Still have securybanks phishing trojan

I think I followed the previous posted instructions for removal of securybanks phishing trojan, but it keeps reappearing. Not sure what I did wrong. I cleaned out Internet history, emptied recycle bin, downloaded and then ran the index.dat tool. Can you help?
ledgefolds5Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lobo042399Commented:
Hi ledgefolds,

Make sure you run the Index.dat tool in safe mode and after disabling System Restore. If you use any other restore program like GoBack also disable it. Let us know if the problem persists after that.

Good Vibes!

Lobo
0
ledgefolds5Author Commented:
Lobo-
I think that was it! Thank you so very much!
0
Lobo042399Commented:
Whew!!!  Glad it worked, Ledge!
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

ledgefolds5Author Commented:
I celebrated too soon.  The securybanks phishing trojan horse is back. I have Windows XP. I downloaded the index.dat suite tool to my desktop, disabled system restore, disabled Norton autoprotect, cleaned out my internet history, offline content and cookies using Tools and Internet options. Then deleted Norton recycle bin (but did not purge "protected files"; is that right? I'm new to XP), restarted in Safe Mode, and ran the tool.  Where have I lost my way?
0
blue_zeeCommented:

I believe SpySweeper take care of that. maybe worth a go.

Fully functional trial version here:

http://www.webroot.com/shoppingcart/tryme.php?bjpc=64000&vcode=DT02

Zee
0
ledgefolds5Author Commented:
Thanks. Yes, spysweeper is the only thing that will even detect it.  And it will remove, but only for a day or so and then it comes back.  I've done online scans on all of the sites suggested here and nothing else will even find it. It's a frustrating bugger!
0
blue_zeeCommented:

If it returns, you will have to look elsewhere for the reason why you're being hijacked.

Maybe a visit to certain websites?

Maybe a poor Firewall protection?

Take a look here:

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Hope this may heelp you trace the cause of your problem and eventually prevent its return.

Zee

0
Lobo042399Commented:
Hi ledge,

How long did it take to return? It could be a new infection as Zee suggests.
0
ledgefolds5Author Commented:
It had been every two days or so prior to my running your suggested safe mode clearing.  I was so confident about that, I didn't scan for it as vigilantly after my two day mark, so I'm not 100% sure. My net surfing is pretty low risk and as few references as I have been able to find about this virus leads me to believe it is recurring, not just overly common. I followed some links from this site to Trojan Hunter. It is showing clean for the second day after that.  If it stays gone another couple days, I'll close the question.
If it is okay to ask a corollary question, how at risk was I?  The Trojan Hunter showed two suspicious open ports.  I have made a couple of online purchases, should I cancel my card?  Thanks very much for your help on this.
0
blue_zeeCommented:

To be 100% safe, yes, you should cancel the card you used.

But, honestly, I believe the risk is low IF you are using a good Firewall.

Zone Alarm Free is good enough for general purposes:

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

If you are not running a firewall, you must cancel the card.

Zee
0
Lobo042399Commented:
Hi ledge,

Although I don't think securibanks has anything to do with your online purchases, I would in the future use mail-in money orders or use a PayPal account for online payments. Another thing is, do not set your browser to remember passwords, specially for access to your online banking. That's one of the first things some of those trojans look for.
As Zee says, a Firewall is not just a convenience these days; it's a must have. Zone Alarm is a good one. Black Ice used to be my favourite for years. Currently I use Norton and it does its job without hassle.

Now, returning to the Phishing; just in case I would take a new look at that index.dat file and see if it's back in there. Just a look. If it's not there there's no need to delete it.

By the way, during the cleanup process; I don't know if you disconnected the machine from the Net. That is also important when you'r disabling Autoprotect and/or lowering your Firewall.

Good Vibes!

Lobo
0
ledgefolds5Author Commented:
This thing is maddening!  It is back!  I have XP and the latest service pack and also Norton System Works 2004 as far as firewall protection is concerned.  I was not connected to the Internet when I performed clean up.  

Here is a question...is it possible this "virus" is a glitch of SpySweeper?  When I do online scans and now with Trojan Hunter, I am showing up clean.  Also, some of the other posts I have seen around seem to have only found this with Spy Sweeper. am using the free version of Spysweeper and I would upgrade if I thought they really could help me.  Maybe wishful thinking?

Also, when I empty my trash I have the option of emptying trash bin, which I did, and purging Norton protected files, which I didn't, because I didn't know what that meant.  Is that my problem?  Aaaaggghhh.  I'm sorry to keep coming back to you guys, but I'm glad you're there!
0
blue_zeeCommented:

I have read nothing wrong regarding SpySweeper:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

But... who knows?

I installed it and one of my machines showed that same keylogger. This made me wonder.

Cleaned up and didn't return.

Double-checked in other PC's, installing fresh SpySweeper, and it didn't find anything specially threatening.

But, you may have a point there. I will look around for more info on this.

Zee
0
blue_zeeCommented:

Loads of info here:

http://www.broadbandreports.com/forum/remark,11041049~mode=flat

and it always returns...??

http://smartercomputing.ipbhost.com/index.php?showtopic=7051&st=0&#entry47836

ditto...

We may be facing a false positive.

Zee
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lobo042399Commented:
Veeeery interesting. Thanks Zee.
0
ledgefolds5Author Commented:
Thank you very much zee and lobo.  I am going to delete Spysweeper, sleep better, and live in gratitude for your kind help!
0
Lobo042399Commented:
Thanks, ledge. Kudos to Zee for the info on the false positive. Worth reporting it. Wonder if it's a bug in SpySweeper or it's intentional.

Good Vibes!

Lobo
0
blue_zeeCommented:

Thank you.

I would say too evident to be intentional, but...

Cheers.

Zee
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.