Over 1 million tech questions and answers.

Possibility of identity theft?

Q: Possibility of identity theft?

Hello!

I was not entirely sure where to post this topic so I chose this forum seeing as it seemed the place to put it.
Anyways my mom is not the most technologically smart person in the world, and she knows nothing of phishing attacks.
I literally just caught her like 15 minutes ago filling in information to a "WalMart Gift Card" site. She did this
by using the Bing! search engine, searching WalMart, and clicking on the "sponsored" link that said "Official WalMart"
website. After this she said she filled in information, and decided to stop because it asked for her cell phone
number. Being the paranoid generalized anxiety disordered person I am, I got really worried that she might have given
more information that she was willing to tell me. (She claims she only gave her address and name, but I don't believe her,
as well as don't believe her when she told me it was the first time she ever did this sort of thing). So, my question is,
is there any possibility of identity theft? Should I be worried? I know that some websites can retrieve information without
having a new page loaded or a continuation of the "information process" (although she did hit the continue button anyways).
Thanks to anyone who helps me out!
Andrew

RELEVANCY SCORE 200
Preferred Solution: Possibility of identity theft?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Possibility of identity theft?

Can you find back the URL of the presumed phishing site? For example by looking into the browser history?

Read other 4 answers
RELEVANCY SCORE 106.8

Hi and thanks in advance for any help your able to provide me.

It started when my pc began running slower than usual. Later I was being redirected from google search queries. Soon I noticed my computer's start up taskbar had a different arrangement of programs listed, including a virtual keyboard that I've never used, and when I tried to see my program files I saw nothing. I was using antivirus software at the time, but I've recently uninstalled it, as well as all other programs I wasn't sure would be in compliance with the standards set by this forum. I've also removed all image mounting software, p2p software, and anything else of a questionable nature from my pc, and I do not intend to use them ever again, I've learned my lesson with the problems that I'm having now.

I purchased kaspersky pure total security from my local wal-mart, because it came down to my entire desktop being empty save for a false anti-spyware program labeled "defender.exe" which would auto run, perform a false scan listing false trojans/worms/etc (WinBlaster32), and decline all attempts at ending the process from the task manager by automatically closing it before I had a chance. So I rebooted in safe mode, deleted defender.exe, then rebooted in normal mode and installed kaspersky with the C.D. since then I've removed multiple problems and my computer is running somewhat smoothly again, but I feel there is a backdoor that kaspersky is unable to remove by conventional methods which is spe... Read more

A:Identity theft possibility, disinfection necesarry

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by John at 12:24:56 on 2011-09-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1927 [GMT -5:00]
.
AV: BitDefender Antivirus *Enabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Common Files\InfoWatch\Cr... Read more

Read other 9 answers
RELEVANCY SCORE 70.8

So yesterday i became part of the statistic of people who fallen into identity theft. Someone got my account information and transfered a large sum of money out of my bank account. I was wondering if it is possible to detect key loggers or any other type of software that may have leaked this information. I understand that it may not have to do with something off my computer but i have reason to believe they obtained my login information which could only be taken from this computer. Any help is greatly appreciated.

here is my log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:17 PM, on 9/25/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files (x86)\Malwarebytes' ... Read more

Read other answers
RELEVANCY SCORE 70.8

DDS (Ver_09-03-16.01) - NTFSx86
Run by eMachine at 13:53:46.79 on Tue 08/01/2006
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.3325.2480 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\WINDOWS\ModPS2Key.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:... Read more

A:Identity Theft

BUMP, please

Read other 19 answers
RELEVANCY SCORE 70.8

Hi, i got in this evening and my old man had had Paypal fraud investigators on the phone, asking him if he had made any large transactions this evening.

turns out someone has got into his ebay account, changed his email address and house address (without him receiving an email to confirm?)
then they have paid using his paypal account, and they had changed the address there as well, and registered a different credit card (although still using his name!)

no information of these changes were sent to his original email address, so i am wondering have they got access to everything on the PC (emails, passwords (norton password manager) etc )

he says he never clicks on links through emails unless he knows the source but i couldn't be sure about that.

i did a spybot search and it found Win32.Agent.PZ, and i have seen this linked to fraud in one brief google search.... as you can see urgent help is needed to know what these scum bags know and how they got the info.

here is the highjack this log (don't know if i have the latest version but here it is anyway)

please let me know if you need anything else, thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 23:23:53, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syst... Read more

A:possible identity theft help please!!!

just done an ad-aware scan and found some nasty key-logging type trojans! with a Tac rating of 10

question about key loggers; can they recognize astrixed characters where the password has been automatically filled by Norton Password manager (and/or google Autofill) i think i know the answer

also is there anyway of finding out what has been recorded and/or sent by these things?

thanks
 

Read other 1 answers
RELEVANCY SCORE 70.8

Hey folks,
Well, I found a charge on my paypal account for about $2200.00. Someone in Moscow tried to buy a very nice camera. Anyway-- I resolved all that and it caused me to take a very close look at my PC. I ran a virus scan and came up with 30+ warnings. These are all files that cannot be accessed by my virus scanner.

I'm using AntiVir PersonalEdition Classic with its updated files. I've copied the log below. Let me know if there is any other information that may be helpful.

Are any of these files malicious or am I alright? I greatly appreciate any help you all can provide.

