IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
Have I been hacked?
Closed Thread
Views: 1,236
Thread Tools Search this Thread Display Modes
# 1
bryanb
Old 05-10-2011, 5:00 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default Have I been hacked?

Placed an online order with a well known national company last night. All appeared OK, used a debit card and registered for verified by visa to allow the transaction to go through.
Today I received what appeared to be a phishing email which showed the company concerned's logo. There were a few spelling mistakes and a "click here to verify your transaction with sagepay"
I phoned the company and found that the Yahoo address that sent the email was not known to them and no order was showing on the account.
Any guidance would be a great help, should I contact the card provider? Has my email been compromised?
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 2
santer
Old 05-10-2011, 5:04 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2010
Posts: 4,364
Default

I would contact sagepay and the card provider
santer is offline
Report Post
The Following User Says Thank You to santer For This Useful Post: Show me >>
# 3
RussJK
Old 05-10-2011, 5:36 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

So you are saying that the legitimate company has no record of the original order you made? Of course contact your card company if that's the case!

Look at your browser history and double check the URL is correct - might be a single character out of place. Have you ordered from the company before? How did you get their number to ring them?

Post the link, perhaps others have had the same issue.

Most likely scenario is that the address was typed wrong and thus accessed a phishing site, but it's also possible that your computer was compromised beforehand and were redirected through DNS or HOSTs hijacking. Also possible that the website of the company itself has been hacked.

Otherwise, usual advice of run a QUICK scan with Malwarebytes, and post a log with HijackThis (http://www.users.on.net/~russ/hjt/).
RussJK is offline
Report Post
The Following 2 Users Say Thank You to RussJK For This Useful Post: Show me >>
# 4
bryanb
Old 05-10-2011, 6:29 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

I've updated Malwarebytes and run a quick scan. No items infected. Not computer savvy enough to post a log though.
Nothing is showing on the card account, sorry it was CC not Debit. (perhaps a bit early as yet)
History checked and all ok there. Got the phone number from their website and paper catalogue, then used say no to 0870.
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 5
RussJK
Old 05-10-2011, 6:35 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

Just follow the picture guide, others with less knowledge have been able to

It'll just rule out a few things.
http://www.users.on.net/~russ/hjt/#pictureguide

Also do a scan with Hitmanpro, very quick:
http://www.surfright.nl/en/hitmanpro

The question is what site were you on when you made the order, if the real company didn't get it.
RussJK is offline
Report Post
The Following User Says Thank You to RussJK For This Useful Post: Show me >>
# 6
santer
Old 05-10-2011, 7:29 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2010
Posts: 4,364
Default

Quote:
Originally Posted by bryanb View Post
Nothing is showing on the card account, sorry it was CC not Debit. (perhaps a bit early as yet)
If you check the card online, does it have pending transactions listed?

Maybe they needed details which they intended to get if you clicked to confirm the " sagepay " transaction, though odd that they would need anything if they already knew you had used the card

With the e-mail, you could change the password
santer is offline
Report Post
The Following User Says Thank You to santer For This Useful Post: Show me >>
# 7
bryanb
Old 05-10-2011, 7:37 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Quote:
Originally Posted by RussJK View Post
Just follow the picture guide, others with less knowledge have been able to

It'll just rule out a few things.
http://www.users.on.net/~russ/hjt/#pictureguide

Also do a scan with Hitmanpro, very quick:
http://www.surfright.nl/en/hitmanpro

The question is what site were you on when you made the order, if the real company didn't get it.
Managed up to copy, but how do I paste to the forum please?
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 8
santer
Old 05-10-2011, 7:39 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2010
Posts: 4,364
Default

You should just right click in the forum post and click paste
santer is offline
Report Post
The Following 2 Users Say Thank You to santer For This Useful Post: Show me >>
# 9
bryanb
Old 05-10-2011, 7:50 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Here goes tLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:50, on 05/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAPTOP\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Pl ugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0072891220431347) (0072891220431347mcinstcleanup) - - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: Google Update Service (gupdate1c9c9a99bf0fc4c) (gupdate1c9c9a99bf0fc4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11752 bytes
hen!
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 10
gjs6385
Old 05-10-2011, 8:24 PM
MoneySaving Stalwart
 
Join Date: Apr 2010
Posts: 231
Default

If it isn't you posting on this thread then yes, you probably have been lol
gjs6385 is offline
Report Post
# 11
bryanb
Old 05-10-2011, 8:36 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Quote:
Originally Posted by gazsharpe101 View Post
If it isn't you posting on this thread then yes, you probably have been lol
You're sharp!
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 12
RussJK
Old 05-10-2011, 8:38 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

Quote:
Originally Posted by bryanb View Post
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
Other than the leftover traces from having Hotspot (considered adware), the log looks clean to me. Lots of bloat, but clean

Still leaves the mystery of how your payment was redirected, if it really was. How did HitmanPro scan go btw?

