Helping people with computers... one answer at a time.
It happens to the best of us. You click a link and only then do you realize that you shouldn't have. I'll explore one scenario.
I'm very careful with emails but one finally got me the other day. It was innocuous in content and I clicked on "Click here for further details". It went to a blank page that the browser said it was unable to find. So, my first question is could a virus be installed, even though it didn't go to another site?
Searching online, I found that that particular email is possibly used to install a keylogger. It was purportedly from NACHA and referred to a canceled ACH transaction. I went to Microsoft and they had me run SuperAntispyware and called it a day. I have Avast and use also Eusing registry cleaner and Malwarebytes. Since, I've installed Defender and Trusteer Rapport. Superantispyware did find a trojan but I can't be sure what it is.
So, I inactivated my online banking, which is awful as I use it every day. A woman at the bank said her mother-in-law got another computer and uses it just for financial transactions, as suggested by Clark Howard. So, I decided to do that. But now, once I setup the new laptop, exactly what financial transactions besides my banking, should I transact on it? I do not want to contaminate it of course.
I'm wondering, can the virus pick up my credit card numbers that I enter on websites where I make purchases? I usually use Amazon, Meijer, Overstock, but what about websites where you don't know about their security? I order medications from Canada for example. I am driving myself crazy on this, afraid they will get into my bank account and clean it out. I plan to reactive it and go in and change the password on the new computer. I'm using a switch so I can use my DSL for both computers. All this technology is rapidly whizzing past me...
The short version is that while there can be no absolutes in a case like this, I'm fairly certain that you're OK.
There are several interesting aspects to your situation and the questions that you've asked, so let's have a look.
The first question is a very intriguing one.
As I thought about it, I realized that anyone could make a fake page that looked like a "Page not found" page. There are enough variants of "Page not found" pages that we're used to seeing that it probably doesn't even have to be that accurate. As long as it looks plausible, it'll probably pass as legitimate.
Before you get too scared, though, I'll also say that I suspect this is pretty unlikely.
Not only is not-found fakery fairly rare, the fact that you (presumably) didn't have to do anything - like accept a download or click on a popup - is a pretty good sign that this was probably a legitimate "Page not found" page.
Quite often, malware uses pages that have been hijacked on legitimate web sites. Once the website owner determines that their site has been violated, they take the pages down - resulting in a very legitimate "not found" error.
You've got quite a few security packages - probably more than you really need. However, packages like Malwarebytes and some of the others that you have listed give me some additional confidence that your machine escaped unscathed.
Even though something appears to have been found on your machine, it wasn't labeled as a keylogger (that would have been more concerning), and presumably, it has been removed. It could be completely unrelated to the link that you clicked on. In fact, I'm tempted to call it a likely false positive, but that's just a gut feel without all the details.
Many computer security folks recommend using a second machine dedicated to online banking and similar kinds of transactions. Some even go so far as to recommend that it not be a Windows-based machine.
While I stop short of recommending that extreme approach - I'm of the opinion that good security habits and good security software are all that most people need - I certainly wouldn't disrecommend it. It does add a layer of security for the most important accounts.
So, if the idea is to restrict what happens on that machine, just what should you restrict it to?
My take: restrict it to banking and financial accounts where, if breached, unauthorized intruders could:
Withdraw or transfer money to themselves
Access personal information that would enable identity theft
Cause you significant, uninsured financial loss
In other words, I'd restrict most bank and brokerage accounts, as well as any online financial planning tools.
Any site that allows you to display your important personal information is probably worth relegating to this dedicated machine.
And I would then restrict that machine to be used only for those sites, and with no email installed. If you need to "click a link" in some email that purports to be from one of your restricted institutions, don't. Instead, visit the institution's website directly and navigate as appropriate to whatever it is you're attempting to do.
I would not bother with sites where you make online purchases. My concern is that the more sites that you visit on the "secure" machine, the greater the risk for accidental contamination.
My rationale is that the majority of credit card purchases are protected by the credit card issuer. Even in the unlikely event that your transaction were captured due to malware on your machine, you're still likely to have only limited financial liability - though the inconvenience may be significant.
Changing your password (and possibly your password recovery information - see Is changing my password enough?) at your financial institution is prudent. Even thought the risk of compromise is low from what I understand of your situation, the cost of failure is high so it just makes sense.
Beyond that, my sense is that you're taking the right steps and doing the right things.
Keep an eye on your bank account (from a separate machine, if you like), and your credit card statements in the coming weeks and months as an extra double-check, but my opinion is that you can relax a little; you'll be fine.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.