Thanks a lot.
AntiVir PersonalEdition Classic
Report file date: Tuesday, August 14, 2007 13:29

Scanning for 1019984 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Jeremy
Computer name: JEREMY

Version information:
BUILD.DAT : 247 14437 Bytes 5/10/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 4/20/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 3/27/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 3/27/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 3/19/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 19:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 7/10/2007 15:13:41
ANTIVIR2.VDF : 6.39.0.226 1223680 Bytes 8/10/2007 00:03:14
ANTIVIR3.VDF : 6.39.1.0 158208 Bytes 8/14/2007 16:55:21
AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 8... Read more

A:Identity Theft-- What got me?

Hey guys. I posted early yesterday and realized that many prefer to have a hijackthis log. I've since downloaded a number of spyware programs and detection programs. I've also picked up a rootkit revealer. Unfortunately, I'm not 100% sure how to use it.

Anyway, a bit of back story-- came home from a trip and found that someone had accessed my paypal and my hotmail. They'd purchased a $2000.00 camera and had it shipped to Moscow. I'm not longer out cash, but I need to find out how they got my info to begin with. Your help would be incredibly appreciated.
Thanks!

The hijackthis log follows (I can include other logs if you'd like).
Logfile of HijackThis v1.99.1
Scan saved at 3:09:46 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Softw... Read more

Read other 1 answers
RELEVANCY SCORE 70.8

Well I am back again...I do not know what to do.. I now so bad I cannot even get a secured loan..I am pretty sure that most scans will not show much..I will send you the hard drive if that is what it will take..I think probly better not to start rambling a bunch of problems .. I have had a few threads closed here.. Is there anyone that can work with me...

Read other answers
RELEVANCY SCORE 70.8

Two emails showed up in my Hotmail inbox this morning that I don't understand and don't know how to deal with.

One was from the postmaster advising that delivery of "my" email to [email protected] failed. But I never sent any email to that address. The email showed the following as the email in question:

"From :
<[email protected]>

To :
[email protected]

Subject :
Re: Your archive

Sent :
Thursday, March 11, 2004 9:42 AM

Attachment : DELETED0.TXT (160 bytes)
Your document is attached."

When I tried to open the attachlment, I got this:

"File attachment: your_archive.pif
The file attached to this email was removed
because the file name is not allowed."

The second was from [email protected] to lmy email address, [email protected]. It said:

"Content violation found in email message.

From: [email protected]
To: [email protected]

File(s): your_archive.pif

Matching filename: *.pif"

I have no idea what this is all about. I feel like I should report this to someone but I don't find a way to contact hotmail about it. (Maybe all I need to do is to change my password.)

Anyone have any thoughts? Thanks, grandpaw7
 

A:Identity Theft

Problems you specify are consistent with the netsky virus, i trust your own anti-virus scanner is up-to-date.
Usually means you are in someones address book who has netsky (or one of its variants) infecting their computer, virus passes on to full address book spoofing the sender (using someone else from the address book as the sender), that is why you got the undelivered mail warning.
To be sure update your anti-virus and check computer, then forget it as you can't do anything about someone elses computer.
 

Read other 1 answers
RELEVANCY SCORE 70.8

I have a friend that has security problems...how can I get to the registry to view any suspicious activity?
 

A:Possible Identity theft

Read other 7 answers
RELEVANCY SCORE 70.8

Hi all

On 2001 I sent a Yahoo email to enquire about alternative mdicine product in USA. When I googled my name I found a copy of the enquiry on http://www.greenspun.com/bboard. When I contacted them to protest I have been told it is up to webmaster. Two weeks ago I opened a hotmail email address & found out that the same ULR with the same enquiry printed my hotmail address instead of the Yahoo one.
Whom shall I complain to?
 

A:Identity theft

Read other 16 answers
RELEVANCY SCORE 70.8

In October of last year I found that someone got my credit card number and tried to purchase items with it online. This was taken care of with the credit card company but I'm wondering if there is still some kind of access to my computer going on. I'm running Windows 7 64 bit and have Avast internet security. I use usatoday.com as my home page and on it there is a personalized weather column. This keeps changing to McLean, Va but I live in Michigan. I change it and within a day it goes back to the other location. I have downloaded and ran hijack this. It tells me that my system does not let it have write access to the host file. I also have run spybot and there is no problems showing up. I have included my hijack this and hope there is something that can be figured out. Thanks!

A:Possible identity theft

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437235 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 70.8

I get a strange email today saying I authorized over 600$ from my paypal account to a website called DHGATE.COM. I did not authorize this at all!

I went to paypal and put in a claim saying I didnt authorize this transaction. Paypal asked me to change my password, and said my account is frozen for the time being.

Im wondering if I someone got infected by a trojan/keylogger? Any help appreciated.. I did the netstat -n in command prompt and may have noticed some strange connections...


