This post is more than 5 years old
1 Message
0
29732
September 5th, 2015 13:00
Suspicious Router Activity, Bank Account got hacked. Can you help?
My Bank account just got hacked, and apparently it happened yesterday. It's registered that there were multiple purchases through Steam (a PC gaming platform), and that my Credit Card was used, and therefore assumed that either my Credit Card information was stolen or someone got into my Bank Account. So I checked my router (ASUS RT-AC87U) and found this in the logs:
Sep 4 11:59:59 ntp: start NTP update
Sep 4 12:01:01 HTTP login: Detect abnormal logins at 5 times. The newest one was from 207.172.85.203.
Sep 4 12:01:02 HTTP login: Detect abnormal logins at 10 times. The newest one was from 207.172.85.203.
Sep 4 12:01:02 HTTP login: Detect abnormal logins at 15 times. The newest one was from 207.172.85.203.
Sep 4 12:01:03 HTTP login: Detect abnormal logins at 20 times. The newest one was from 207.172.85.203.
Sep 4 12:01:03 HTTP login: Detect abnormal logins at 25 times. The newest one was from 207.172.85.203.
Sep 4 12:01:04 HTTP login: Detect abnormal logins at 30 times. The newest one was from 207.172.85.203.
Sep 4 12:01:04 HTTP login: Detect abnormal logins at 35 times. The newest one was from 207.172.85.203.
Sep 4 12:01:05 HTTP login: Detect abnormal logins at 40 times. The newest one was from 207.172.85.203.
Sep 4 12:01:05 HTTP login: Detect abnormal logins at 45 times. The newest one was from 207.172.85.203.
Sep 4 12:01:06 HTTP login: Detect abnormal logins at 50 times. The newest one was from 207.172.85.203.
And this message repeats over and over up to this:
Sep 4 12:05:55 HTTP login: Detect abnormal logins at 2845 times. The newest one was from 207.172.85.203.
Sep 4 12:05:55 HTTP login: Detect abnormal logins at 2850 times. The newest one was from 207.172.85.203.
Sep 4 12:35:37 miniupnpd[17490]: Expired NAT-PMP mapping port 57477 UDP removed
Sep 4 12:35:37 miniupnpd[17490]: Expired NAT-PMP mapping port 57477 TCP removed
Sep 4 13:00:01 ntp: start NTP update
The logs then continue with more commands like the
'Expired port' message, and some more updates. Can someone tell me what exactly happened, and what I should do from this point forward?
Thank you!
Side note: I myself have a Steam account, but my Computer with the Steam account logged in from was not on at the time that the Steam transaction happened, and my Steam Account receipt logs have no record of purchases happening within the last week.
0 events found
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
September 8th, 2015 04:00
I believe someone moved this thread from another sub-forum to Virus & Spyware. I don't know that this is the type of "analysis" ever done here.
Unless someone else wishes to comment, all I can do is offer you some common-sense advice: If you haven't already done so, contact your bank and credit card company to alert them to the potential fraud. You may also consider contacting the major credit bureaus, Experian, Equifax, and TransUnion.
PudgyOne
11 Legend
•
30.3K Posts
•
106.6K Points
0
September 8th, 2015 05:00
CPfohl,
I have moved this tread to the Virus and Spyware forums. I suspect that there is some type on malware on your system and/or that Steam has been hacked.
The ip address of 207.172.85.203 comes back to a Washington DC location.
ky331,
I believe this person needs referred to a malware removal forums.
Thanks,
Rick
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
September 8th, 2015 05:00
If Rick is correct, that it's a malware attack, here's the referral information he's requesting:
One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.
Please follow the directions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 to register and post the requested DDS logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection. All help provided there is FREE. If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.
Good luck!
RoHe
12 Elder
•
45.2K Posts
•
172.6K Points
0
September 8th, 2015 18:00
Contact your bank to cancel that credit card(s) ASAP so you won't be responsible for the charges.
Change all your passwords everywhere ASAP. Be good idea to use some other PC to change passwords because this one may be insecure and you don't want to wait until the experts at spywarehammer help you clean it.
If all your PCs, phones, tablets are on a home network, wired or WiFi, it may be good idea to have them checked for malware which could have spread from one system to another across your network.
Bugbatter
4 Apprentice
•
20.5K Posts
0
September 9th, 2015 03:00
SpywareHammer has a security/network specialist on staff. Following the instructions to post there might be helpful.