Solved

Still have securybanks phishing trojan

Posted on 2004-10-30
399 Views
Last Modified: 2008-03-03
I think I followed the previous posted instructions for removal of securybanks phishing trojan, but it keeps reappearing. Not sure what I did wrong. I cleaned out Internet history, emptied recycle bin, downloaded and then ran the index.dat tool. Can you help?
0
Question by:ledgefolds5
    18 Comments
     
    LVL 17

    Assisted Solution

    by:Lobo042399
    Hi ledgefolds,

    Make sure you run the Index.dat tool in safe mode and after disabling System Restore. If you use any other restore program like GoBack also disable it. Let us know if the problem persists after that.

    Good Vibes!

    Lobo
    0
     

    Author Comment

    by:ledgefolds5
    Lobo-
    I think that was it! Thank you so very much!
    0
     
    LVL 17

    Expert Comment

    by:Lobo042399
    Whew!!!  Glad it worked, Ledge!
    0
     

    Author Comment

    by:ledgefolds5
    I celebrated too soon.  The securybanks phishing trojan horse is back. I have Windows XP. I downloaded the index.dat suite tool to my desktop, disabled system restore, disabled Norton autoprotect, cleaned out my internet history, offline content and cookies using Tools and Internet options. Then deleted Norton recycle bin (but did not purge "protected files"; is that right? I'm new to XP), restarted in Safe Mode, and ran the tool.  Where have I lost my way?
    0
     
    LVL 29

    Expert Comment

    by:blue_zee

    I believe SpySweeper take care of that. maybe worth a go.

    Fully functional trial version here:

    http://www.webroot.com/shoppingcart/tryme.php?bjpc=64000&vcode=DT02

    Zee
    0
     

    Author Comment

    by:ledgefolds5
    Thanks. Yes, spysweeper is the only thing that will even detect it.  And it will remove, but only for a day or so and then it comes back.  I've done online scans on all of the sites suggested here and nothing else will even find it. It's a frustrating bugger!
    0
     
    LVL 29

    Expert Comment

    by:blue_zee

    If it returns, you will have to look elsewhere for the reason why you're being hijacked.

    Maybe a visit to certain websites?

    Maybe a poor Firewall protection?

    Take a look here:

    Dealing with Unwanted Spyware and Parasites
    http://mvps.org/winhelp2002/unwanted.htm

    Hope this may heelp you trace the cause of your problem and eventually prevent its return.

    Zee

    0
     
    LVL 17

    Expert Comment

    by:Lobo042399
    Hi ledge,

    How long did it take to return? It could be a new infection as Zee suggests.
    0
     

    Author Comment

    by:ledgefolds5
    It had been every two days or so prior to my running your suggested safe mode clearing.  I was so confident about that, I didn't scan for it as vigilantly after my two day mark, so I'm not 100% sure. My net surfing is pretty low risk and as few references as I have been able to find about this virus leads me to believe it is recurring, not just overly common. I followed some links from this site to Trojan Hunter. It is showing clean for the second day after that.  If it stays gone another couple days, I'll close the question.
    If it is okay to ask a corollary question, how at risk was I?  The Trojan Hunter showed two suspicious open ports.  I have made a couple of online purchases, should I cancel my card?  Thanks very much for your help on this.
    0
     
    LVL 29

    Expert Comment

    by:blue_zee

    To be 100% safe, yes, you should cancel the card you used.

    But, honestly, I believe the risk is low IF you are using a good Firewall.

    Zone Alarm Free is good enough for general purposes:

    http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

    If you are not running a firewall, you must cancel the card.

    Zee
    0
     
    LVL 17

    Expert Comment

    by:Lobo042399
    Hi ledge,

    Although I don't think securibanks has anything to do with your online purchases, I would in the future use mail-in money orders or use a PayPal account for online payments. Another thing is, do not set your browser to remember passwords, specially for access to your online banking. That's one of the first things some of those trojans look for.
    As Zee says, a Firewall is not just a convenience these days; it's a must have. Zone Alarm is a good one. Black Ice used to be my favourite for years. Currently I use Norton and it does its job without hassle.

    Now, returning to the Phishing; just in case I would take a new look at that index.dat file and see if it's back in there. Just a look. If it's not there there's no need to delete it.

    By the way, during the cleanup process; I don't know if you disconnected the machine from the Net. That is also important when you'r disabling Autoprotect and/or lowering your Firewall.

    Good Vibes!

    Lobo
    0
     

    Author Comment

    by:ledgefolds5
    This thing is maddening!  It is back!  I have XP and the latest service pack and also Norton System Works 2004 as far as firewall protection is concerned.  I was not connected to the Internet when I performed clean up.  

    Here is a question...is it possible this "virus" is a glitch of SpySweeper?  When I do online scans and now with Trojan Hunter, I am showing up clean.  Also, some of the other posts I have seen around seem to have only found this with Spy Sweeper. am using the free version of Spysweeper and I would upgrade if I thought they really could help me.  Maybe wishful thinking?

    Also, when I empty my trash I have the option of emptying trash bin, which I did, and purging Norton protected files, which I didn't, because I didn't know what that meant.  Is that my problem?  Aaaaggghhh.  I'm sorry to keep coming back to you guys, but I'm glad you're there!
    0
     
    LVL 29

    Expert Comment

    by:blue_zee

    I have read nothing wrong regarding SpySweeper:

    Rogue/Suspect Anti-Spyware Products & Web Sites
    http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

    But... who knows?

    I installed it and one of my machines showed that same keylogger. This made me wonder.

    Cleaned up and didn't return.

    Double-checked in other PC's, installing fresh SpySweeper, and it didn't find anything specially threatening.

    But, you may have a point there. I will look around for more info on this.

    Zee
    0
     
    LVL 29

    Accepted Solution

    by:

    Loads of info here:

    http://www.broadbandreports.com/forum/remark,11041049~mode=flat

    and it always returns...??

    http://smartercomputing.ipbhost.com/index.php?showtopic=7051&st=0&#entry47836

    ditto...

    We may be facing a false positive.

    Zee
    0
     
    LVL 17

    Expert Comment

    by:Lobo042399
    Veeeery interesting. Thanks Zee.
    0
     

    Author Comment

    by:ledgefolds5
    Thank you very much zee and lobo.  I am going to delete Spysweeper, sleep better, and live in gratitude for your kind help!
    0
     
    LVL 17

    Expert Comment

    by:Lobo042399
    Thanks, ledge. Kudos to Zee for the info on the false positive. Worth reporting it. Wonder if it's a bug in SpySweeper or it's intentional.

    Good Vibes!

    Lobo
    0
     
    LVL 29

    Expert Comment

    by:blue_zee

    Thank you.

    I would say too evident to be intentional, but...

    Cheers.

    Zee
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now