs having multiple user groups: SYSTEM, Account unknown(S-1-5-21-1331788295-3651318079-3772849865-1000), Mihkel, Administrator, Administrators, INTERACTIVE. Some files have more "Account unknowns" and the malware found with Malwarebytes had two executables with almost the same name as unknown accounts under user security. I also experience random spikes in resource monitor for disk usage and network activity, even when the computer should be idle.
 
Looking forward to your help
Mihkel

Read other answers
RELEVANCY SCORE 69.2

Am a beginner please show me the steps to get these viruses off...Please help me i have trojan viruses...Fraud block keeper,Fraud sys guard much more...this virus blocks system access,blocks from uninstalling programs and antivirius programs...
 

Read other answers
RELEVANCY SCORE 69.2

hello there people,
 
i have recently found out that 1 in 30 people are subject to identity theft, so this is an importaint matter to discuss.
 
can you be attacked by identity theft if you have bad credit?
 
thanks,
 

A:Can you be attacked by identity theft if you have bad credit?

Yes, no matter what your credit history is, can be a victim of identity theft.  Tax time here in the US is a perfect example.  With your identity they can file a fake tax return using your information, normally for an amount much larger than you would actually be entitled to receive. 

Read other 33 answers
RELEVANCY SCORE 69.2

This is incredible. For me, the war has just been turned up one more notch with regard to spammers and their lowlife antics.

I've had an Email account hijacked!

Like many people I maintain a "throw away" email account with Yahoo. Its use is to provide a not-too-personal addy for nosey outfits that feel they need to reach me. As we all soon learn - a carelessly given email addy quickly gathers spammers. The account in question here is one of 2 I routinely use .. both are several years old. One of them has been broken into and anybody that knows a thing or two about finding the cretin that did it shall get all info I possess to that end. I really have grown to hate the spys and the spammers. I will take the blame for only having a 6 character password on the account - I assume it was attacked and broken by brute force ... it's not a word, it uses numbers and letters, it's NOW changed to 12 characters, btw.

I would not know this was done IN MY NAME, but luckily some of the spam sent out through my account was tossed back as unmailable by various ISPs. I was alarmed to find many, many of these "return to sender" messages in that mailbox. It's all occured within the past week or so - since my last mail check.

Here's a sample of what is being mailed:

"Hey whats going on this is Jenny from Match.com . I havent heard from you in a while, I was wondering if you were still interested in getting together. My subcription there ran ou... Read more

A:Identity theft at YAHOO - spammers must die

Read other 11 answers
RELEVANCY SCORE 69.2

Learn how to protect yourself from identity theft.

Did you know that there are numerous steps you can take to protect yourself against identity theft besides just checking your credit report? Here, we talk with an expert and offer tips on what regular people can do to ensure their identities stick with them instead of other shady characters.

-- Tom
 

Read other answers
RELEVANCY SCORE 69.2

Hi i was just a recent victim of identity theft and someone charged unauthorized payments on my credit card. I ran a virus scan and found a trojan called Trojan Horse Backdoor Agent Iql.

So i deleted it but people have told me that i should REFORMAT my hard drive which i could do but i wouldn't know how to reinstall all the drivers or where to look for them.

If anyone has advice please post how i would get all the drivers and (music/documents) off my computer and reinstall on a clean reformatted one. If i put my music onto a CD wouldnt it be infected if the trojan is still on my computer? so how would i prevent it from reinstalling on a fresh computer if i stick it into the cd drive? would it instantly infect my computer? I have a dell inspiron 9200 laptop and i looked on dells website for drivers and it doesnt seem to have a whole lot. So please help here is a hijack log if someone thinks it can be cleaned instead of reformatted!!!! thanks

