Passwords and Credit card numbers kept on computer?

Discussion in 'Security Software' started by bxf, Oct 19, 2006.

  1. bxf

    bxf Guest

    I installed a downloaded program (InternetCalls) that evidently
    contained some trojans. Although the program itself is legitimate, the
    installation package included the trojans.

    I have not been all that attentive to the various ill effects of
    viruses, etc, but nevertheless, I was very surprised to see that these
    trojans created some text files that contained not only some of my
    passwords but also a credit card number.

    I never knowingly asked for any credit card numbers to be retained on
    my machine, and yet this info is there. In fact, some of the data is
    very old. This, of course, means that "anybody" can access this
    information. And, although the trojans have been removed, I have no
    idea as to where they obtained this "secret" info and how I should go
    about removing it from my up-to-date XP/SP2 machine.

    Any suggestions would be appreciated.

    Thanks.
     
    bxf, Oct 19, 2006
    #1
    1. Advertisements

  2. bxf

    PA Bear Guest

    They're called "keylogger" Trojans. They record your keyboard strokes and
    when they "recognize" what appear to be passwords or credit card numbers,
    they send them to the miscreants.

    Even on a Secure Site, consider copy/pasting your username, passwords, and
    credit-card info instead of typing them.

    Checking for/Help with Hijackware
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/tshoot.html
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/
    http://www.elephantboycomputers.com/page2.html#Removing_Malware

    When all else fails, HijackThis v1.99.1
    (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
    It will help you to both identify and remove any hijackware/spyware. **Post
    your log to http://aumha.net/viewforum.php?f=30,
    http://castlecops.com/forum67.html,
    http://forums.subratam.org/index.php?showforum=7, or other appropriate
    forums for expert analysis, not here.**

    If the procedures look too complex - and there is no shame in admitting this
    isn't your cup of tea - take the machine to a local, reputable and
    independent (i.e., not BigBoxStoreUSA) computer repair shop.
     
    PA Bear, Oct 21, 2006
    #2
    1. Advertisements

  3. bxf

    bxf Guest

    Thanks for the info, PA Bear.

    The reality was much simpler. As it turns out, almost all the data I
    mentioned was in fact being kept by the IE Autocomplete function. After
    hitting the "Clear Forms" and "Clear Passwords" buttons (Internet
    Options > Content > AutoComplete) and redoing the "bad" install I
    mentioned, the generated files no longer contained all the data. EXCEPT
    -

    In addition to my ISP's userid/paswords, there are still two sites
    being listed as folows:

    ==================================================
    Resource Name : ...url...
    Resource Type : IE: Password-Protected Sites
    User Name/Value : ...my userid...
    Password : ...my pasword...
    ==================================================

    I'm merely pointing out the fact that the entries are clearly
    identified as being IE Password-Protected Sites, and yet these are not
    cleared even after several attempts at "Clear Passwords". Where are
    these kept, and how do I clear them?

    And another question, if I may. I'm pretty sure that in all my use of
    the web, I've entered more credit card related info than just the one
    that came up in the file. I'd like to think that when one types in CC
    info in an SSL secured site, that info is not normally retained on
    one's machine in such an easily accessible form, if at all. May I
    assume that in the case of the one CC number showing, I must have been
    using an unsecured site?

    Thanks.

    Bill
     
    bxf, Oct 21, 2006
    #3
  4. bxf

    PA Bear Guest

    ...May I
    Most likely, yes. I don't type CC info at /any/ site.
     
    PA Bear, Oct 24, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.