DDS
------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.0
Run by Davey at 22:10:26 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1682 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k n... Read more

Read other answers
RELEVANCY SCORE 70.8

Hello,

My mother in law was called by a company she was told was kaspersky. They said her computer had been infected by an FBI virus, and told her the computer was compromised by hacking. She said they asked her to allow them to access her computer for a fee and they would fix it. She agreed but says she did not make any changes to her computer to allow them access, they just had access and started the process. She could see them going in to her computer and creating files etc. I'm just hoping there is a way to see and delete any files that could allow them back in to her computer. Thanks so much for your help in advance. Here is the log and I have attached the attach.zip but i didn't see an ark file.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Patricia at 16:26:16 on 2012-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2877 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\... Read more

Read other answers
RELEVANCY SCORE 70.8

Recently, I have had my personal particulars stolen, leading to me losing a considerable amount of money. I believe someone had stolen the information from my past internet transactions, though i do not know how. Any help would be appreciated.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 7:47:49.96 on Sat 12/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1695 [GMT 8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.e... Read more

A:Identity Theft

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 70.8

This morning I got an email in my Spam folder that my SSN has been compromised in a Dark Web. It did know my first name. I don't know what to make of it...is it a Scam? and what exactly meant by a dark web? When I clicked on the button for more info, it opened to what looked like a company that offers identity protection, which makes me believe that this is a hoax, but using my name has me a bit nervous. Has anyone else received such notice?
 

Read other answers
RELEVANCY SCORE 70.8

Hi i just recently found 3 charges to my credit card that i never did. So i called the company who listed these 3 charges and the thief has charged me 3 times to an adult website. This would mean he has my credit card number and pin number. I was wondering if anyone could help me by taking me through the steps to see if their are keyloggers, viruses, spyware etc. on my computer. Thanks and here is a hijackthis log ::::Update I just scanned with AVG antivirus and found trojan horse backdoor agent IQL, im atempting to delete it Please help fast!!!:::::::$$$$$Ok i am goign to consider reformatting the labtop so i can make sure its 100% clean... So how should i go about saving my data (music/docs), is scanning the cd on the new reformatted computer with a antivirus enough for it to be clean? Also i have an ipod, i have been using it for a while, would it have been infected too somewhere on the hd? what should i do to fix it? thank you$$$$$$$HERE IS A SCAN LOG OF SOPHOS IF IT IS HELPFUL!!!1Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos PlcStarted logging on 5/6/2007 at 13:39:08 PMStopped logging on 5/6/2007 at 13:47:20 PMSophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos PlcStarted logging on 7/17/2007 at 23:21:19 PMWarning: Failed to query live registry key \HKEY_USERS.You may not have access rights to the whole registry. Incorrect function.Hidden: registry i... Read more

A:Identity Theft

Hi Vince86,I'm really sorry to hear about what has happened. In my opinion you should just go ahead and reformat and get it over with. Even tho it is possible that you lost your credit card details in another way--for example, someone may have fished a receipt out of the trash or an unscrupulous employee saved your data when you used it to purchase something--computers infected with backdoors have become epidemic in the last year and the only way to be 100% sure is to wipe your hard drive and reinstall Windows.The following articles may help with how to do that and making the decision.How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I ReinstallHelp: I Got Hacked. Now What Do I Do? Part IIYou've already gotten some of this advice in your Am I Infected topic: http://www.bleepingcomputer.com/forums/t/100420/trojan-horse-backdoor-agent-iql-identity-theft/Reformatting is a pain, but when you do that be sure to secure your system first before getting on the net again. For further info on what you need and how you may have gotten infected, see How did I get infected?, With steps so it does not happen again!You had the basics covered, but I noticed in some of your previous posts that you have Limewire installed and you are worried about losing your music. While P2P programs can be used legitimately, their use is a major avenue for distributing malware. Cracks and free music and other media you actually pay for one ... Read more

Read other 24 answers
RELEVANCY SCORE 70.8

I have tried to mark in bold the identifying characteristics of a computer botnet that has taken over this system. If you are not familiar with the term, Google it. "Zombie net" is another term.First clue: Second line of your log, "WinNT 5.01.2600". That is a NETWORK/b] Operating system system -- not XP and this computer is a workstation of an identity theft perp. The system is hidden, but it can be unhidden under the "view files" features in Windows."lsasse.exe" is a backdoor worm which allows the network operator complete control of your system, mines for passwords, identity information, deletes and replaces files -- a very critical one to find in a system. Google it as well as all other processes on start up.This particular operator exploits IRC channels, incorporating MSN messenger and other chat systems to run in the background. He mines the desktop as well and attaches spyware tools as browser helpers to IE. He collects credit card numbers, bank account numbers, etc. So you can figure out what the purpose is of this network. Because when this botnet is installed the remote "Administrator" keeps full control over the system, you cannot delete system files without their coming back. Any reinstall of your operating system will be subordinate to the master Network. If you try to remove any of the critical worms and trojans like "lsasse.exe", your system will crash and you will have to reboot. Your memor... Read more

A:Identity Theft

[quote]First clue: Second line of your log, "WinNT 5.01.2600". That is a NETWORK/b] Operating system system -- not XP and this computer is a workstation of an identity theft perp. The system is hidden, but it can be unhidden under the "view files" features in Windows.[/quote]Totally false. That is the version number of your updated windows. It should be that number![quote]"lsasse.exe" is a backdoor worm which allows the network operator complete control of your system, mines for passwords, identity information, deletes and replaces files -- a very critical one to find in a system. Google it as well as all other processes on start up.[/quote]Lsasse.exe could very well be a backdoor worm. There is, though, a perfectly legitimate C:\WIndows\System32\lsass.exe file. Make sure you are comparing the spellings correctly.[quote]If you also run WinUtilities, it will clearly disclose your machine is in a network and a workstation now.It will report autoexec.bat and config.sys files as = "0" bytes. The program configuring your system is now "Config.NT".[/quote]Almost all installations of XP and Vista have zeroed out autoexec.bat and config.sys files. They are just not used anymore. I have em and all my vmware test boxes have em.As for Config.nt, this is the standard practice now. Nothing suspicious here.[quote]I have tried to bold some of the tell tale signs of this network on your HJT log. These are not all the... Read more

