Please Help

jman1972

Solid State Member
Messages
9
Location
Illinois
So here is the story and I really need help because i am so frustrated about whats going on. I have had my debit card information stolen 5 times in the last 2 months. When it started it was charges to Walmart.com for small amounts, 15-20 dollar increments, then I started to get charges from Neteler. It would literally happen 5 minutes after entered my debit card online. I was on secure websites, paying my water bill and so on. it never did it when I used my card at a retailer. So the bank wouldn't give me a debit card after the 4th time until I figured it out. I downloaded Malware bytes and Spy-bot, I had also been running AVG free as my virus protection. After running all of these programs some malware was found and cleaned. I ran the programs multiple times for a couple of weeks and found nothing. I contacted my bank and got my debit card back after proving to them i cleaned my computer. It has been working fine for a couple of weeks then Monday I noticed charges from Walmart.com and Neteler on my account again. The first charge was from Walmart in the amount of 30.00 then it was immediately credited back followed by 5 charges from Neteler for carious amount totaling close to 115.00. I scanned the computer with every virus protection and malware protection i had and it found nothing. I have called my internet provider and they said its not possible its them. I am using an HP computer, with Mediacom broadband 100gbps. The bank is n ow refusing to dispute the charges and will not ever replace my debit card. I am at the end of my rope. My sons prepaid debit card was also hit once but my wife's Visa credit card has never been compromised Please help.
 
No one else can not help You, only You itself can, because the problem is not in Your pc, the problem is in You. You must very deeply analyze own behaviour, the problem located there.
Think seriously, what have you done, and whether it was still the best solution, what You have used. None of the anti-virus can not detect it.
 
@OP:

Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/
I know you said you already scanned with this, but please run it to at least humor me.

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, run a scan with HiJackThis. Run it as Admin, pick the "scan and generate log" option, and then post the logfile here. Do NOT remove ANYTHING unless told to do so, as removing the wrong entry can damage your system. Download it from here:
HiJackThis | SourceForge.net

Fourthly: run the following two utilities:
TDSSKiller Download
Panda Anti-Rootkit Download

Report back what they find (if anything).

Fifthly, what browser are you using as your primary? If you're using IE, switch to Chrome or Firefox and install: uBlock Origin, EFF Privacy Badger, and Flashblock (FF) or Flashcontrol (Chrome).

No one else can not help You, only You itself can, because the problem is not in Your pc, the problem is in You. You must very deeply analyze own behaviour, the problem located there.
Think seriously, what have you done, and whether it was still the best solution, what You have used. None of the anti-virus can not detect it.

Not very helpful. While yes, it may be a behavioral thing (not clicking on links that are unknown, etc.), you can present your suggestions in a better format - as well as help the current situation and then in turn go into the behavioral part.
 
Last edited:
Here are the results from the scans you told me to do. I am running chrome and I have added the extension flashcontrol. I was not able to run the Panda Anti Root Kit because it said it only runs with 32 bit systems, everything else ran just fine. Anything else I need to do let me know. Thank you for the help thus far I really do appreciate it.
 

Attachments

  • malwarebytes.txt
    1 KB · Views: 2
  • AdwCleaner[C0].txt
    10.9 KB · Views: 2
  • hijackthis2.txt
    14.1 KB · Views: 2
Here are the results from the scans you told me to do. I am running chrome and I have added the extension flashcontrol. I was not able to run the Panda Anti Root Kit because it said it only runs with 32 bit systems, everything else ran just fine. Anything else I need to do let me know. Thank you for the help thus far I really do appreciate it.

O4 - HKCU\..\Run: [] "C:\Users\duham\AppData\Local\3c48d5\6b6bb6.lnk"

This is the only entry in HJT that worries me.

Can you go to that file & right click -> Properties and post the info?

I also noticed that you're using LastPass...that may be your issue. Have you reset your LastPass account password since you've been getting your info stolen? Maybe your LP account is compromised. I would reset your LP password from a known-clean system (e.g. your phone), and then not sign back into it on your PC at least for now.
 
I am having trouble finding that file. I a using windows 10. Also I have no idea what lastpass is. I have never heard of it or did I knowingly download it.
 
I am having trouble finding that file. I a using windows 10.

Open your file browser and navigate to this directory: C:\Users\duham\AppData\Local\3c48d5

You can copy/paste that into the address bar in the file browser, which would be the easiest and is what I would recommend. Otherwise, you will need to enable viewing of hidden files.

In the following link, as an example, you can just click where it says "This PC" and it will allow you to paste that directory there. I am not on a Windows 10 machine at the moment or I would provide a better screen shot for you.

Also I have no idea what lastpass is. I have never heard of it or did I knowingly download it.

Webroot is installed on your system. The password manager provided by Webroot uses a licensed, rebranded form of LastPass. Many folks don't use it, so if you use the Webroot software to save/manage your passwords, that is what Carnage is referring to.
 
Last edited:
This is the only way I know how to upload this file to look at the properties. Im not using lastpass, but I can delete webroot.
 

Attachments

  • ea9b05.zip
    2 KB · Views: 2
O4 - HKCU\..\Run: [] "C:\Users\duham\AppData\Local\3c48d5\6b6bb6.lnk"

This is the only entry in HJT that worries me.

Can you go to that file & right click -> Properties and post the info?

I also noticed that you're using LastPass...that may be your issue. Have you reset your LastPass account password since you've been getting your info stolen? Maybe your LP account is compromised. I would reset your LP password from a known-clean system (e.g. your phone), and then not sign back into it on your PC at least for now.

I would delete LP - them password managers suck. only need to hit that one place and BOOM , access to everything!!

Just create a few passwords with first letter of word and a few numbers...
 
Back
Top Bottom