| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 107616 | 2010-02-23 20:19:00 | credit card fraud | borax (7078) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 861084 | 2010-02-24 21:24:00 | Didn't know that about PayPal. Haven't really trusted them after hearing horror stories about them. Dont they take their own skim of the top though? I don't know, but I always notice their exchange rate works out where I get charged a little higher than the one on www.xe.com. Then again, I think they explain this by using a 24-hour average rate and not the exact rate at the time of transaction - or something along those lines. I've heard horror stories too, but it seemed most of those were with people using it to receive payments, getting their account frozen for no reason and their money being inaccessible. Since I am only using it to buy things, I don't consider that an issue. |
Agent_24 (57) | ||
| 861085 | 2010-02-24 21:26:00 | But back on topic... Have you tried downloading something like download.bitdefender.com ? Download the large 260MB ISO, burn it onto a CD and boot from it. Make sure you have your Internet connection on so it can update the virus definitions. It will automatically scan all drives and all partitions. |
Agent_24 (57) | ||
| 861086 | 2010-02-24 21:55:00 | So i have run root kit revealer from sysinternals. Not sure how to decode the log but it is below. I will burn the image mentioned above and see if that produces anything: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN 13/08/2009 21:43 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\CertMapping 13/08/2009 21:45 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Client 02/11/2006 12:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Listener 02/11/2006 12:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Service 02/11/2006 12:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS 13/08/2009 21:45 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS\CustomRemoteShell 13/08/2009 21:45 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 02/11/2006 10:33 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0082CE 7E-A809-4E60-A243-93F32EEB234B}\DynamicInfo 24/02/2010 07:34 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C0414 48-C69A-4D8B-A774-4F3948997407}\DynamicInfo 24/02/2010 07:43 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B952 1C-F109-4B7B-BDDF-99CF656525E0}\DynamicInfo 24/02/2010 07:43 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F 64-ED08-49A9-9F86-F62ED855AFFD}\DynamicInfo 24/02/2010 07:34 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A728AE 6B-5AB8-4223-AD3E-E6341441A01C}\DynamicInfo 24/02/2010 07:43 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Enum\PCI\VEN_10DE&DEV_0407&SUBSYS_022E1028&REV_A1\4&233a497c&0&0008\Device Parameters\VidPnLkgTopology 24/02/2010 07:43 5.00 KB Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\pla\Configurati on\EventBookmark 24/02/2010 07:44 270 bytes Data mismatch between Windows API and raw hive data. |
borax (7078) | ||
| 861087 | 2010-02-24 22:26:00 | Know the feeling! I tried that one and gave up knowing I couldn't make head nor tail of it. | linw (53) | ||
| 861088 | 2010-02-24 22:28:00 | Tried Gmer? (www.gmer.net) | Agent_24 (57) | ||
| 861089 | 2010-02-24 23:21:00 | Easy. remove all items the rootkit finds. | pctek (84) | ||
| 861090 | 2010-02-25 00:42:00 | I would be wary of just blindly deleting everything that is found by Rootkit Revealer. It's possible some of these are legitimate items. AVG likes deleting system files all the time, we can all agree that's not good |
Agent_24 (57) | ||
| 1 2 3 | |||||