TechSpot

USAA credit card compromised

By trunyon
Feb 2, 2009
  1. I have recently been notified that my credit card has been compromised. I am thinking it might be one of the online vendors I may have purchased from that have been compromised but want to make sure there is nothing on my computer. I have run HJT and have attached the log. Any help would be greatly appreciated. Thanks!
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    There is defiantly something wrong! You mentioned no symptoms or problems beside your card being compromised.

    Does your computer run alright? Several of the missing files below are critical Windows system files. I am surprised the computer runs and why did you mention no issues!

    Run HJT Scan only and select and remove all the below
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

    I hope your computer can do the below because you better get right on it.

    Do no banking until we are clean. Change all pass/access codes used on this computer. Do it by phone or on a known clean computer.

    Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

    Most importantly update MalwareBytes and SuperAntiSptware!

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

    Mike
     
  3. tw0rld

    tw0rld TS Maniac Posts: 572   +6

  4. trunyon

    trunyon TS Rookie Topic Starter

    I followed the 8-steps and have attached the three logs.

    As far as issues I have not had any at all and my computer works fine. Thanks for your help!
     
  5. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi trunyon

    Sorry man dropped off to sleep in the recliner after dinner, long day!

    Boy was that unexpected!

    Hardly a Malware issue compared to what I have worked on lately! I also expected you to say at least that yeah there were a few problems!!!!

    Also did you Run HJT and try to remove the entries? Because if you did it did not touch them!

    Do you have another Admin level logon on this machine?

    OK we need a deeper look.

    Download http://oldtimer.geekstogo.com/OTViewIt.exe
    Run it, when finished post the log that opens then close it and open the other "Extra" log and post it.

    Then...

    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
  6. trunyon

    trunyon TS Rookie Topic Starter

    hey mike,

    I did not remove any entries from HJT because I have no idea which ones to remove!

    I could not get combo fix to work, it gave me an error - win32, incompatible with vista.

    Let me know if there is anything else I need to do. I appreciate your help again.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes based on all I agree with Kim. By reinstall I mean not a repair but a full format and install.

    That is the safest thing to do!

    Besides in rereading and considering all I don't even see a good place to even start, there are to many issues. This computer is totally compromised!

    Wish I could offer more!

    Mike
     
  9. trunyon

    trunyon TS Rookie Topic Starter

    hey guys, I reformatted and did a clean install of vista, but now I cannot connect to the internet. I don't know if you would have the answer but when I try to diagnose the connection it says "Realtek RTL8168/8111 Family PCI-# Gigabit Ethernet NIC(NDIS 6.0) is experiencing driver or hardware related issues"

    I've cycled my modem several times which used to work but that is not working. I jsut don't konw why it is giving me problems since this is a fresh install. Any ideas?
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    That's a driver fault ;)

    Note: Microsoft does hold a lot of drivers, but not all of them, and especially not all of them on one DVD (more likely a million terrabyte !)

    You need to locate your drivers for your Network card
    This thread may help http://www.techspot.com/vb/topic117607.html
    Or just go to Realtek support download page
     
  11. raybay

    raybay TS Evangelist Posts: 7,241   +9

    If you tell us the brand, model, and configuration of your computer, we can perhaps be more help.
    Many computers Windows disks will allow you to reinstall Windows in a repair mode from which you can make the correctioins you need in your install, then use the TechSpot 8 Steps to start fixing and recovering. This is a better option for most people, if you have/had valuable data you need to rescue and save.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...