Solved

securybanks phishing trojan

Posted on 2004-09-08
18
5,413 Views
Last Modified: 2008-01-09
Has anyone found a way to permantly remove "securybanks phishing trojan"?
I have used various spyware removal tools ie: Spy Sweeper, Adaware, hijack this, trojan hunter and still I cannot get this removed fully, it reinstalls itself every time i start pc.
0
Comment
Question by:catdeb
  • 6
  • 5
  • 5
  • +1
18 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12007928
Hello catdeb =)

U have already tried using hijackthis,,,, im sure u sued the latest version, i.e v.1.98.2
if NO then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then u will have two options.....

1. Post here that LOG file, and I will tell u that what is BAD in it and how to remove them :)

2. Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, if u can trust it, go on and delete everything which it asks u to delete :)

Also Did u tried running all those spwyare and av tools in SAFEMODE ??
and if its WinXP\ME, did u turned off the System Restore first to remove this trojan ??
0
 

Author Comment

by:catdeb
ID: 12008036
Have  the lastest version and did run in safe .. hijack shows nothing. This Phishing tool embeds in the content ie file for temporary internet files. i have even deleted all and still it comes back.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12008061
>> Have  the lastest version and did run in safe

no u have to run it in Normal Mode...... can i have a look at it if u dont mind :)
0
 
LVL 17

Accepted Solution

by:
Lobo042399 earned 250 total points
ID: 12009347
Hi catdeb,

This phishing trojan hides itself in the temporary internet files\content ie5 folder and attaches itself to IE. It also makes a copy of itself inside the index.dat file and that's why it keeps reappearing after you have removed it.

Please download the following tool:

http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

Index.dat Suite allows you to look into the contents of the index.dat file and allows you to safely delete it. Please make sure that you write down any username/password combinations you may have allowed IE to "remember", since deleting the index.dat file will erase that information. Follow the instructions in the website to delete index.dat. After reboot IE will create a fresh one and the malicious trojan will be gone. You'll have to re-enter your username/password for websites you're registered to, but that's a small tradeoff for getting rid of Securybanks.

And in the future, do not open emails that come from sources you don't know or are dubious.

Good Vibes!

Lobo
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12017534
I believe the information provided is right on and mostly likely resolves your issues.  I was doing research on some general banking trojans, and found this article of great interest, so not for points, just for sharing; since variants aren't only delivered by Email.  
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=46200112
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12019086
Hi asta,

Very interesting. I got tired of reporting these citibank scams so now I have a filter to trash them.

I ran a search at Symantec for Tolger and there was no reference to it. Neither at Panda. Macafee seems to be down?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12020376
Howdy, me too; filtered-out.  Heard in the News that these CitiBank/WellsFargo/and other related bank scams have finally caught the eyes of the Feds so hopefully more will be done soon to find/block this fiasco (though knowing the speed of these kinds off issues, not soon enough)!  Found nothing at McAfee this morning for Tolger either; though a number of hits via google.
  http://www.google.com/search?hl=en&ie=UTF-8&q=tolger
0
 

Author Comment

by:catdeb
ID: 12112129
Well so far not one good answer. I have tried hijackthis in safe, in regular mode, run the index.datsuite ( safe and regular ). I have cleaned out the index files, I have used spysweeper and guess who i find everytime! The Secury Banks Trojan!  ITs still showing up in my C:\WINDOWS\Temporary Internet Files\Content.IE5. I ran the index suite lisiting that directory and am giving up UNLESS someone out there can HELP me.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12112387
The Content.ie5 folder should not be deleted. If you have already deleted Content.ie5, restart your computer and then empty the Recycle Bin. The Content.ie5 folder should be recreated the next time you start Internet Explorer. ... more here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;273010
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:catdeb
ID: 12114990
astaec, please read the info that was posted on what I did. I am not deleting the content folder, I am cleaning out the index.dat files and  tryng to rid a computer of the Secury Banks Trojan. Perhaps you should read all the topic before replying.
Thank you for your interest BUT you have not provided any helpful info for the topic I posted.
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12116376
Hi catdeb,

Chill out, Asta is one of our top experts here. Run the index.dat tool, but this time disable System Restore before doing it. That may be causing the trojan to return.

Good Vibes!

Lobo
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12122594
":0) Thanks; did read it all, but sometimes it isn't what is done so much as the order of things done that may circumvent the fix.  Lobo is so correct in the System Restore issue.  Thank you also, Lobo, for the kind words.
Best wishes all, you're in excellent hands here, catdeb.  Back to work.
Asta
0
 

Author Comment

by:catdeb
ID: 12139056
Ok one up on me, how do you disable win98 system restore?
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12139357
Ahhhh....  there's no System Restore in Win98. Are you running any backup software like GoBack?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12142764
OOps, didn't know you were running 98.

Perhaps you can restore a prior Registry which "may" be viable.... more here (and includes error messages and process, if they apply to you):
When you restore a previous registry using the scanreg /restore command, you may receive the following error message:
Microsoft Registry Checker
System restore operation failed. More here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245412&Product=w98

BUT... if intrusions were included; back to ground zero.  Can you isolate when the problem intrusion happened to make sure you don't restore that Registry backup?

start-run sfc may also help you restore system files; or start-run-msinfo32 and under tools the Registry Checker, System File Checker (another way to load it) or the Version checker (forget exactly what it's called, been too many years since using 98)
0
 

Author Comment

by:catdeb
ID: 12171118
Well guys.. Thank you for trying to help, I finally found the way to rid my system of this problem. Lobo had it almost right except for minor details on the index.dat tool. In order to run this effectively I had to drop my zone alaram suite. Basically the antivirus part was preventing the index from being cleaned thus removing the little phishing trojan from temp files index.  Again thank you for trying to help, seems the easiest way is overlooked sometimes.
Steps taken to rid system:
1. Turn off the anti virus in msconfig.
2. Deleted files sitting in C:\WINDOWS\Temporary Internet Files\Content.IE5.
3. Empty trash
4. Run index.dat tool
5. Restart
6. Reset av in msconfig
REBOOT and all is back as it should be ..

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12171626
Good news!
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12172044
Ah-hah!!!!! That was it!  Hey, glad we could almost help! ;o)

Good Vibes!

Lobo
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

As more computers now shipped with 64-bit version of Windows, more users are now using this Operating System.  So it's important to be aware how some 32-bit diagnostic tool works on these systems, so we know what to expect when analyzing the logs an…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now