Read other 1 answers
RELEVANCY SCORE 70

I recently found out that a bulk email was sent out to people in my address book ( it appears to be my address book from another time) and appears to be from me but I did not send it. The address that shows in the sent from address bar is [email protected]( i do not have a valp.org email) . There is a clickable link in the email. It is signed by me at [email protected] ( i do have that aol email address). How do I find where that is coming from and stop it from happening again? I am able to obtain a copy of the email if that would help. I do not have the exact same names in my present address book in outlook express. I don't see any addresses saved in Aol. I have a mail envelope in my internet explorer that will no longer let click it.
 

Read other answers
RELEVANCY SCORE 70

On July 7th an intrusion took place on my machine that allowed a user in Singapore to access information that specifically led them to e-commerce sites that I had visited giving them access to my accounts. (Amazon.com, Zazzle.com, ShopStarWars.com and MBNA Credit Card site) :evil: Orders were placed but nothing was shipped thankfully.

I am running Norton Internet Security 2004, SpyBot v 1.3 updated 8.11.04 and HiJack This v 1.98.2.

Spybot cleared off several tracking cookies and the last step I feel to have a review of my HiJack This log.

Any help provided in reviewing this information will be greatly appreciated!

Here is the log I ran today;

Logfile of HijackThis v1.98.2
Scan saved at 9:40:49 AM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ge****c.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\WINDOW... Read more

A:HiJack This Log and Identity Theft

Welcome to TSF.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop or Temp folder. This is required because HijackThis will create backups and we don’t want them to be deleted.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):

C:\WINDOWS\notepad.exe

Make sure to close any open browsers you have. Check and fix the following in HijackThis (make sure not to miss any):

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FD... Read more

Read other 1 answers
RELEVANCY SCORE 70

Where can I get identity theft protection? I had my purse stolen, and I am very concerned about someone using my identity.
 

A:Where can I get identity theft protection?

You need to call the 3 credit bureas..Experian, TransUnion and Equifax and put an initial fraud alert on your report. You can do so over the phone.
 

Read other 2 answers
RELEVANCY SCORE 70

Hi,

My brother strongly recommended this site for fixing my problem. A few weeks ago my bank card was zapped by a few fraudulent charges. I went through the process of cancelling the card and ordering a new one. Then this morning I was contacted a second time about charges made to a different credit card! The only connection I can make between the two is their use to pay bills and purchase items on my home computer. I am running Windows Vista 64bit. I have previously run the latest versions of Avast! virus scan, Malwarebytes anti-Malware software, and Spyware Terminator, but I've had no success in locating anything malicious. Can you help me make sure my system is clean?

- Geldeth

A:Identity Theft--is it my computer?

Since this is rather sensitive subject you'll do better with some more advanced checks...Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 2 answers
RELEVANCY SCORE 70

My poor wife may have been hacked today and I am trying to figure out how or if it's just random events that seem like she's been attacked. Our son is home sick and she was home with him all day. She posted some photos on Facebook and within in 30 minutes the following happened:

1. Paypal said a transaction for a small amount had been approved.
2. She got e-mails from Facebook and TurboTax asking for temporary password resets.

She was able to have paypal stop the payment, they had flagged it before she called.
Facebook said the user logging into her account was in Jakarta (Screams IP mask or VPN) but she got that reset.

Biggest concern now is do they have all of our banking and financial records? Should we reset all passwords to all of these things? Or is this a random phishing attempt gone wrong. So far, since this happened about 10 hours ago, there has not been any credit card or banking activity that is not our own.

Very Bizarre. I've checked and reset our router to make sure that had not been hacked. Trying to figure out how they got access to those random things and if we should be worried.

Please help.

A:Identity Theft Attempt

Biggest concern now is do they have all of our banking and financial records? Should we reset all passwords to all of these things?Change all passwords to all accounts, and the passwords to any and all email accounts associated with any other accounts. This should be done from a clean computer, and not the one we're scanning for possible malware.It would also be a good idea to call and check with companies concerning any accounts you may be worried about.As for any malware being on your machine, let's see this:I know it looks like a lot, but it's really just a lot of text asking for only 5 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that ico... Read more

Read other 11 answers
RELEVANCY SCORE 69.2

hello there people,
 
i have recently found out that 1 in 30 people are subject to identity theft, so this is an importaint matter to discuss.
 
can you be attacked by identity theft if you have bad credit?
 
thanks,
 

A:Can you be attacked by identity theft if you have bad credit?

Yes, no matter what your credit history is, can be a victim of identity theft.  Tax time here in the US is a perfect example.  With your identity they can file a fake tax return using your information, normally for an amount much larger than you would actually be entitled to receive. 

Read other 33 answers
RELEVANCY SCORE 69.2

Am a beginner please show me the steps to get these viruses off...Please help me i have trojan viruses...Fraud block keeper,Fraud sys guard much more...this virus blocks system access,blocks from uninstalling programs and antivirius programs...
 

