4 Replies Latest reply on Mar 23, 2010 7:35 AM by Rich6008

    Trojan redirects at credit card site login

      I recently paid McAfee to remove a trojan that was re-directing me to a phishing link when I tried to log in to Ebay.com.  McAfee was successful in removing the infections Service Request #: 466983535.  However, I also find that when trying to log into credit card sites, chase.com or bankofamerica.com I am redirected to fraudulent links also, pasted below.

       

      Viruscan shows no infected files.  Will McAfee help me based on this previous service request or do I need to pay for another one?  Are there other scanners that may be able to help?

       

      https://sitekey.bankofamerica.com/sas/signon.do

       

      https://mfasa.chase.com/auth/fcc/login

       

      Product Information

      Antivirus Product - McAfee security center

      Product Version - viruscan 13.15

      DAT/Signature Version - 5927.0000

      Enginer Version - 5301.4018

       

      Thanks

        • 1. Re: Trojan redirects at credit card site login

          You might want to check the host file to see if it's been modified via the typical location of C:\windows\system32\drivers\etc\ then file 'hosts'.  Typically malware will try to block users from accessing certain sites by changing this host file to block access.

           

          Edit the "hosts" file with the Notepad application to see if there are any additional entries beyond the standard template like below:

          # Copyright (c) 1993-1999 Microsoft Corp.
          #
          # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
          #
          # This file contains the mappings of IP addresses to host names. Each
          # entry should be kept on an individual line. The IP address should
          # be placed in the first column followed by the corresponding host name.
          # The IP address and the host name should be separated by at least one
          # space.
          #
          # Additionally, comments (such as these) may be inserted on individual
          # lines or following the machine name denoted by a '#' symbol.
          #
          # For example:
          #
          #      102.54.94.97     rhino.acme.com          # source server
          #       38.25.63.10     x.acme.com              # x client host

           

          If you see entries related to chase, or bank of america website, delete the lines and save the file.

           

          Hope that helps,

          Irene

          1 of 1 people found this helpful
          • 2. Re: Trojan redirects at credit card site login

            Thanks for the quick response Irene.  No, the host file only contained the entries that you listed in your template.  Other ideas?

             

            Thanks

            • 3. Re: Trojan redirects at credit card site login
              maziz

              Hi

               

              Please download and use the McAfee Stinger Tool on the machine and follow the instructions on the site HERE

               

              Once you have set the settings and the scan is complete, click on "File" (top left) and select "Save report file"

               

              Please upload the log file results here.

               

              Thanks.

              1 of 1 people found this helpful
              • 4. Re: Trojan redirects at credit card site login

                Thank you for your help.  Before I saw your advice, I was able to fix the problem using the free version of Dr. Web Anti-virus.  The problem was Master Boot Record HDD1 infected with BackDoor.MaosBoot.35.  I went ahead and ran Stinger and all files were clean.  Thanks again.