Is this a known virus?

[Salisar]

I just had the weirdest and potentially most destructive thing happen to me
and I was wondering if anyone knew if there was any virus or web scam that
they might have heard of that works like this.

I discovered, strictly by accident, that three web porn sites had withdrawn
about $50 each from my checking account. The odd thing about this was that
when I called the company listed in my bank statement, they had bank
information from one user on my computer and the user name of another user
from my computer. The other user has no way of knowing my bank information
and I have no way of knowing the password used by his email account. It is
as if some program scoped out a user name and password from one login
account and then scoped out bank information from another. Has anyone heard
of this happening before? I am tempted to report this to the authorities
but as things look, my story is going to sound pretty far-fetched.

TIA

Salisar

 

[PA Bear]

Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm

CoolWebSearch Chronicles
http://www.merijn.org/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.mvps.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also update your virus definitions and then run a full system scan. From
now on, do both daily.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx

 

[Steve Nielsen]

Yep, you've been hit with some nasty scumware. Not a virus or trojan in
the usual sense, more along the lines of spyware. You can clean up your
system using Spybot Search & Destroy (www.security.kolla.de) and
Ad-aware (www.lavasoft.de). Install and update both and scan your system
with both (each can catch thing the other may miss). Turn on the XP
firewall, or beter yet, get one of the free firewalls available on the
web like Zona Alarm or Kerio Personal Firewall.

A very similar thing hit my machine about 3 years ago before I'd ever
had any experience with this type of malware. It was a mini-dailer my
brother in-law managed to unknowingly pickup from a porn site. I found
out about it one morning at 4 am when he was surfing, got offline to
shut down and the modem started dailing with the speaker on full blast,
which woke me up. I have my DUN set with modem speaker off so I knew
right away something was wrong. I read up on it at www.ripoffreport.com
and came to find out that some of these things can even get into a
system with a drive-by download, you don't even necessarily have to
visit a scum-site.

The real stange part is that the prono company (Alyon Technologies, I
beleive) sent a bill to my ex-girlfriend who hadn't lived in my home for
nearly two years, the phone was never in her name, she had no files or
dat on my computer but AT&T had her name on record associated with my
phone number somehow. I also learned from www.ripoffreport.com that AT&T
has assisted companies like this one in obtaining billing information
for the people they infect. Last I checked there is pending litigation
against Alyon and AT&T about this.

Made me a firm believer in firewalls and anti-spyware, let me tell you.
Also made me a firm believer in not allowing my brother in-law (or
anyone else) on my computer again.

Steve

 

[Albert Sims]

Yep, you've been hit with some nasty scumware. Not a virus or trojan in
the usual sense, more along the lines of spyware. You can clean up your
system using Spybot Search & Destroy (www.security.kolla.de) and
Ad-aware (www.lavasoft.de). Install and update both and scan your system
with both (each can catch thing the other may miss). Turn on the XP
firewall, or beter yet, get one of the free firewalls available on the
web like Zona Alarm or Kerio Personal Firewall.

A very similar thing hit my machine about 3 years ago before I'd ever
had any experience with this type of malware. It was a mini-dailer my
brother in-law managed to unknowingly pickup from a porn site. I found
out about it one morning at 4 am when he was surfing, got offline to
shut down and the modem started dailing with the speaker on full blast,
which woke me up. I have my DUN set with modem speaker off so I knew
right away something was wrong. I read up on it at www.ripoffreport.com
and came to find out that some of these things can even get into a
system with a drive-by download, you don't even necessarily have to
visit a scum-site.

The real stange part is that the prono company (Alyon Technologies, I
beleive) sent a bill to my ex-girlfriend who hadn't lived in my home for
nearly two years, the phone was never in her name, she had no files or
dat on my computer but AT&T had her name on record associated with my
phone number somehow. I also learned from www.ripoffreport.com that AT&T
has assisted companies like this one in obtaining billing information
for the people they infect. Last I checked there is pending litigation
against Alyon and AT&T about this.

Made me a firm believer in firewalls and anti-spyware, let me tell you.
Also made me a firm believer in not allowing my brother in-law (or
anyone else) on my computer again.

Steve

I was billed earlier this month by a company called "MyPaySystems.com"
for a site called "Dating Playground". I had never heard of either
company. Still fighting with them and my credit card company to get my
$49.95 reimbursed. I've ran up to date AdAware and Spybot, and cleaned
out any scumware they found. Went to "RipoffReport.com" and found about
7 other people that have been charged by those companies.

 

[Steve Nielsen]

I was billed earlier this month by a company called "MyPaySystems.com"
for a site called "Dating Playground". I had never heard of either
company. Still fighting with them and my credit card company to get my
$49.95 reimbursed. I've ran up to date AdAware and Spybot, and cleaned
out any scumware they found. Went to "RipoffReport.com" and found about
7 other people that have been charged by those companies.

Yep. Those kinds of b@st@rds are showing up more and more.

So the anti-spyware cleaned it all up I take it? What were the names of
the culprits found?

Steve

 

[Alexander Grigoriev]

Folks,

Never, ever log in with administrative privileges, unless you understand
what software is safe to run. The sad truth is that Internet Explorer is not
a safe program.

Change your user accounts type to "limited user". Make sure your system disk
is formatted with NTFS file system. No matter how loud your users cry, DON'T
convert their accounts to administrator type.

Of course, enable at least XP firewall.

Then, any malware won't be able to install itself on your system.