Read other answers
RELEVANCY SCORE 69.2

Learn how to protect yourself from identity theft.

Did you know that there are numerous steps you can take to protect yourself against identity theft besides just checking your credit report? Here, we talk with an expert and offer tips on what regular people can do to ensure their identities stick with them instead of other shady characters.

-- Tom
 

Read other answers
RELEVANCY SCORE 69.2

Hi i was just a recent victim of identity theft and someone charged unauthorized payments on my credit card. I ran a virus scan and found a trojan called Trojan Horse Backdoor Agent Iql.

So i deleted it but people have told me that i should REFORMAT my hard drive which i could do but i wouldn't know how to reinstall all the drivers or where to look for them.

If anyone has advice please post how i would get all the drivers and (music/documents) off my computer and reinstall on a clean reformatted one. If i put my music onto a CD wouldnt it be infected if the trojan is still on my computer? so how would i prevent it from reinstalling on a fresh computer if i stick it into the cd drive? would it instantly infect my computer? I have a dell inspiron 9200 laptop and i looked on dells website for drivers and it doesnt seem to have a whole lot. So please help here is a hijack log if someone thinks it can be cleaned instead of reformatted!!!! thanks

HERE IS A SCAN LOG OF SOPHOS IF IT IS HELPFUL!!!1

Sophos Anti-Rootkit Version 1.3RC (data 1.06) 2006 Sophos Plc
Started logging on 5/6/2007 at 13:39:08 PM
Stopped logging on 5/6/2007 at 13:47:20 PM
Sophos Anti-Rootkit Version 1.3RC (data 1.06) 2006 Sophos Plc
Started logging on 7/17/2007 at 23:21:19 PM
Warning: Failed to query live registry key \HKEY_USERS.
You may not have access rights to the whole registry.
Incorrect function.
Hidden: registry item \HKEY_USERS\.DEFAULT
Hidden: registry item \HKEY_USERS\S-1-5-21-1929307... Read more

A:Identity Theft Recent Victim

please close down this thread,
 

Read other 1 answers
RELEVANCY SCORE 69.2

Hello
My computer has been acting strange for some time. On August 22 while in Google accounts, the app warned me of authorization problems of some kind. I immediately turned suspicious. I ran a Malwarebytes scan and found 15 errors. I attached the log. I've also noticed some of my files and programs having multiple user groups: SYSTEM, Account unknown(S-1-5-21-1331788295-3651318079-3772849865-1000), Mihkel, Administrator, Administrators, INTERACTIVE. Some files have more "Account unknowns" and the malware found with Malwarebytes had two executables with almost the same name as unknown accounts under user security. I also experience random spikes in resource monitor for disk usage and network activity, even when the computer should be idle.
 
Looking forward to your help
Mihkel

Read other answers
RELEVANCY SCORE 69.2

This is incredible. For me, the war has just been turned up one more notch with regard to spammers and their lowlife antics.

I've had an Email account hijacked!

Like many people I maintain a "throw away" email account with Yahoo. Its use is to provide a not-too-personal addy for nosey outfits that feel they need to reach me. As we all soon learn - a carelessly given email addy quickly gathers spammers. The account in question here is one of 2 I routinely use .. both are several years old. One of them has been broken into and anybody that knows a thing or two about finding the cretin that did it shall get all info I possess to that end. I really have grown to hate the spys and the spammers. I will take the blame for only having a 6 character password on the account - I assume it was attacked and broken by brute force ... it's not a word, it uses numbers and letters, it's NOW changed to 12 characters, btw.

I would not know this was done IN MY NAME, but luckily some of the spam sent out through my account was tossed back as unmailable by various ISPs. I was alarmed to find many, many of these "return to sender" messages in that mailbox. It's all occured within the past week or so - since my last mail check.

Here's a sample of what is being mailed:

"Hey whats going on this is Jenny from Match.com . I havent heard from you in a while, I was wondering if you were still interested in getting together. My subcription there ran ou... Read more

A:Identity theft at YAHOO - spammers must die

Read other 11 answers
RELEVANCY SCORE 68.4

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). http://news.netcraft.com/archives/2006/06/...tity_theft.html

A:Paypal Security Flaw Allows Identity Theft

Well that's no good. I just used Paypal the other day to donate $20 dollar to this site and now you tell me this. So do you recommend closing my paypal account or can they only access my information when I'm actually using it?

Read other 3 answers
RELEVANCY SCORE 68.4

New identity theft insurance is free for consumers;

Identity theft is a huge problem in America today.

In 2015, 13.1 million Americans were victims of identity theft, according to an Identity Fraud Study by Javelin Strategy & Research. New account fraud increased by 113% in 2015.

Companies that provide identity theft insurance do not generally pay the victims of identity theft, but rather reimburse the costs that may incur in restoring the identity and credit.

Identity theft insurance companies provide a great range of services. Some will put fraud alerts on your credit report for when someone attempts to use your credit. But frankly, fraud alerts are often ignored and there is no penalty on a company granting credit without contacting the consumer after a fraud alert. Other companies monitor your credit report on a regular basis.

It should be noted, however, that for less than the cost of any credit monitoring service, you can place a credit freeze on your credit reports so no one can get access to your credit report without your PIN. For more information about credit freezes, see my previous column.

