×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kirby
Former Member
Message 1 of 11

Hijack virus?

Today I have acquired some virus that, when I try to log in to my bank accounts, asks me for personal information.  This happened with two different bank sites.  I used another computer and did not have that problem.  Also, the bank web sites don't look right.  This all started this morning, when I clicked on a site and Firefox suddenly closed completely.  I checked for any suspicious programs or processes running, but there were none.  So I rebooted, which was probably a mistake.  After that, the fonts on the web sites I visit didn't look right.  Then the bank thing happened.  I've run full virus scan and full AdAware scan and found nothing.  Then I ran them both again in safe mode.  Still nothing.  I just ran Stinger in safe mode -- nothing.  From what I read online, this seems similar to haxdoor E or something.  Is that correct?  I'm not sure how to proceed at this point.  Any suggestions?

10 Replies
kirby
Former Member
Message 2 of 11

Re: Hijack virus?

Last night I used MBAM, and it detected and removed 7 infected files.  But the suspicious pages asking for personal information still show up.homerho

BalaSGS
Former Member
Message 3 of 11

Re: Hijack virus?

Hi

Can you please clarify and follow the steps suggested below.

What is Operating system use? (Click on start- Right click- My computer or computer-Click on properties) 

Did you made any recent changes to the system (Software or hardware)
Did you update your Windows recently?
What is the version of McAfee product installed in the system?

Steps:

Try to update the windows (Open IE- click on Tools option – click Windows update- make sure we update all the critical windows update avilable).

Update McAfee Security center (right click on McAfee icon in the system tray- click on update)

Perform the full scan. 

If it fails then run a following Stringer tool

To run our stringer tools by follow the Document ID TS100893: 

http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

ddebock
Former Member
Message 4 of 11

Re: Hijack virus?

I'm having this exact same issue. I have followed your advice above and have done all of the above things and I am still get redirected to this scam banking site. This scam looks very realistic. Stinger came up dry, and I'm currently running the Malwarebytes scan. The McAfee scan came up with nothing as well.

Win XP SP3

Using McAfee AntiVirus Plus (just checked for updates)

I have not updated my windws recently (no updates available upon checking it today)

Installed an X-vid codec that may be the problem, uninstalled it today.

I checked in msconfig to see if I have anything running on start up that looks suspicious and disabled some items

I'm not sure what the next step should be, I'll see what MBAM comes up with and post the log in here afterwards.

Thanks,

JaiPrakash
Former Member
Message 5 of 11

Re: Hijack virus?

Hi,

This issue requires some more assistance through McAfee Technical Support in order to diagnose the issue further. Please click on Useful links at the top of this page and click on Technical Support and get connected to our chat technicians, so that they diagnose the issue and help you to resolve your issue.

TS.JPG

Peacekeeper
Message 6 of 11

Re: Hijack virus?

You can also try restoring to a point before the codec was installed might fix the issue if MWB and Jai suggestion does not work.

ddebock
Former Member
Message 7 of 11

Re: Hijack virus?

Here is the log from MBAM. I will also follow up with what Jai suggested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6113

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/21/2011 5:18:53 PM
mbam-log-2011-03-21 (17-18-47).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 328715
Time elapsed: 1 hour(s), 13 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
c:\documents and settings\Dale\local settings\Temp\0.5201449621203696.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\localservice\ntuser.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\Dale\application data\Sun\cetw.txt (Malware.Trace) -> No action taken.

ddebock
Former Member
Message 8 of 11

Re: Hijack virus?

I went through the technical support, used the virtual technical support feature, found no problems with my mcafee product. Currently online with a chat person, but they are not being very helpful so far.

JaiPrakash
Former Member
Message 9 of 11

Re: Hijack virus?

Hi,

Please download and run a free scan using McAfee Security scan plus using the below link.

http://www.mcafee.com/us/downloads/free-tools/freescan.aspx

If the free scan doesn’t resolve your issue, then it mean this issue requires some more assistance through the (Pay support option) where one of Our Security Experts can take control of your computer remotely, and do the work while you watch.

Link for Virus Removal Phone support: http://service.mcafee.com/LocaleSelect.aspx?lc=1033&sg=VR&pt=0&st=PHONE

ddebock
Former Member
Message 10 of 11

Re: Hijack virus?

What is the free scan going to find that mcafee antivirus plus won't? Also why would i pay additional money for someone to remove the virus when I'm already paying for this antivirus service. Seems backwards. How come no comment on the malwarebytes log?

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community