Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Online Bank Account Phising


  • Please log in to reply
10 replies to this topic

#1 Mation

Mation

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 31 October 2010 - 10:59 PM

Hello all. Recently when using Firefox version 3.6.12 to log onto my Bank of Hawaii account I am directed to this screen.

Posted Image

I ran Malwarebytes' Anti Malware and the only problems that come up are these:

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

I tried running a scan both in safe mode and regular mode and am still having problems.

I'm running Windows XP, Home Edition, Version 2002, Service Pack 3. Acer, AMD, Athlon ™ 64 processor, 3500+.

Please advise. Tried scanning with super anti spyware, mcafee, avast antivirus, advanced system care, and TFC. Ran F-secure health check and secunia for all my updates and still problems. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:26 PM

Posted 31 October 2010 - 11:12 PM

Contact your bank. Also what is the link to the login page?

#3 Mation

Mation
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 31 October 2010 - 11:21 PM

Will do. Here's the login page:

https://www.boh.com/personal/

It's really strange. My Chase Online Bank Account and Bank of Hawaii account are the ones suspect. My Citi Online account is the only one okay.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:26 PM

Posted 31 October 2010 - 11:23 PM

Post the logs from the scans.

#5 Mation

Mation
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 31 October 2010 - 11:40 PM

1st scan
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5009

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/31/2010 2:34:32 PM
mbam-log-2010-10-31 (14-34-32).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 275128
Time elapsed: 23 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2nd scan
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5010

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/31/2010 6:52:22 PM
mbam-log-2010-10-31 (18-52-22).txt

Scan type: Quick scan
Objects scanned: 171905
Time elapsed: 17 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------------------
Phoned the bank and they told me they don't ask for that type of information. Said the page I was directed to was not related to their company. Thanks again cryptodan.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:26 PM

Posted 01 November 2010 - 12:30 AM

Are you still getting redirects?

#7 Mation

Mation
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 November 2010 - 12:33 AM

Yeah. I tried using another computer and the login went through successfully.

Also tried logging in through Internet Explorer 8 and still the same redirect problem with my computer.

Edited by Mation, 01 November 2010 - 12:34 AM.


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:26 PM

Posted 01 November 2010 - 11:19 AM

Try this: How do I reset the hosts file back to the default?

#9 Mation

Mation
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 01 November 2010 - 11:34 PM

No luck. Still getting the same page. Really appreciate the suggestions though. I'm desperate to try anything now.

#10 Mation

Mation
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 02 November 2010 - 11:19 AM

Solved. Uploaded Google Chrome. Seems to have been a bug in both my Internet Explorer and Firefox browsers.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:26 PM

Posted 02 November 2010 - 11:37 AM

Check your proxy settings and trusted hosts section.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users