Some of the things you should consider in deciding whether or not to buy identity theft insurance include:

1. The cost of the policy.
2. What services do you get for the cost? Will they merely reimburse you for the costs involved in recovering your identity or will they assist you in doing the work necessary to restore your identity and your credit?
3. Is there ... Read more

Read other answers
RELEVANCY SCORE 68.4

recently my virus scanner went down (trend micro) for an unknown reason and i dont know whats going on. my background wallpaper is a picture of some spyware alert thing, and when i try to use spybot, my computer restarts and i get a bluescreen and have to restart it again. then, when i get to log back in, windows warns me of activity of trojan-spy.HTML.bankfraud.dq and trojan-spy.win32.keylogger.aa. so right now i am completely vulnerable. here is my HJT log. please help me fix my computer and get my virus scanner and spybot working.

Logfile of HijackThis v1.99.1
Scan saved at 12:05:58 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Viewpoint\Viewpoint Manag... Read more

A:Huge problem + possibly identity theft?

a little help please?
 

Read other 2 answers
RELEVANCY SCORE 68.4

Hi all,

Ok this is VERY wierd and concerning...here goes

Last week I somehow received a Trojan and just ended up reformating via the winxp cd...I normally delete my arrays and format my 2 hard drives then format/install winXP...but it was late at night and didnt want to go through a more lengthy process..

BUT anyhow on to my issue...I received a phone call from best buy and Dell saying they received a credit app in my name (which I never sent) Also my dell preffered account email address was updated (again I never changed)

The wierd thing was is that when I came home that night I found IE page up and it was on Circuit City's credit page saying "We have received your credit request but are unable to process at this time, blah, blah, blah"

Also all my desktop icons were rearranged in a diagonal line from corner to corner and my history/cookies, etc deleted.

My first guess is remote access to my pc...

I use Mcafee, standard win firewall, win defender and have never had an issue in all my years.

Also I recently moved and was forced to switch my cable service to timewarner roadrunner....so within these 2 weeks of using them I have received a trojan and been "hacked"
It could be a coincidence and TW told me they saw no activity or remote access-

And seeing that I had just recently reformatted I didnt have any personal info on my pc (never do though)

Any thoughts would be great!!! I have recently pulled my cable from my pc and changed any and all ... Read more

A:Identity theft?!?! Remote access issue?

Read other 8 answers
RELEVANCY SCORE 68.4

I honestly don't know what is wrong with my computer or what any of it means. I followed the steps on this website after my dad showed it to me. My computer was running fine, it was just slow, until about a week or so ago when I was on a website that had font downloads for blogs. All of the sudden something called "Personal Internet Security 2011" popped up and has been telling me that my computer is infected with all sorts of viruses and Trojans and that it is detecting identity theft attempts? I have no idea where this program came from...I have tried to remove it and uninstall it to no avail. I honestly have no clue what any of it means or what I should do about it. Please help.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Lauren at 14:22:51.51 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.893 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Personal Internet Security 2011 *Enabled/Updated* {0164986F-E763-4F24-AD66-C721A2E99226}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS�... Read more

A:Infected with Trojan and Identity theft attempts?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

What is HIPS (Host-based Intrusion Prevention System) in a firewall? What does it do? Is it something that would be good for a home WiFi network?

What is Identity Theft protection in a firewall? It sounds like something that shouldn't be necessary if you practice safe computing. Is it something that protects information stored on your computer like credit card numbers? Or is it for the act of transmitting credit card data to a website, like when shopping online?

One of the free firewalls I'm looking at charges for the pro version which has Host-based Intrusion Prevention System and Identity Theft protection. I'm just not sure if it's worth it. It would cost $20 per year.
 

A:HIPS and Identity Theft protection in firewalls

Vendors use the term HIPS for a wide range of protection mechanisms. For example, watching and preventing applications inserting something into the registry key HKLM ....run can be considered HIPS. Or it could prevent malware from inserting modules to monitor your keystrokes.
More layers of protection is good, until they start bothering you so much that you have to turn it off. You shouldnt think that a home network has less to protect than a business network. You do on-line banking, online shopping and read private email on your home machines; and those are worth protecting.
 

Read other 1 answers
RELEVANCY SCORE 68.4

This is my first post.  I hope this is the correct forum for it, I couldn't find any other that seemed appropriate.
I recently had the Win32/Kovter.C Trojan on one of my computers for a short time.  My concern is that I had a file on the computer that had names and phone numbers and some addresses.  According to what I've read the Win32/Kovter.C Trojan is primarily designed to steal personal information from the user such as bank login information and other such.  But I did see some brief phrases that led me to believe that it might search files on the hard drive for the kind of information I have in the file.  The file is a password protected zip file, if that makes any difference.  
My concern is whether the information in the file, there are no birthdays or other sensative information, puts people at much risk for identity theft and how likely it might be that the malware found it and sent it somewhere.  I didn't see anything in my research that said that others might be at risk, i saw lots of statements about the personal data of the computer user being at risk.  
I'm not sure if i should warn people.  I haven't been in touch with many of them for years.
If there is a more appropriate place to discuss this question, please let me know.
Thanks for information and comments.

Read other answers
RELEVANCY SCORE 67.6

Stealing Social Security Numbers is not identity theft?.

