Boott! s" Root Kit?

Hello,
My credit card was hacked a couple of times recently and the bank advised I should check my PC… I’m running free AVAST and Malware Bytes and they always come back clean. So I ran spyboot and found that Boott! s" in the root scan.
I googled it and came across a thread here so I followed the advice given on the scans to use and logs to attach.
I’ve attached them.
Would be most grateful for feedback!
Many thanks!!

Sorry that last scan hadn’t actually finished yet! I’ll attach the full log shortly

Could you post the spybot log that states what the infection is… As all I can see is adware Poki

I hope that’s the right one…

I have an airbook mac as well - can I run all these on a mac also?

No,these are Windows tools.

What tells you the credit card account has been hacked ?
What did you do to prevent it from happening again after the first time ?

I had fraudulent purchases. The last card only lasted one month. I had only used it for online transactions - although I can’t quite remember which PC I used. The transactions were all very normal. Hotels.com an Irish airline, etc. Nothing dodgy at all… All in all probably about 20 transactions and then 3 flights I hadn’t booked popped up…Haven’t had any troubles for probably 16 years and in the last 12 months or so I had 3 cards compromised…

Is there similar stuff for a mac, or is the mac less likely to get infected? I have sophomos (or something called similar to that) running on it…

That is a new on me and both FRST and ASWmbr are looking for bootkits/rootkits

Let get a third opinion

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Is there similar stuff for a mac, or is the mac less likely to get infected? I have sophomos (or something called similar to that) running on it...
SOPHOS home i guess ;)

TDS Killer didn’t seem to find anything:

Since nothing is found on the PC, it reduces the possible causes.
Some that are left are:

  • Something on the mac
  • Visiting fishing sites
  • Opening fishing mails
  • A person close to you
  • Data stolen from a (website) database

As for the hotels/flights you didn’t booked, have you checked if someone really used the hotels/booked flights ?
If someone did there is a good change that there are security tapes that show the person(s).

Ask the sites to send you their logs and all other info they have about the purchases.
If they refuse, have the police or a lawyer get them.

Thanks for all your help, really appreciate it.

Would Sophos pick up if there was something on the Mac? I also use an Iphone 6 and I use an app to book yoga classes on it. I’ve looked into security software for the i-phone but i haven’t found anything that looked ok - any suggestions?

I don’t open any emails that are dodgy, never open any attachments from unsolicited sources - I’m quite PC aware I guess. Fishing sites - I’m fairly sure that I haven’t been caught out. The only person who could have access to my card is my partner, an unlikely source.

I have some subscriptions that come out via paypal.
All the purchases on my last card, which I only had for one month or so would have been on secure sites, I would have updated some account info for motorway toll tags and bin charges and things like that.
The flights - the bank fraud department is looking into that. I have been fully refunded. I will ring them once they’ve sent out the fraud form I have to sing to see have they any more info.
Right now I’m happy to hear this PC is fine, so at least I can fell safe in using it - I do travel quite a bit so I do make a lot of hotel and flight purchases.

Would I be better off going for a non-free security software - one that offers additional online banking security?

Many thanks for all your help!!!

No need to get a paid product.
The avast Safezone Browser has a pay mode that offers extra security and is free :smiley:

Would Sophos pick up if there was something on the Mac?
Yes

Thanks guys, really appreciate the help.

Will look into the avast safezone browser.

While I’m getting all this super education here - should I use the avast password function - is that a much better option than letting the browser store passwords?

While I'm getting all this super education here - should I use the avast password function - is that a much better option than letting the browser store passwords?
There is always a risk that stuff that is online can be cracked when it comes to storing passwords i only trust my brain (and i also have them written down)

and use a password generator when creating them https://identitysafe.norton.com/password-generator

dont use any of these :wink:
Most common passwords list >> http://www.passwordrandom.com/most-popular-passwords

In my opinion spybot is reporting a false positive, carrying out a search it appears that this one pops up every two years or so… I would ignore it

Any further problems ?

About the passwords, I have them only stored in my brain.
Both browsers and avast passwords stores them encrypted.
Difference is that with avast passwords you can store them “in the cloud” and synchronize them on multiple systems.
Sounds nice, but actually it isn’t.
You don’t have control on where/how they are stored nor about how the system where they are kept is secured.