Super Slow Computer and Ebay Account Hacked (Possible Keylogger?)

mleonard79

Hi everyone,

I have a 4-year old HP Pavilion PC with Intel Pentium 4 CPU 2.60GHz, 512 RAM running on MS Windows XP Media Centre Edition 2002 with SP2. It has been getting progressively slower and I've been getting a lot more error messages over the last few months but over the last few weeks this slowness has increased rapidly. I realise it's an old computer and definitely needs an injection of RAM but it's gone downhill so fast I suspect there are more problems. I posted THIS THREAD a few weeks ago when my computer did a chkdsk scan and told me I had bad clusters.

Since then I've been ill with a chest infection and my dad's been in hospital so it's not been a top priority to try to fix all the issues and if I've needed to go online I've been using my brother's brand new mac in the other room.

My C drive has a capacity of 106.8gb with 32% used and 68% free and my D drive has 5gb with 87% used and 13% free. The computer is super-slow at start-up and all processes like opening programs, getting updates, using word, running scans etc are very slow. IE is the worst item though - over the last week or so it's simply unusable. Not only is it slower and slower all the time but the "not responding" error messages and crashes are happening now within a minute or two of opening the browser. I downloaded firefox 2 days ago and am using that instead and, although not fast, it's significantly quicker than IE was and has only crashed once in that time.

I still cannot get the computer to make any back-up cds or dvds - the recordnow program just brings up error messages and I've ruined countless discs trying. I really want to get back-up dvds made. I've put everything onto a corsair pen drive but I would prefer to have discs too.

I've ran ad-aware, spyboy, malwarebytes, a full AVG scan and defraggler over the last few days. Spybot and malwarebytes found a few things and got rid of them but it's not any faster.

Then today I found out my ebay account has been hacked into by a third party - I started a thread on this on the ebay forum HERE. They listed items on my account so there was a genuine breach. I'm now extremely worried about this as I have definitely not clicked on any fake ebay emails. I'm worried they could have got other details from my computer. Should I change all my email/bank passwords/should I do that on this computer?

Any help with any of the above issues, especially the ebay hacking, would be most appreciated. Thanks a lot.

Regards

Michelle

DCFC79

What firewall you got, have you sorted the items being sold on your account which you didnt do, you need to talk to ebay about them so id do it via ebay help, can you still access your ebay acc

mleonard79

Hi DCFC79,

Thanks for your reply. I never actually even got to see the items being sold on my account and I have no idea how long it was going on for since I hadn't logged in in so long. I contacted ebay live help as soon as the warning that a third party had accessed my account came up yesterday. I went through a lot of security questions with a live help rep to prove I really was the true owner and she then restored my account. All she told me was the third party was selling dvds such as friends and smallville but couldn't give me any more information about how they accessed my account and how long they'd been doing it for so I'm in the dark on those fronts. I can access ebay now and have changed the password but obviously that won't matter if someone is somehow managing to access my information.

I have comodo firewall if that's any help. I'm really worried about the security of my bank accounts, email etc. Thanks for any help.

Regards

Michelle

basmic

Reluctant_spender wrote:

Malware Bytes - if you already have a copy please ensure you update it prior to running it. As before please disable Spybot Teatimer and or any programme that protects the registry - Winpatrol, Windows Defender etc...

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Quicker for me to quote, than type it all out myself.

DCFC79

Do what basmic has put, also have you updated your anti virus, firewall,

Airwolf1

Also change other passwords if your ebay one was the same as others you have, such as email account.

mleonard79

Thanks - I've ran malwarebytes twice in the last few days but I'm not sure I had windows defender turned off so I'll run it again.

Yes my anti-virus (AVG Free) and firewall are up to date - my Comodo firewall pops up all the time, could it be slowing the PC down any?

Will it be ok to change the passwords on this computer?

Thanks again.

DCFC79

mleonard79 wrote: »

Thanks - I've ran malwarebytes twice in the last few days but I'm not sure I had windows defender turned off so I'll run it again.

Yes my anti-virus (AVG Free) and firewall are up to date - my Comodo firewall pops up all the time, could it be slowing the PC down any?

Will it be ok to change the passwords on this computer?

Thanks again.

yeh it should be fine, also you could try this online scanner http://housecall.trendmicro.com/uk/, also what programs do you have to run at startup which you can check by going to to start > all programs > startup

mleonard79

I've now ran the Malwarebytes program again with windows defender turned off but it hasn't found anything extra. The log from what it found the other day is pasted below:

Malwarebytes' Anti-Malware 1.28
Database version: 1270
Windows 5.1.2600 Service Pack 2

14/10/2008 22:19:35
mbam-log-2008-10-14 (22-19-35).txt

Scan type: Quick Scan
Objects scanned: 65892
Time elapsed: 15 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\!!3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

I'm re-running spybot now too - it found something called banker.zip the other day.

As far as startup goes it says (empty) under start > all programs > startup but I've removed a number of things from startup through ccleaner although it's not speeded things up at startup any. I currently still have comodo firewall, comodo safesurf (is this necessary?) avg, adobe photo downloader (which I've disabled numerous times but it just keeps coming back), creative volume control and safely remove hardware on my startup taskbar.

Thanks for the help.

mleonard79

Spybot has finished scanning finally - it found another 7 things (tracking cookies.) I've posted a screenshot below:




I'm now running the HouseCall one.

mleonard79

loaner wrote: »

backup your data, and reinstall windows? I'm guessing the d drive is a restore partition (if it's not a dvd), so it should be easy

Hi Loaner,

Thanks for the reply. One of my main problems is that I can't get anything backed up to disc - the RecordNow program won't work.

The D drive has recovery next to it so I'm guessing you're right about it being a restore partition - I've never touched it to be honest.

if you have a router, then there isn't a great deal of advantage using comodo (others may argue), it's pretty bloated, and may be eating into your ram, tipping you over 512M

I had wondered about this - I've just been scared not to have a good firewall in case.

Regards

Michelle