May be u should format your PC,there may be trojan or keylogger installed on your system,so even changing your password may not work.
Yep, I just contacted namecheap...on the Paypal transaction list...the namecheap "account name" is listed...so I have told them this information, so they should be able to easily find out who it is. Yea I think I'll format on the weekend...just to be sure...
Try to keep your PC clean with anti spywares and key loggers , I would recommend that you should use AVG 8 , because I am using it and never had a problem..
Well it would seem to be because 2 of the payments are related to DP...which is rather disappointing.
I GOT THE BASTARD! All the proof is here: http://forums.digitalpoint.com/showthread.php?p=7958976#post7958976
This is disturbing how did they get a hold of your password? This makes no sense, was there some type of security breach or did they hack? The people who made these purchases probably live in a different country from you which will make it difficult to press charges.
Make sure you cancel the order with namecheap, as the domain name can be deleted within the 5 days of purchase and get the money refunded, so cancel it as soon as possible.
The first thing I did was get in touch with Paypal and open disputes for the 3 payments. This is so annoying...what's worse is that he used my account to pay other DP members...
Hmm. I can only think you have some sort of keylogger on your system OR you are routing through a proxy / VPN and information is being siphoned off somewhere via an insecure server.
I did a full scan...turns out "trojan.horst" was on my computer...Norton picked it up in a scan but not with it's realtime scanner..... http://www.symantec.com/security_response/writeup.jsp?docid=2006-113015-3846-99 says it opens a backdoor on my computer and works as a relay proxy... Question is now...where did I get it? From someone on DP? It would seem so. But I have had NO contact with that nuke13 so is he in cahoots with someone?
Ah, you should have a read at this: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HORST.KW http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HORST.AS which explains HORST can be dropped from a website. And then you really need to have a read through this as well. http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=The+MEDBOT+Menace
Yep ok...so I could have got it from a webiste...but it seems more than a coincidence that someone from DP used this access on my computer... As I said I never had anything to do with that guy...so I might retrace ym steps as to what websites from DP I have visited....there arent many. EDIT: another Scotsman! Good to see! I'm from just outside Edinburgh...but living in Australia now hence Scozzie = Scottish Aussie! Seems people think I'm a girl because of my avatar but I'm definately bloke...that's what my wife says anyway! My avatar is Jennifer Morrison (from House MD)...lol
Well scozzie good invesitgation work and catching that little fu*ker. Man talk about blatent... using a hacked DP account to pay another DP user shessh thats just pure craziness, well least you got that part solved. What is WORRYING is HOW?? There is alot speculation from keyloggers to trojans but either that is one hell of a coincidence that he so happened to use your account (and not realise you were on DP) or he was actively targetting DP members. With that being said, and mentioned above about picking up this trojan from a website, i wonder if any of his sig links points to such a site and/or a thread he has posted asking users to visit a website etc... It is fishy, and worrying too, thanks for the heads up with this i will certainly be treading more carefully.