Suspicious Popups whilst banking

[camerafodder]

Hi Guys
our PC at home is 'protected' by an up to date copy of Norton 360 and Microsoft Security Essentials. However when on our bank website a popup appears asking for addtional info ie full security number. This seemed suspicious so we logged off without filling in the box. Mrs Camerafodder reported the incident to the bank and they have confirmed that it is suspicious. I have scanned our PC to within inches of its life and a few minor cookies etc.. and a couple of Trojans were found. However I now have a nice array of green ticks in boxes where they should be but the box still appears. Any help or advice greatly appreciated.

 

[wemorgan]

I'd also try using malwarebytes to scan your disk:

Malwarebytes' Anti-Malware: Malwarebytes

on top of that I also use Spybot Search and Destroy

Spybot - Search & Destroy - Free software downloads and software reviews - CNET Download.com

 

[Ade B]

If you have the time and inclination, I'd go for a complete reinstall of the operating system wiping the HD - it will be a load of aggro but the PC will run smoother for it and it will get rid of everything.

Just back up first


Ade

 

[6pot]

i dont rate Norton and have had similar experiences. AVG is what im using at the moment, and seems to be good and doesnt slow the machine down. I run regular scans to check for trojans keyloggers etc for this very reason, after what you found id change all my passwords as well.

 

[Brian WH]

I use Norton 360 and haven't had any problems at all on on-line banking.

Are you sure it is not the Microsoft Security Essentials asking the question as a security check. I would disconnect Microsoft Security Essentials and try again, as Norton is enough security IMO.

 

[camerafodder]

I use Norton 360 and haven't had any problems at all on on-line banking.

Are you sure it is not the Microsoft Security Essentials asking the question as a security check. I would disconnect Microsoft Security Essentials and try again, as Norton is enough security IMO.

Thanks Brian, the popup is disguised as a bank window and is asking for full bank code details, something that the bank would never do and they have confirmed that it is malware of somekind.

 

[crockers]

Do your bank recommend or offer a free virus software package? Mine, Barclays, offer KAspersky free for 3 PCs and 1 Mac.

I also thought that it was bad advice to run more than one anti virus program at the same time as they clash. I know if you want to install Kaspersky you have to totally remove Norton..
.
Give your bank a call and see if they offer a recommended anti virus program

 

[manalishi]

Thanks Brian, the popup is disguised as a bank window and is asking for full bank code details, something that the bank would never do and they have confirmed that it is malware of somekind.

Sounds like the same type of Trojan that tried to get into my Nationwide account a year or two ago. Exact same MO: asked for a full security code instead of a few characters.

I got in touch with Nationwide, and they confirmed it, said (back then) that it was a particularly nasty one that was difficult to remove. I was about to upgrade the PC anyway, so I did that. Bit drastic, but a new PC was so cheap anyway.

There's more info about another similar Trojan here (Feb '09): News and alerts - Further information - Security - Nationwide Building Society

I'd start hassling Norton (hah - good luck with that!) and asking why its software can't sort this Trojan out.

 

[wemorgan]

Out of interest are the symptoms that of a virus or malware, or are the two words interchangeable?

 

[camerafodder]

Out of interest are the symptoms that of a virus or malware, or are the two words interchangeable?

I'm using the word to mean one in the same but I'm probably wrong!

 

[camerafodder]

Thanks Manalishi

The 18 feb 09 article is very close to what is happening. I'm going to try their recommended scan and see what happens. Who knows? Maybe I'll be able to earn enough brownie points with Mrs CF to allow me to buy a nice tube amp kit!

 

[Spinal]

You may be unlucky enough to have been targetted by a man-in-the-middle attack, in which case it wouldn't be any software on your machine at fault.

Either way; does your bank support trusteer? Home | Trusteer Most larger UK banks have now signed up to trusteer, and it's services are pretty good. Last report I saw was on the lines of, "no client with trusteer installed has fallen victim to online fraud".

M.

 

[NormanC]

I'd also try using malwarebytes to scan your disk:

Malwarebytes' Anti-Malware: Malwarebytes

on top of that I also use Spybot Search and Destroy

Spybot - Search & Destroy - Free software downloads and software reviews - CNET Download.com

Agree 100% with this.

 

[NormanC]

I was about to upgrade the PC anyway, so I did that. Bit drastic, but a new PC was so cheap anyway.

Was a bit drastic wasn't it?

Perhaps a hard drive reformat followed by operating system re-install then restore of back-ups could have saved you some money.

 

[Noodle-Pulp]

Slight difference:

Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent.

A virus is capable of duplicating itself and being transmitted to other computers and is not always intended as malicious.

 

[manalishi]

Was a bit drastic wasn't it?

Perhaps a hard drive reformat followed by operating system re-install then restore of back-ups could have saved you some money.

Agreed, but at the time I was cash-rich and time-poor, so I took the path of least resistance.

 

[Noodle-Pulp]

By the way you could have tried this method, when the window popped up right click on it and view Properties, in the middle of the properties window is the Address (url).

Next follow these steps and block that address:

This action will require you to edit your Host file. Your host file is a computer file used to store information on where to find a node on a computer network. For more a more detailed description. Check out this link Host File Description Link
In Windows XP
1. Click Start->All Programs->Accessories->Command Prompt.
2. Click Command Prompt This will open a DOS command window.
3. Type: notepad C:/Windows/System32/drivers/etc/hosts
4. Locate the line 127.0.0.1 localhost
5. To block the website google.com for example, just add this text under 127.0.0.1 localhost:


127.0.0.1 <insert popup address here>

You can add as many sites any site, However you will need to prefix it with "127.0.0.1".

6. Save the file
The site will now be blocked in all web browsers. This is an advanced but easy method on how to block a website.