HERE IS A SCAN LOG OF SOPHOS IF IT IS HELPFUL!!!1

Sophos Anti-Rootkit Version 1.3RC (data 1.06) 2006 Sophos Plc
Started logging on 5/6/2007 at 13:39:08 PM
Stopped logging on 5/6/2007 at 13:47:20 PM
Sophos Anti-Rootkit Version 1.3RC (data 1.06) 2006 Sophos Plc
Started logging on 7/17/2007 at 23:21:19 PM
Warning: Failed to query live registry key \HKEY_USERS.
You may not have access rights to the whole registry.
Incorrect function.
Hidden: registry item \HKEY_USERS\.DEFAULT
Hidden: registry item \HKEY_USERS\S-1-5-21-1929307... Read more

A:Identity Theft Recent Victim

please close down this thread,
 

Read other 1 answers
RELEVANCY SCORE 68.4

Hi and thanks in advance for any help your able to provide me.

It started when my pc began running slower than usual. Later I was being redirected from google search queries. Soon I noticed my computer's start up taskbar had a different arrangement of programs listed, including a virtual keyboard that I've never used, and when I tried to see my program files I saw nothing. I was using antivirus software at the time, but I've recently uninstalled it, as well as all other programs I wasn't sure would be in compliance with the standards set by this forum. I've also removed all image mounting software, p2p software, and anything else of a questionable nature from my pc, and I do not intend to use them ever again, I've learned my lesson with the problems that I'm having now.

I purchased kaspersky pure total security from my local wal-mart, because it came down to my entire desktop being empty save for a false anti-spyware program labeled "defender.exe" which would auto run, perform a false scan listing false trojans/worms/etc (WinBlaster32), and decline all attempts at ending the process from the task manager by automatically closing it before I had a chance. So I rebooted in safe mode, deleted defender.exe, then rebooted in normal mode and installed kaspersky with the C.D. since then I've removed multiple problems and my computer is running somewhat smoothly again, but I feel there is a backdoor that kaspersky is unable to remove by conventional methods which is spe... Read more

A:Identity theft possibility, disinfection necesarry

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by John at 12:24:56 on 2011-09-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1927 [GMT -5:00]
.
AV: BitDefender Antivirus *Enabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Common Files\InfoWatch\Cr... Read more

Read other 9 answers
RELEVANCY SCORE 68.4

This is my first post.  I hope this is the correct forum for it, I couldn't find any other that seemed appropriate.
I recently had the Win32/Kovter.C Trojan on one of my computers for a short time.  My concern is that I had a file on the computer that had names and phone numbers and some addresses.  According to what I've read the Win32/Kovter.C Trojan is primarily designed to steal personal information from the user such as bank login information and other such.  But I did see some brief phrases that led me to believe that it might search files on the hard drive for the kind of information I have in the file.  The file is a password protected zip file, if that makes any difference.  
My concern is whether the information in the file, there are no birthdays or other sensative information, puts people at much risk for identity theft and how likely it might be that the malware found it and sent it somewhere.  I didn't see anything in my research that said that others might be at risk, i saw lots of statements about the personal data of the computer user being at risk.  
I'm not sure if i should warn people.  I haven't been in touch with many of them for years.
If there is a more appropriate place to discuss this question, please let me know.
Thanks for information and comments.

Read other answers
RELEVANCY SCORE 68.4

What is HIPS (Host-based Intrusion Prevention System) in a firewall? What does it do? Is it something that would be good for a home WiFi network?

What is Identity Theft protection in a firewall? It sounds like something that shouldn't be necessary if you practice safe computing. Is it something that protects information stored on your computer like credit card numbers? Or is it for the act of transmitting credit card data to a website, like when shopping online?

One of the free firewalls I'm looking at charges for the pro version which has Host-based Intrusion Prevention System and Identity Theft protection. I'm just not sure if it's worth it. It would cost $20 per year.
 

