3

I recently setup a new Win8.1 PC while still working on my main development PC so it did not have all of the security tools that I usually install, e.g. malwarebytes, adaware, etc. Since it takes me a few days to fully setup my machines with coding tools and a myriad of other tools, I made the MISTAKE of accessing my bank account information to check on something that came through my mobile. I admit, it totally slipped my mind and wasn't thinking at the moment, mea culpa.

Well, at 7 AM today, my bank has confirmed that my new PC tried 3 unsuccessful attempts at accessing my bank account. Luckily, this bank has a couple of layers of security and they weren't able to bypass the security questions section.

Now, I am seeking some advice on what steps I should proceed with.

Just as an FYI, I would like to find out the following:

  1. The IP address of the offending #*##)
  2. The program that came w/ the infection
  3. Any software that I can use to see what programs run/start when my PC is idle (since at 7 AM, I was not near this PC)
  4. Any software I can use to see when any program accesses a remote address (I used to use one that listed the program running and attempting to access http, etc., but can't recall it at the moment.)

I am aware there could be a bunch of scenarios that are possible, so can you please supply me with, what are some of the common practices so I can read up on them? Rootkit? Keylogger?

FYI, I also ran some virus/malware/trojan/rootkit locators programs and NOTHING has been found? Is this common?

Also, I should note that I left this laptop in "Sleep" mode the night before with the Google Chrome browser open with many tabs open.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
user118190
  • 131
  • 2
  • I'd suspect a poisoned javascript in your browser cache, or possibly some kind of cross site script attack. – John Deters Jan 29 '14 at 05:23
  • @JohnDeters - Ah, you might be onto something! Interesting thing is as I was writing up this SE question, certain features weren't working, i.e. certain links, buttons, etc., so I switched over to Firefox. Is there anything you recommend I do next? Will a simple reinstall of Chrome suffice? Thx for the tip! – user118190 Jan 29 '14 at 06:05
  • @user118190 - the answer is the universal nuke it from orbit answer which is the same as the question marked as duplicate. If you can't establish what the vector was (which is complicated and maybe impossible) then you can't 100% trust that your system isn't compromised. The safest bet is nuke it from orbit and rebuild. This goes for any compromise that you can't prove occurred without impacting your local system. – AJ Henderson Jan 29 '14 at 20:09

1 Answers1

1

Reinstall the whole machine from the OS up. It is common to be infected with something and not have antivirus scanners not find it. Reinstalling is the only way to have any confidence in the machine again.

Tracy Reed
  • 618
  • 4
  • 5