This is a must read!

-- Tom
 

A:Stealing Social Security Numbers is not identity theft?

Read other 12 answers
RELEVANCY SCORE 67.6

I recently have been having a black box pop upbriefly in the upper right hand corner.  It covers roughly the upper left corner of the screen.  It goes away quickly before I can see what it says.  Most recently it popped up when I was trying to change a password for steampowered.com. 
 
More worrisome I have had my amazon, yahoo, and steam account hacked recently.  Are these two things connected? 
I'm running win 7 and using security essentials.  It recently found a trojan dropper?  Supposedly it took care of it.
 
Would someone be able to walk me through the steps on finding a soulution to this?  Thanks so much for your time and consideration.

A:Black box popup coupled with recent identity theft

Hello Jimmy
I think it best just to repost and get a deeper look at what is going on.
Please follow this Preparation Guide and post in a new topic in the forum containing the Prep Guide..
Let me know if all went well.​

Read other 1 answers
RELEVANCY SCORE 67.6

Hello again,

This post is a continuation from "Identity Theft--is it my computer?" http://www.bleepingcomputer.com/forums/topic454947.html
A few weeks ago my bank card was zapped by a few fraudulent charges. I went through the process of cancelling the card and ordering a new one. Two weeks later I was contacted a second time about charges made to a different credit card! The only connection I can make between the two is their use to pay bills and purchase items on my home computer. I am running Windows Vista 64bit. I have previously run the latest versions of Avast! virus scan, Malwarebytes anti-Malware software, and Spyware Terminator, but I've had no success in locating anything malicious. Can you help me make sure my system is clean?

As per your instructions in the prep guide, I backed up my data (to my wife's computer because I experienced an error every time I tried Cobian backup: ("ERR 2012-05-26 15:03 An error occurred when creating or refreshing the archive "G:\C 2012-05-26 14;52;52 (Full).zip": Cannot create file "\\?\G:\C 2012-05-26 14;52;52 (Full).zip". The system cannot find the path specified"), I made sure my firewall was up, I used DeFogger to disable any CD emulation software, and I ran DDS to create the log file below and the one attached. I did NOT create a GMER log since I'm running 64 bit.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112... Read more

A:Suspected Malware/Spyware--Identity Theft Victim

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 18 answers
RELEVANCY SCORE 67.6

Got 2 alerts for Identity theft using pass-the-ticket attack.

Checked with my network team for the IP's involved in the alert. I went through requested them to provide details over this IP.

Does the IP address of one or both computers belong to a subnet that is allocated from an undersized DHCP pool, for example, VPN or WiFi? 
Is the IP address shared? For example, by a NAT device?
--------------------------------------------------------------------------------------------------------------
Below is the network team reply: 
Please note that IP is part of subnet on Ballina Ireland Data VLan . It is currently DHCP free.

Please note that IP address is part Wireless Network 2 Atlanta Office Center.
It is currently DHCP free.

Is the IP address shared? For example, by a NAT device? NO.
---------------------------------------------------------------------------------------------------------------
Can this be the cause of the Alert ? It is currently DHCP free.
If not then what else I need to look for here.

Read other answers
RELEVANCY SCORE 67.6

Hi i just been charged 3 times on sum adult website for stuff i havent done. So i went on and cancelled my acct and put out a fraud alert. Now i scanned my computer today and found trojan horse backdoor.agent.IQL with avg antivirus. Its been happening since may 2007. I havent had the chance to put do a scan on spyware but i will soon. I have a few questions on what i should do now? Has my SSN been stolen??? i have recently tried applying for colleges and i put my ssn on the forms to be sent online. could this info have been stolen?? How could i have my credit card stolen? By keylogging, if so what do i do now? Please help me im so distressed i want to buy a new computer just to get rid of the virus. thank you!

A:Trojan Horse Backdoor Agent Iql (identity Theft)

You have to assume every piece of private/financial information has been retrieved from your computer by the backdoor trojan. All of it.The only sure way of knowing that this type of malware has been completely removed and left no access that can later be used to hack your computer is to wipe the drive and reinstall. You should change all passwords using a different computer and notify criedit cards, banks, paypal, etc. Here are two programs you can scan with and you should also post a Hijack This log.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------

Read other 17 answers
RELEVANCY SCORE 67.6

Last weekend I upgraded my company net from 100mg to 1 gig (new firewall/router; all new cabling). Small net: 4 machines/peer-to-peer. All machines are Win7 64 bit. We use my machine as a sort of server (not domain) for the accounting software (Quickbooks) as well as document files (all vendor invoices).

Let me make some defs so you can follow:

Workstation 1: my machine: hosts the accounting data base as well as all the scanned documents.
Workstation 2: one of the interior designers
Workstation 3: another one of the inter designers
workstation 4: retail store check out.

Routine plan: workstation 1 stays on all the time. Others shut off at end of day. In the morning, workstation 2 usually cranks up before others arrive.

Since upgrading the net, if we fail to launch workstation 4 AND connect it to the accounting database on workstation 1, workstation 3 takes on the identity of workstation 1 but doesn't host the accounting database causing workstation 4 to be unable to connect to the accounting database. (When you go to the network and click on workstation 1 you actually see the icons for workstation 2).

