In the matter of 2 days I have had two credit cards/hacked stolen and I have had to cancel both. I've been frantically searching the internet on what it could possibly be and what to do. Then I realized, I have a whole host of crypto/computer/network/etc experts at my disposal on Steem! Please give me some advice!
I have never been a victim of credit card fraud and am typically very safe with the sites I visit and buy from. Now, that's not to say that my cards weren't stolen via other methods, like a site breach, a RFID breach, a clone site, a ATM scanner, etc.
The reason I think it's a keylogger and not a different method is that I don't use one of the cards. It's only there for emergencies. After the first card was stolen and used by the thief, I used the second card for an online purchase (from GoDaddy) and when I woke up this morning I had an email with fraudulent charges.
I think I am in some serious shit
So, if my suspicions are correct and it is a keylogger malware, I think I am in some serious shit. I use a password manager (Dashlane) and it holds a lot of information for me. I have a master password that is very complex, very long and has never been written down or typed anywhere, other than on my Dashlane app on my phone and the Dashlane software on my computer.
This is really starting to freak me out a bit as my Steem password is in there, banking details, addresses, etc. Everything is in there really, as I always thought it was SUPER SECURE.
Now I need the help from the expert!
- Does this sound like a keylogger?
- Is there a way to identify the logger and get rid of it? I have AVAST security.
- Should I start the painful process of changing all my passwords? Including my MASTER password?
- What precautions can I take to insure I am safe going forward?
Please fellow Steemians, needs some help and advice here. All your comments are very much appreciated.
Switch to Linux.
This ^. * 1000Is the only way to do this to buy a mac?
no. get a linux iso from the web. burn it on a bootable cd,dvd, or flash...and install on your computer. you can have both win and linux running at the same time...you could also run linux in a virtual machine on windows...but it's better to have it installed
Damn, I have some googling to do
if you need help, send me a message on steemit.chat I'm in the #help channel
Even if you don't have a keylogger installed, you should still occasionally do a virus sweep so this is what I'd recommend.
First, Run rkill.com. Sometimes it takes a few minutes to finish. Do not reboot when done.
Kills running malicious processes
Removes policies in the registry that prevent normal OS operation
Repairs file extension hijacks
Next, Download an updated copy Malwarebytes' Anti-Malware. Turn on the “Scan for Rootkits” option. Then, run a “Threat Scan”
Successfully removes the vast majority of infections
Has an industry-leading built-in rootkit/bootkit scanning engine
Has built-in repair tools to fix damage done by malware
After that, run ADWCleaner using the “Scan” option. Then press “Cleaning” when finished and allow it to reboot your system.
Removes majority of adware, PuPs, Toolbars, and Browser hijacks
Fixes proxy settings changed by malware
Removes certain non-default browser settings
Finally, Run Malwarebytes' Junkware Removal Tool and allow it to finish. Reboot your computer upon completion.
Removes adware, PuPs, Toolbars, and Browser hijacks other tools miss
Good at removing unneeded AppData directories left behind by infections
Follow-up Steps (highly recommended):
Using a computer that has not been infected, change passwords to all your online accounts.
Consider enabling two-factor authentication.
chris you sound like an expert in this field. How would you rate this tool? http://superantispyware.com/
I've never used it but the reviews look decent but I stick to the tools I listed as they are what I'm most familiar with.
Do you have any other credit or debit cards? Please reply with all the card details right here and once they are stored in the Steem blockchain they will be safe and nobody will be able to hack them :). Don't forget the 3 digit security card off the back!Hey @msutyler,
PS. just joking. DO NOT REPLY WITH YOUR CARD DETAILS!!!
Instead:
Be safe!
Cheers. I did deviate from known trusted sites the other day as I watched a video on putlocker? Fack, this might have been the culprit.
Hello Msutyler.
This sounds like a keylogger, with the key evidence being that your emergency card got "hacked".
I would suggest that you do the following:
Malwarebytes should be able to detect and remove the keylogger, if nothing comes up i would try other malware-removal services like: HitmanPRO and HijackThis.
I hope this helps you out.
malwarebytes is a very good tool indeed!
It could be an external breach as well. Think about it -- all someone really needs to make fraudulent expenditures through your cards is the number, your name, and the digits on the back.
Changing master keys is usually a good idea anyway. Be paranoid... a little. But if you're careful, the attack surface of corporate databases are far more plentiful than you alone.
The safest bet is to delete everything and do a fresh OS install.
First, make a backup. (although you might be backing up malware you have, and if its smart enough, it might be able to reinstall itself).
Download W10 iso from Microsoft, put it on external usb stick with a program called Rufus, boot into the usb and do the fresh install.
This is great guys. Thanks so much for the replies.
I just did a full scan with Avast and it didn't find anything. I will try some of the other suggestions below to try and find any malware that avast may have missed.
Damn, this sucks.
Doing a full OS reinstall kind of scares me, mainly because I've never done one.
Will this wipe everything (apologies for the ignorance)?
Do I have to save every single file that I don't want deleted? This could take a while.
Fack!
you could use recovery cds like Hyren's boot cd to do deep wipe and then reinstall. antivirus scans are unlikely to discover good crypted malware and 0-day exploits. wiping, as nasty as it may sound, is a good strategy. but finding the root cause would be even better.
Yes, unless it's part of the operating system install, it will be deleted. Be sure to download drivers before starting the install just in case you can't get an internet connection with the computer after the install. An even better idea would be to use another computer that hasn't been compromised and have it ready with an internet connection once you're installing.
Something to note is that a vendor you use may have been compromised by either a hack or an employee. If you haven't seen your bank account emptied, I think this vendor problem is more likely than someone hacked your PW manager.
How common is getting my info stolen via RFID? I feel like that is another option. I've ran a couple malware software now and nothing has been detected?
I never had my credit card hacked. Until I was very active with Bitcoin and using these sites where you can earn them. Out of the blue my cc company called and asked if I had been really active with my card that day. Which I wasn't. Kudos to them for blocking these purchases. If you don't want to get hacked, I'd say stay completely away from crypto currencies. And I fully realize this sentiment will go over like a lead balloon here. But I don't care. I think that arena is infested with Russian hackers just waiting for the next sucker to come along. If the arena isn't safe, I'm not interested in being there.