A:HIPS and Identity Theft protection in firewalls

Vendors use the term HIPS for a wide range of protection mechanisms. For example, watching and preventing applications inserting something into the registry key HKLM ....run can be considered HIPS. Or it could prevent malware from inserting modules to monitor your keystrokes.
More layers of protection is good, until they start bothering you so much that you have to turn it off. You shouldnt think that a home network has less to protect than a business network. You do on-line banking, online shopping and read private email on your home machines; and those are worth protecting.
 

Read other 1 answers
RELEVANCY SCORE 68.4

I honestly don't know what is wrong with my computer or what any of it means. I followed the steps on this website after my dad showed it to me. My computer was running fine, it was just slow, until about a week or so ago when I was on a website that had font downloads for blogs. All of the sudden something called "Personal Internet Security 2011" popped up and has been telling me that my computer is infected with all sorts of viruses and Trojans and that it is detecting identity theft attempts? I have no idea where this program came from...I have tried to remove it and uninstall it to no avail. I honestly have no clue what any of it means or what I should do about it. Please help.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Lauren at 14:22:51.51 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.893 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Personal Internet Security 2011 *Enabled/Updated* {0164986F-E763-4F24-AD66-C721A2E99226}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS�... Read more

A:Infected with Trojan and Identity theft attempts?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

Hi all,

Ok this is VERY wierd and concerning...here goes

Last week I somehow received a Trojan and just ended up reformating via the winxp cd...I normally delete my arrays and format my 2 hard drives then format/install winXP...but it was late at night and didnt want to go through a more lengthy process..

BUT anyhow on to my issue...I received a phone call from best buy and Dell saying they received a credit app in my name (which I never sent) Also my dell preffered account email address was updated (again I never changed)

The wierd thing was is that when I came home that night I found IE page up and it was on Circuit City's credit page saying "We have received your credit request but are unable to process at this time, blah, blah, blah"

Also all my desktop icons were rearranged in a diagonal line from corner to corner and my history/cookies, etc deleted.

My first guess is remote access to my pc...

I use Mcafee, standard win firewall, win defender and have never had an issue in all my years.

Also I recently moved and was forced to switch my cable service to timewarner roadrunner....so within these 2 weeks of using them I have received a trojan and been "hacked"
It could be a coincidence and TW told me they saw no activity or remote access-

And seeing that I had just recently reformatted I didnt have any personal info on my pc (never do though)

Any thoughts would be great!!! I have recently pulled my cable from my pc and changed any and all ... Read more

A:Identity theft?!?! Remote access issue?

Read other 8 answers
RELEVANCY SCORE 68.4

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). http://news.netcraft.com/archives/2006/06/...tity_theft.html

A:Paypal Security Flaw Allows Identity Theft

Well that's no good. I just used Paypal the other day to donate $20 dollar to this site and now you tell me this. So do you recommend closing my paypal account or can they only access my information when I'm actually using it?

Read other 3 answers
RELEVANCY SCORE 68.4

New identity theft insurance is free for consumers;

Identity theft is a huge problem in America today.

In 2015, 13.1 million Americans were victims of identity theft, according to an Identity Fraud Study by Javelin Strategy & Research. New account fraud increased by 113% in 2015.

Companies that provide identity theft insurance do not generally pay the victims of identity theft, but rather reimburse the costs that may incur in restoring the identity and credit.

Identity theft insurance companies provide a great range of services. Some will put fraud alerts on your credit report for when someone attempts to use your credit. But frankly, fraud alerts are often ignored and there is no penalty on a company granting credit without contacting the consumer after a fraud alert. Other companies monitor your credit report on a regular basis.

It should be noted, however, that for less than the cost of any credit monitoring service, you can place a credit freeze on your credit reports so no one can get access to your credit report without your PIN. For more information about credit freezes, see my previous column.

Some of the things you should consider in deciding whether or not to buy identity theft insurance include:

1. The cost of the policy.
2. What services do you get for the cost? Will they merely reimburse you for the costs involved in recovering your identity or will they assist you in doing the work necessary to restore your identity and your credit?
3. Is there ... Read more

Read other answers