[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Still have securybanks phishing trojan

Posted on 2004-10-30
18
Medium Priority
?
407 Views
Last Modified: 2008-03-03
I think I followed the previous posted instructions for removal of securybanks phishing trojan, but it keeps reappearing. Not sure what I did wrong. I cleaned out Internet history, emptied recycle bin, downloaded and then ran the index.dat tool. Can you help?
0
Comment
Question by:ledgefolds5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 6
18 Comments
 
LVL 17

Assisted Solution

by:Lobo042399
Lobo042399 earned 600 total points
ID: 12455895
Hi ledgefolds,

Make sure you run the Index.dat tool in safe mode and after disabling System Restore. If you use any other restore program like GoBack also disable it. Let us know if the problem persists after that.

Good Vibes!

Lobo
0
 

Author Comment

by:ledgefolds5
ID: 12460276
Lobo-
I think that was it! Thank you so very much!
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12460832
Whew!!!  Glad it worked, Ledge!
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:ledgefolds5
ID: 12504429
I celebrated too soon.  The securybanks phishing trojan horse is back. I have Windows XP. I downloaded the index.dat suite tool to my desktop, disabled system restore, disabled Norton autoprotect, cleaned out my internet history, offline content and cookies using Tools and Internet options. Then deleted Norton recycle bin (but did not purge "protected files"; is that right? I'm new to XP), restarted in Safe Mode, and ran the tool.  Where have I lost my way?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12513373

I believe SpySweeper take care of that. maybe worth a go.

Fully functional trial version here:

http://www.webroot.com/shoppingcart/tryme.php?bjpc=64000&vcode=DT02

Zee
0
 

Author Comment

by:ledgefolds5
ID: 12513771
Thanks. Yes, spysweeper is the only thing that will even detect it.  And it will remove, but only for a day or so and then it comes back.  I've done online scans on all of the sites suggested here and nothing else will even find it. It's a frustrating bugger!
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12513997

If it returns, you will have to look elsewhere for the reason why you're being hijacked.

Maybe a visit to certain websites?

Maybe a poor Firewall protection?

Take a look here:

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Hope this may heelp you trace the cause of your problem and eventually prevent its return.

Zee

0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12515676
Hi ledge,

How long did it take to return? It could be a new infection as Zee suggests.
0
 

Author Comment

by:ledgefolds5
ID: 12516940
It had been every two days or so prior to my running your suggested safe mode clearing.  I was so confident about that, I didn't scan for it as vigilantly after my two day mark, so I'm not 100% sure. My net surfing is pretty low risk and as few references as I have been able to find about this virus leads me to believe it is recurring, not just overly common. I followed some links from this site to Trojan Hunter. It is showing clean for the second day after that.  If it stays gone another couple days, I'll close the question.
If it is okay to ask a corollary question, how at risk was I?  The Trojan Hunter showed two suspicious open ports.  I have made a couple of online purchases, should I cancel my card?  Thanks very much for your help on this.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12517045

To be 100% safe, yes, you should cancel the card you used.

But, honestly, I believe the risk is low IF you are using a good Firewall.

Zone Alarm Free is good enough for general purposes:

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

If you are not running a firewall, you must cancel the card.

Zee
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12518199
Hi ledge,

Although I don't think securibanks has anything to do with your online purchases, I would in the future use mail-in money orders or use a PayPal account for online payments. Another thing is, do not set your browser to remember passwords, specially for access to your online banking. That's one of the first things some of those trojans look for.
As Zee says, a Firewall is not just a convenience these days; it's a must have. Zone Alarm is a good one. Black Ice used to be my favourite for years. Currently I use Norton and it does its job without hassle.

Now, returning to the Phishing; just in case I would take a new look at that index.dat file and see if it's back in there. Just a look. If it's not there there's no need to delete it.

By the way, during the cleanup process; I don't know if you disconnected the machine from the Net. That is also important when you'r disabling Autoprotect and/or lowering your Firewall.

Good Vibes!

Lobo
0
 

Author Comment

by:ledgefolds5
ID: 12533595
This thing is maddening!  It is back!  I have XP and the latest service pack and also Norton System Works 2004 as far as firewall protection is concerned.  I was not connected to the Internet when I performed clean up.  

Here is a question...is it possible this "virus" is a glitch of SpySweeper?  When I do online scans and now with Trojan Hunter, I am showing up clean.  Also, some of the other posts I have seen around seem to have only found this with Spy Sweeper. am using the free version of Spysweeper and I would upgrade if I thought they really could help me.  Maybe wishful thinking?

Also, when I empty my trash I have the option of emptying trash bin, which I did, and purging Norton protected files, which I didn't, because I didn't know what that meant.  Is that my problem?  Aaaaggghhh.  I'm sorry to keep coming back to you guys, but I'm glad you're there!
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12533825

I have read nothing wrong regarding SpySweeper:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

But... who knows?

I installed it and one of my machines showed that same keylogger. This made me wonder.

Cleaned up and didn't return.

Double-checked in other PC's, installing fresh SpySweeper, and it didn't find anything specially threatening.

But, you may have a point there. I will look around for more info on this.

Zee
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 1400 total points
ID: 12534042

Loads of info here:

http://www.broadbandreports.com/forum/remark,11041049~mode=flat

and it always returns...??

http://smartercomputing.ipbhost.com/index.php?showtopic=7051&st=0&#entry47836

ditto...

We may be facing a false positive.

Zee
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12535985
Veeeery interesting. Thanks Zee.
0
 

Author Comment

by:ledgefolds5
ID: 12537374
Thank you very much zee and lobo.  I am going to delete Spysweeper, sleep better, and live in gratitude for your kind help!
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12537917
Thanks, ledge. Kudos to Zee for the info on the false positive. Worth reporting it. Wonder if it's a bug in SpySweeper or it's intentional.

Good Vibes!

Lobo
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12539457

Thank you.

I would say too evident to be intentional, but...

Cheers.

Zee
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question