If I shut workstation 2 down (cold) then workstation 4 readily connects to the database on workstation 1. Once re-booted, workstation 2 happily goes about its duties.

Ideas????

A:Weird computer identity theft by local machine

Hi Masterscuba, welcome to sevenforums. Try setting up fixed ip settings in both your router(which probably has DHCP set) and the other machines. This could be caused by the DHCP server trying to "issue" ip addresses taht are already fixed in 1 machine(probably number 4)

Read other 1 answers
RELEVANCY SCORE 67.6

Hello,
We have ATA running for about 2-3 months now. Until now I had only fals alerts. That is good I think, but one thing is very annoying.
ATA "learns" what normal user behaviour is. We also have a quite large terminal server farm which daily produces a lot of false Alarms as users not always logon to the same server.
Is there a way to ignore, whitelist or whatever logons to our terminal server farm?
Thanks a lot for your help!

Read other answers
RELEVANCY SCORE 67.6

My daughter is donating her old pc running XP to a poor family in need of one that she does not know well. How to best erase the info on it to protect her security concerns? Is erasing all her programs, files and data secure enough. Someone told her the whole hard drive including the XP operating system had to be cleaned off or data she has erased can be receovered. Unfortunately she does not still have the XP disc that went with it. Any suggestions?
 

A:Hard drive erasing to protect against identity theft

Read other 9 answers
RELEVANCY SCORE 66.8

Intel Identity theft warning to enter the password, which user doent know. we have as repair shop just replaced the keyboard in HP spectre Notebook. and not system is not booting and getting the error. Not able to go in Bios and stuck at Intel Identity theft ? Is there any way to get rid of this as we dont have any clue with the password ?   thanks in advance 

Read other answers
RELEVANCY SCORE 66.8

Hello: I would appreciates everyone's help. Recent computer device is HP 2000 with Windows 8 that came with the package.
As a victim of intense cyber attacks (24/7) in connection to identity theft for over a year now, I have lost more than twenty email accounts, every accounts, and electronic devices destroyed. Despite repeated changes to WiFi IP address, hacker(s) continues to send harassment messages, compromising email accounts, etc.

It appears that malware are being sent discretely via applications, extensions, etc.

Despite of all, that I always use address with https, but to no avail.

I am currently in Central America. I am suspicious to these addresses (below) that appears in yahoo toolbar each time I attempt to access my new email account.
Can someone tell me or analyze these addresses below. Any advice welcome.

https://us-mg6.mail.yahoo.com/neo/launch?.rand=16id1sirnmgvl

https://espanol.yahoo.com/?p=us

https://login.yahoo.com/config/login?.src=fpctx&.intl=e1&.lang=es-US&.done=https://espanol.yahoo.com/
https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com

Thank you so very much for your help.
Somoz3
 

A:Hacked email accounts in connection to victim of identity theft

Changing your ip address would not deter hackers. They install software on your machine and it calls out to them, so no matter what ip address you use, they know the address.

Do you use pirated software? In many cases, spyware/keyloggers/hacker-ware is bundled with programs that you download via torrents and P2P programs. And you won't notice them because the program that you are installing works perfectly, except that it also includes spyware.

To get rid of the hackers, do a fresh re-install of a legit copy of Windows and dump all the programs you obtained through torrents. Try to find freeware or open-source software that does the job, Since you say the hackers always return, it probably is related to software you install. A fresh re-install of Windows ensures that there are no more malicious software hanging around in your system, After installing Windows, immediately go do Windows Update, do not use Internet Explorer while you are doing the updates, because it would be lacking important security patches until Windows Update completes. Be mindful that you have to repeatedly click on Check for Updates after each round of installation until it says there are no more updates, because MS install updates in batches, and there may be more updates to follow.

Next, go get the most up-to-date version of programs that you use. ( Like FireFox browser, Adobe Reader and Adobe Flash ) In most cases, the updated version fixes security flaws as well as add new features. Attackers... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

This may be a touchy subject but it is about internet security and how to protect yourself. This is NOT a post about the pros and cons of the adult industry. Ok, we're all adults here, and the online adult industry is a multi-billion dollar business. Some of us may visit "adult sites" from time to time. The problem with adult websites is that they are notorious for downloading spyware into your computer and some of it is malicious. That is why it is SO important to keep your computer security programs up to date. McAfee even has a "site advisor" feature which kind of helps to weed out sites that will send spam to your computer. If you visit adult sites, only visit ones that you know are legit. Here's the other thing that's quickly becoming a new, and scary problem. Child molestors who are computer savvy, are hacking into other people's computers and "hiding" their child porn files on their computers so that they don't have evidence of these files on their own computers. There have been stories of innocent people being arrested for child porn found on their computers that is not theirs. That is why a firewall and anti-spyware programs are so important. We have a computer that's connected to the Internet at work and I was amazed at how many of my coworkers are still so "in the dark" about internet security. We were getting unwanted porn site popups on our work computer because it did not have a firewall or anti-spy... Read more

A:Adult Websites, Kiddy Porn Hackers, And Identity Theft

Hello NikitaThese articles contain information and recommendations as to how to protect yourself: ? "Simple and easy ways to keep your computer safe".? "The Ten Most Dangerous Things Users Do Online".? "How did I get infected?, With steps so it does not happen again!". ? "Secure Your Home Computer - A guide for online users".

Read other 1 answers