RE: How does a web site harvest user names

From: Danor (danor456L_at_passport.com.(donotspam))
Date: 12/29/04 

Date: Tue, 28 Dec 2004 22:49:06 -0800

Nato-
At face value with what you have shared already, it is reasonable that you
may have contracted a keylogger/spyware program onto your system. If you
downloaded a file [esp while logged in as Administrator - definitely :-(((]
and then executed that download, you may have been infected with one and
subsequently be in VERY deep River-City trouble. If this is what happened,
then all your passwords are suspect to have been reported to this hacker, too
(can you remember which ones you HAVEN'T typed since you (may have) gotten
infected?)

A Freeware anti-spyware tool is Spybot Search and Destroy.
Better, though, is Spysweeper (it can find about twice as many mal-wares as
what Spybot can at last count; although both make regular updates to their
definitions database). I like both for their own reasons so use them both.

Webroot is the maker of Spysweeper (http://www.webroot.com/).
They also offer a free online sweep of your system (Spy Audit - look in the
upper right corner of the home page).

It would be well worth your while to try this ASAP as a first step.

Good luck!

"Nato" wrote:

> I beleive someone obtained my accounts "user names" from my xpsp2 box while I
> was surfing the other day.
> I have logon auditing turned on and noticed failed attempts to remote in
> using all the valid user accounts on my machine. I was surfing just prior to
> the attempts and am therefore guessing this is how they obtained the names.
>
> I have both hardware and software (XP) firewall in place with only port 3389
> open from the outside.
> I am using the MyIE2 browser with popup and ad blocking enabled. Spybot with
> Immunize turned on.
> I was browsing as an admin ;-(
>
> Anyone know how this happens and if it can be stopped?
> Thanks

Relevant Pages

  • Re: 80072EFD after Download Box shows up and executes. AOL 9 & wi
    ... AOL browser will not download updates from Microsoft Windows update. ... -Open Spybot S&D, if you're not on the SPYBOT S&D tab click on it ... Kurt Says: There was not anything beyond the "127.0.0.1 localhost" entry. ... registry - it would not let me download Stinger, nor Panda nor update Norton. ...
    (microsoft.public.windowsupdate)
  • Re: Search help
    ... Sounds like this might be a variant of some malware called CoolWebSearch (if ... not, then see AdAware, SpyBot, and HijackThis, below). ... Download, UPDATE before running, and run: ... Another excellent program for this purpose is SpyBot Search and Destroy ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Hyperactive Hyperlinks
    ... Sounds like this might be a variant of some malware called CoolWebSearch (if ... not, then see AdAware, SpyBot, and HijackThis, below). ... Be sure that you also download and install hotfix Q816093, ... Another excellent program for this purpose is SpyBot Search and Destroy ...
    (microsoft.public.windows.inetexplorer.ie6.ieak)
  • Re: My address bar wont search anymore
    ... Sounds like this might be a variant of some malware called CoolWebSearch (if ... not, then see AdAware, SpyBot, and HijackThis, below). ... Be sure that you also download and install hotfix Q816093, ... Another excellent program for this purpose is SpyBot Search and Destroy ...
    (microsoft.public.win2000.general)
  • Re: A2 found "traces"
    ... Trace.Directory.Spyware.MateWatcher ... download it. ... more pieces of spyware, a little bit at a time and usually quick enough so ... I don't know about Spybot, but I -thought- Adaware had done a fix to ...
    (microsoft.public.windowsxp.security_admin)