As Santer says, it seems strange that the criminals would need anything more than what was on the apparently fake transaction you made. Doesn't quite make sense really.
RussJK is offline
Report Post
The Following User Says Thank You to RussJK For This Useful Post: Show me >>
# 13
RussJK
Old 05-10-2011, 8:40 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

Could you right click on the link given in the phishy email, and select 'copy link location' or the equivalent. Then left click on my name on the side RussJK, and select 'Send a private message to RussJK'. In that private message, right click and paste the URL please.
RussJK is offline
Report Post
# 14
gears of computers
Old 05-10-2011, 8:44 PM
MoneySaving Convert
 
Join Date: Oct 2011
Posts: 15
Default

i have been hacked in the past and it sounds like you have been minorly hacked
gears of computers is offline
Report Post
# 15
bryanb
Old 05-10-2011, 8:46 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Quote:
Originally Posted by RussJK View Post
Other than the leftover traces from having Hotspot (considered adware), the log looks clean to me. Lots of bloat, but clean

Still leaves the mystery of how your payment was redirected, if it really was. How did HitmanPro scan go btw?

As Santer says, it seems strange that the criminals would need anything more than what was on the apparently fake transaction you made. Doesn't quite make sense really.
Thanks for your input, it really is appreciated. HitmanPro scan went ok, I think, Plenty of tracking cookies, mostly sites I recognise. A couple of pornsite ones - moi? non!
One labelled as a Trojan (What's that?) It was a nudeman clock I had set as screensaver (Recommended by a friend)
Not sure what you mean by bloat. I can guess, but I'd probably be wrong. How do I remove it?
Going to monitor the card account carefully for a while though.
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 16
RussJK
Old 05-10-2011, 8:50 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

Quote:
Originally Posted by bryanb View Post
Thanks for your input, it really is appreciated. HitmanPro scan went ok, I think, Plenty of tracking cookies, mostly sites I recognise. A couple of pornsite ones - moi? non!
One labelled as a Trojan (What's that?) It was a nudeman clock I had set as screensaver (Recommended by a friend)
Not sure what you mean by bloat. I can guess, but I'd probably be wrong. How do I remove it?
It's possible to get cookies from sites you've never directly visited (including porn sites) just because of ads on pages you have

See if you can upload the nudeman clock to www.virustotal.com. You have to click on the 'Upload' button, then navigate to the folder that contains the nudeman clock file. After you upload it, please give the link/URL to the report so we can see.

Don't worry about the bloat so much for now - but there is a 'slow PC' thread in the stickied threads. (just unnecessary programs running, that cause slow down)
RussJK is offline
Report Post
# 17
bryanb
Old 05-10-2011, 9:01 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Quote:
Originally Posted by RussJK View Post
Could you right click on the link given in the phishy email, and select 'copy link location' or the equivalent. Then left click on my name on the side RussJK, and select 'Send a private message to RussJK'. In that private message, right click and paste the URL please.
I think I've done that, not sure the PM went though.
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 18
bryanb
Old 05-10-2011, 9:11 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default

Quote:
Originally Posted by RussJK View Post

See if you can upload the nudeman clock to www.virustotal.com. You have to click on the 'Upload' button, then navigate to the folder that contains the nudeman clock file. After you upload it, please give the link/URL to the report so we can see.
Already deleted Nudeman clock.

Thanks for the help so far, got to go out now. BB
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 19
bryanb
Old 06-10-2011, 11:53 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2007
Location: Positive equity
Posts: 4,493
Default Humble Apology

My apologies, The card we were using was a new one in the wife's name. This morning she was checking her account when she asked - Should I have activated that card before using it?
The Sagepay email was obviously genuine, notwithstanding poor grammmar and spelling mistake, plus a Yahoo address.
Sorry for the waste of time, but at least I've learned a lot about security etc!
This is an open forum, anyone can post and I just did !
bryanb is offline
Report Post
# 20
RussJK
Old 06-10-2011, 12:18 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2009
Posts: 2,321
Default

Thanks for letting us know. Still, kind of strange that Sagepay would use a yahoo email to ask you to verify a transaction...
RussJK is offline
Report Post
The Following User Says Thank You to RussJK For This Useful Post: Show me >>
Closed Thread

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT +1. The time now is 10:10 AM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 23 July 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

TuneChecker Top Albums

  • VARIOUS ARTISTSNOW THAT'S WHAT I CALL MUSIC! 88
  • ED SHEERANX (DELUXE EDITION)
  • ED SHEERAN+

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.