Possible keylogger or wireless hack? - Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Thor · 08-20-2011, 06:55 AM

So a friend of a friend here in Iceland is having a unusual problem, hoping you guys can help me figure this one out, I have some suspicions but lets see what we can figure out.

So in one day she all of a sudden is unable to log in to msn, hotmail, gmail, and gets an email from photobucket (which she hasnt used in over a year) to accept a password change.

I've got her to run safe mode virus scans, malware bytes, etc.. Nothing seems to be on her computer, she's got a active and working AVG always on.

It all seems so very targeted, and she's on wireless. The wireless thing got me thinking, Iceland has routers set up by their ISP's and they usually are set on the lowest WEP security settings, which simply sucks. Leads me to believe she might have been packet sniffed and hacked, either to mess with her or who knows what else.

You guys got any ideas, she's all freaking out over this

WilsonFourTwo · 08-20-2011, 08:14 AM

Honestly, that's a bit too much "Random" and is probably indicative of something bigger happening. IMO it's very unlikely that someone has hacked the WiFi to obtain user credentials.

If I had to guess, she probably uses the same (one or two) user/pass for a number of sites. One of those sites has probably been compromised and the rest just start to fall like dominoes (This is how most Warcraft accounts get stolen).

PM me her IP address and password, I'll gladly take a look. And it would really help if the webcam was turned on.

Rathji · 08-20-2011, 08:42 AM

I doubt it was simply the result of packet sniffing, since as you mentioned she didnt user her Photobucket account for a year. Chances are one (or all) of her emails were accessed and then everything else was reset. I would lay good money that it is someone she knows, and has given her password to something in the past and it has been reused as email password. Why would a 'hacker' want her Photobucket account?

She need to start the Google/MS Live account password reset process (which is fairly extensive), and start to gain control of her stuff again. Ensuring that the recovery emails that these accounts use is the one which she has access to.

bubbsy · 08-20-2011, 08:50 AM

Quote:

Originally Posted by WilsonFourTwo

Honestly, that's a bit too much "Random" and is probably indicative of something bigger happening. IMO it's very unlikely that someone has hacked the WiFi to obtain user credentials.

If I had to guess, she probably uses the same (one or two) user/pass for a number of sites. One of those sites has probably been compromised and the rest just start to fall like dominoes (This is how most Warcraft accounts get stolen).

PM me her IP address and password, I'll gladly take a look. And it would really help if the webcam was turned on.

nasty guy.

Thor · 08-20-2011, 11:53 AM

She says she uses a number of different passwords, I wonder though how good those are.

Rathji · 08-20-2011, 09:34 PM

Quote:

Originally Posted by Thor

She says she uses a number of different passwords, I wonder though how good those are.

Doesnt matter if you get access to someones email they can all be reset

Thor · 08-21-2011, 12:14 PM

So she sent me this, she gets malware bytes pop ups when she tries to open skype.

Rathji · 08-22-2011, 06:32 AM

I assume she has scanned with a a few anti virus/malware programs?

If not:

Run full scan with Malware Bytes, Hitman Pro, Superanitspyware.

Thor · 08-22-2011, 07:33 AM

Yeah I got her to go into safemode, run AVG and malware bytes.. All came up clean.

I dont run Malware on my own comp, I just use it on others when I'm looking for trouble makers, so this pop up stuff is new to me, wondering if its a learn as you go pop up which makes you allow what programs can access ports.

Slacker · 08-22-2011, 08:45 AM

Sounds like that IP came from St. Petersburg.

"IP address is numbered 212.116.122.130. This IP address refers to Russian Federation, and it is registered in Kolpino, Saint Petersburg City. IP Country code is RU. ISP of this address is "Prometey Ltd", organization is "IT-Grad". IP address latitude is 59.750000 and longitude is 30.600000."

Titan · 08-22-2011, 11:17 AM

Sorry not to contribute anything useful but ...

"Leads me to believe she might have been packet sniffed and hacked" made me laugh.

I am 14.

Thor · 08-22-2011, 01:23 PM

Quote:

Originally Posted by Slacker

Sounds like that IP came from St. Petersburg.

"IP address is numbered 212.116.122.130. This IP address refers to Russian Federation, and it is registered in Kolpino, Saint Petersburg City. IP Country code is RU. ISP of this address is "Prometey Ltd", organization is "IT-Grad". IP address latitude is 59.750000 and longitude is 30.600000."

Yeah I looked that up and was worried, but then when to google skype and maleware warnings it seems quite common for skype to be using a lot of different IPs.

Vulcan · 08-23-2011, 06:28 AM

Maybe try System Restore?