1 2 Previous Next 10 Replies Latest reply on Mar 22, 2011 4:12 AM by Peacekeeper

    Hijack virus?

      Today I have acquired some virus that, when I try to log in to my bank accounts, asks me for personal information.  This happened with two different bank sites.  I used another computer and did not have that problem.  Also, the bank web sites don't look right.  This all started this morning, when I clicked on a site and Firefox suddenly closed completely.  I checked for any suspicious programs or processes running, but there were none.  So I rebooted, which was probably a mistake.  After that, the fonts on the web sites I visit didn't look right.  Then the bank thing happened.  I've run full virus scan and full AdAware scan and found nothing.  Then I ran them both again in safe mode.  Still nothing.  I just ran Stinger in safe mode -- nothing.  From what I read online, this seems similar to haxdoor E or something.  Is that correct?  I'm not sure how to proceed at this point.  Any suggestions?

        • 1. Re: Hijack virus?

          Last night I used MBAM, and it detected and removed 7 infected files.  But the suspicious pages asking for personal information still show up.homerho

          • 2. Re: Hijack virus?
            BalaSGS

            Hi

             

            Can you please clarify and follow the steps suggested below.

             

            What is Operating system use? (Click on start- Right click- My computer or computer-Click on properties) 

            Did you made any recent changes to the system (Software or hardware)
            Did you update your Windows recently?
            What is the version of McAfee product installed in the system?

             

            Steps:

             

            Try to update the windows (Open IE- click on Tools option – click Windows update- make sure we update all the critical windows update avilable).

            Update McAfee Security center (right click on McAfee icon in the system tray- click on update)

            Perform the full scan. 

            If it fails then run a following Stringer tool

            To run our stringer tools by follow the Document ID TS100893: 

            http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

            • 3. Re: Hijack virus?

              I'm having this exact same issue. I have followed your advice above and have done all of the above things and I am still get redirected to this scam banking site. This scam looks very realistic. Stinger came up dry, and I'm currently running the Malwarebytes scan. The McAfee scan came up with nothing as well.

               

              Win XP SP3

              Using McAfee AntiVirus Plus (just checked for updates)

              I have not updated my windws recently (no updates available upon checking it today)

              Installed an X-vid codec that may be the problem, uninstalled it today.

              I checked in msconfig to see if I have anything running on start up that looks suspicious and disabled some items

               

              I'm not sure what the next step should be, I'll see what MBAM comes up with and post the log in here afterwards.

               

              Thanks,

              • 4. Re: Hijack virus?
                JaiPrakash

                Hi,

                 

                This issue requires some more assistance through McAfee Technical Support in order to diagnose the issue further. Please click on Useful links at the top of this page and click on Technical Support and get connected to our chat technicians, so that they diagnose the issue and help you to resolve your issue.

                TS.JPG

                 

                • 5. Re: Hijack virus?
                  Peacekeeper

                  You can also try restoring to a point before the codec was installed might fix the issue if MWB and Jai suggestion does not work.

                  • 6. Re: Hijack virus?

                    Here is the log from MBAM. I will also follow up with what Jai suggested.

                     

                    Malwarebytes' Anti-Malware 1.50.1.1100
                    www.malwarebytes.org

                    Database version: 6113

                    Windows 5.1.2600 Service Pack 3
                    Internet Explorer 8.0.6001.18702

                    3/21/2011 5:18:53 PM
                    mbam-log-2011-03-21 (17-18-47).txt

                    Scan type: Full scan (C:\|E:\|)
                    Objects scanned: 328715
                    Time elapsed: 1 hour(s), 13 minute(s), 45 second(s)

                    Memory Processes Infected: 0
                    Memory Modules Infected: 0
                    Registry Keys Infected: 0
                    Registry Values Infected: 0
                    Registry Data Items Infected: 2
                    Folders Infected: 0
                    Files Infected: 4

                    Memory Processes Infected:
                    (No malicious items detected)

                    Memory Modules Infected:
                    (No malicious items detected)

                    Registry Keys Infected:
                    (No malicious items detected)

                    Registry Values Infected:
                    (No malicious items detected)

                    Registry Data Items Infected:
                    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
                    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

                    Folders Infected:
                    (No malicious items detected)

                    Files Infected:
                    c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
                    c:\documents and settings\Dale\local settings\Temp\0.5201449621203696.exe (Trojan.Dropper) -> No action taken.
                    c:\documents and settings\localservice\ntuser.dll (Trojan.Agent) -> No action taken.
                    c:\documents and settings\Dale\application data\Sun\cetw.txt (Malware.Trace) -> No action taken.

                    • 7. Re: Hijack virus?

                      I went through the technical support, used the virtual technical support feature, found no problems with my mcafee product. Currently online with a chat person, but they are not being very helpful so far.

                      • 8. Re: Hijack virus?
                        JaiPrakash

                        Hi,

                         

                        Please download and run a free scan using McAfee Security scan plus using the below link.

                        http://www.mcafee.com/us/downloads/free-tools/freescan.aspx

                         

                        If the free scan doesn’t resolve your issue, then it mean this issue requires some more assistance through the (Pay support option) where one of Our Security Experts can take control of your computer remotely, and do the work while you watch.

                         

                        Link for Virus Removal Phone support: http://service.mcafee.com/LocaleSelect.aspx?lc=1033&sg=VR&pt=0&st=PHONE

                         

                        • 9. Re: Hijack virus?

                          What is the free scan going to find that mcafee antivirus plus won't? Also why would i pay additional money for someone to remove the virus when I'm already paying for this antivirus service. Seems backwards. How come no comment on the malwarebytes log?

                          1 2 Previous Next