[Closed] money stolen from paypal again......

TBH - after 2 incidents like that, I'd be formatting the drive & starting again

thing is it's a new laptop, i'm pretty sure i'd never been online with this machine when my skype was hacked.

looking at it, the email account that they have used to create the account was the only thing that still shared a password with skype, paypal however used a new password

what kind of sites are you visiting? do you often click things that say "scan my PC for free online now"?

never, i'm not that foolish

you dont have to be that foolish, loads of us got a trojan off here last week.

AVG picked that one up, assuming you mean that link that was dodgy

Malwarebytes for a start off.

AVG used to be the best, but it's got progressively worse from version 8 onwards. I run MSE these days and haven't looked back.

download malwarebytes
and superantispywear
(free) update and scan with both
bet they find loads of stuff the mse and avg will miss

worrying thing is they will both find different things

seems 3 sets of antispywear isnt enough these days?!

I had that happen to me 3 times and one time they took about £500 out and made me go overdrawn. Was some American firm taking the money out but paypal refunded it. No idea what happend but even after changing password it happened again and no virus or spyware found. I changed password to more complicated one and its been ok so far.

Are you choosing sensibly strong passwords?

Nothing that's in a dictionary, mix case, numbers and digits with a few characters in for good measure.

currently scanning with the above, the trojans that AVG found were on the contents i ripped off an external drive onto the new machine so could have been on old machine too.

left message with aeria games

nukes still on standby

passwords are a brand name and a series of numbers, come up as strong security on the indications you tend to get nowadays

looking at firewall log, it's blocking a lot of outgoing requests from an SVCHOST process to ip 239.255.255.0

is this normal? there's a log of a block ever few seconds at least

That address is a multicast address, not a 'regular' public IP. I don't [i]think [/i]this is likely to be nefarious - possibly something like uPnP being shouty. I reckon you can ignore it.

A bit of Googling would suggest this is SSDP. The only thing I can think of that uses SSDP in anger is the gateway discovery part of Windows Messenger. You can savely uninstall this (under "Windows Components" in Add/Remove Programs) - it's wholly unrelated to MSN / Live Messenger. Give it a go, see if your logs quieten down.

Ah, could also be media sharing - do you use something like TVersity / TwonkyMedia perhaps?

no media sharing, not knowingly anyway although no doubt windows 7 defaults to some kind of sharing

malwarebytes picked up nowt

mrmichaelwright - Member

I used a 'ahem' borrowed version of symantec corporate for years and have never had a problem.

Karma

ha, i've even paid for office this time, that's karma enough

anyway, Web 2.0 and all that, the big corporates will subsidise the open source developers providing software without support for lower users.

it's the future

I'd say it's your password brand name and a few digits isn't exactly strong. You need to avoid common words and names.

it's not a common brand name, unless you are a mountain biker 😕

changed now by the way 😉