Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Advanced Card Verification & PayPal


  • Please log in to reply

#1
V10

V10

    Member

  • Member
  • PipPip
  • 12 posts
A relative has whatever causes the "Advanced Card Verification" issue -- I'm starting the process of helping her track it down as we speak. However, she also said that "I even tried using PayPal tonight and the same thing happened. Pay Pal asked me for all kinds of personal information, including my PIN number and my social security number. After checking that the website was secure, I typed them in."

I've advised her to contact her bank and card companies immediately, and since she's given out her SSN, to sign up for a service such as Lifelock, and to stop using her machine for anything until this is cleaned up.

My question is whether the "Advanced Card Verification" junk typically includes PayPal phishing, or if this indicates she may have multiple issues? After searching around about how to help her out, I haven't seen the card pop-up mentioned in association with PayPal.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello V10

Welcome to G2Go. :)
=====================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I appreciate it, but I was really just posting to ask if the various "Advanced Card Verification" malware infections typically include PayPal phishing behavior or not. I don't have any direct access to the machine in question, unfortunately.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes it represents a masterbootrecord rootkit and needs to be taken care of or the malware writers will have her information if she enters it in.
  • 0

#5
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you. I'm veeeery slowly walking her through all of this, I'll post the logs after all.
  • 0

#6
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is her HijackThis log.

Attached Files


  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok the other logs will show what I need to see.
  • 0

#8
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
DDS and GMER logs attached. Thanks again.

Attached Files

  • Attached File  dds.txt   22.34KB   201 downloads
  • Attached File  gmer.txt   207.6KB   218 downloads

  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great she does have the rootkit installed.
Please have her do the following:

Please download and run MBR.exe by GMER:

http://www2.gmer.net/mbr/mbr.exe

It will produce a brief log, mbr.txt in the same directory as the program. Please copy/paste that log here.
============
  • 0

#10
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is the mbr.log file:

Attached Files


  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please ensure that file is still on your desktop before doing this:
Go to Start -> Run and type in (including quotes)
"%userprofile%\Desktop\MBR.EXE" -f
then press Enter.
Copy and paste the mbr.txt log here again
  • 0

#12
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The file was named "mbr.log" not "mbr.txt" as you indicated earlier. I assume mbr.log is what should be on the desktop?
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Meaning make sure the file mbr.exe is on the desktop.
Have her delete the only mbr log that she sees then:
Run the command given in my last post from the run box.
Then it will create a new log post the contents of the new log.
  • 0

#14
V10

V10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The new logfile:

Attached Files


  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok have her do the following:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the C:\Drive. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
==============
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP