Page 1 of 3 123 LastLast
Results 1 to 15 of 42
  1. #1
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts

    Cleaning up after a phishing attack

    Earlier this week an email - allegedly from my stockbroker – arrived, stating it contained information about one of my equities. Opening the attachment there was what appeared to be the broker's log on page, except it asked for my account number, full password rather than three selected characters from it, and my dealing password, which is usually only required when dealing.

    Not suspecting phishing from any address other than a bank, I entered the details and was taken to a page with no mention of any of my holdings with this broker. It was only when I phoned to ask about the email, and was greeted by a warning about a spate of recent phishing attacks on their customers that I realised what had happened.

    The account has been blocked until I notify them my PC is clean.

    Scans with Malwarebytes and Superantispyware found nothing. Avira Antivir Premium found one hidden object, but they offer no facility for quarantining anything, and I was unable to manually remove it from the registry as it was hidden. When I contacted the Avira Forum for help, I was asked to submit the log file. Their reply said that the hidden object was not harmful.

    This leaves me uncertain as to whether my PC really is clean. Why would anybody go to the trouble of creating a web site almost identical to a stockbroker unless there was some way to profit from it? Having my full log in details, they could sell my holdings and attempt to withdraw the cash, but in all probability would fail, as in the UK trades are settled three days after trading, and most people would, like me, have ample time to phone and ask about the message, and discovering the truth, block the account.

    Therefore, it would appear that the whole exercise was designed to get me to visit the fake web site, it order to download a keylogger or other malware on to my PC. But where is it, when three scans have not shown it? Avira may have blocked any such download without giving notice of doing so - I just don't know.

    So I sought guidance from Avira as to whether I should reformat the hard drive to be certain the PC is safe, but they have not responded, and visiting the Forum I find my case is now marked as solved.

    I consider it unsafe to log into my bank or any other financial site from my desktop PC whilst having doubts about its security, and had planned to reformat the hard drive this weekend. However, I would like to save the considerable time involved, if possible, especially as my installation disk is for XP SP2 so there will be an enormous number of updates to install if I take that route.My doubts were increased Wednesday when the daily Avira scan lasted 2-34-50, not the usual 30 - 40 minutes.

    Is anyone able to suggest another scanner which might find and remove the malware I am convinced is there?
    Last edited by georgelee; 2011-06-10 at 14:59. Reason: grammar

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    5,809
    Thanks
    185
    Thanked 701 Times in 639 Posts
    George,

    Phishing is designed to get your logon credentials. Once they have them they try to figure a way to change the parameters of your account, e.g. your bank account information, so that they can then sell and transfer money to the new bank account {theirs} that your account now contains.

    The only way to be 100% sure your computer contains no malware is to format the hard drive and do a clean install of windows, install a good AV program and then restore your data files from your backup. It would be great if you could pull your hard drive and attach it to another, known clean, computer via a USB connection cable and run several virus scanners against your files.

    Good Luck
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  4. The Following User Says Thank You to RetiredGeek For This Useful Post:

    georgelee (2011-06-10)

  5. #3
    5 Star Lounger chowur's Avatar
    Join Date
    Mar 2010
    Location
    Indiana
    Posts
    804
    Thanks
    0
    Thanked 54 Times in 51 Posts
    I have just a couple of simple questions first.On your,Malwarebytes program did you Perform a FULL scan?On your,Superantispyware program.Did you,Perform a complete scan (or) did you Perform a Custom scan?My suggestion on the Superantispyware program would be to do a,Custom scan.This will get in to everything.You will see what I mean when you open the program.For your anti-virus program make sure your settings are as follows;
    To display hidden files and folders

    1.
    Open Folder Options in Control Panel.
    •Click Start, and then click Control Panel.
    •Click Appearance and Themes, and then click Folder Options.
    2.
    On the View tab, under Hidden files and folders, click Show hidden files and folders.
    Last edited by chowur; 2011-06-10 at 15:23. Reason: spelling correction
    Problems cannot be solved by the same level of thinking that created them. -Albert Einsten

  6. The Following User Says Thank You to chowur For This Useful Post:

    georgelee (2011-06-10)

  7. #4
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts
    Hi Chowur
    Thanks for the prompt response. Answers to your questions:
    Malwarebytes full scan
    Superantispyware complete scan, I have never used the custom scan, but will do so in the morning, on the assumption it will take a lot longer than the usual complete scan, and it is almost bedtime. Presumably one selects all the options.

    Bye the way, I did not find custom scan at first and tried preferences, scanner control, where I notice that the complete scan excludes files over 4 mb and non-executables, so not really a complete scan.

    I was somewhat confused by your reference to 'show hidden files' and spent some time looking for it within the Avira control centre, before realising you were referring to the normal control panel/folder options entry. Does this mean I should switch on 'show all files' before every scan, or just when I believe there is a problem. I normally have it unchecked, to avoid deleting something i shouldn't.

    Many thanks for your suggestions.

  8. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    A couple of things. Change the passwords for ALL financial accounts. DO NOT use the same password for any of these accounts. These jerks depend on people using the same passwrods numerous times so don't do it!
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  9. #6
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts
    Retired Geek,

    Yes, I thought the only way to be sure was a reformat, unless I could find and remove a culprit. But I will try Chowur’s suggestion of a custom scan first, just in case.

    I think your final sentence is beyond my capabilities. I have often wondered where the hard drive is – it must be very small – and I still have an old DVD writer installed, not being able to get it out, so I just inserted the replacement and switched the leads. But for that little problem it could be connected to the wife’s machine, or even the laptop.

    I really must listen to Ted’s scolding, get an external drive and start creating images. But not just yet! I have spent the best part of this year transferring the bookcases and their contents downstairs from the two studies, in order to replace the fitted carpets and I must find time and energy to complete the job, and take them back again, as the lounge is so full we are unable to sit in comfort to watch TV, and we are fed up with it.

    Anyway, many thanks for your assistance.

    George

  10. #7
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts
    I think that I shall go crazy!

    After reinstalling XP everything on the screen was in 16 colour, 640x480 resolution, which makes some applications almost impossible to use, and sometimes difficult to close.

    Last year I had the same problem after reformatting, which was apparently because drivers needed to be installed. mercyh kindly supplied links to the Dell drivers, and the order in which they should be installed, which solved the problem.

    Yesterday I tried to download the drivers from Dell, but nothing happened, apart from a Dell download manager being installed. I have a DVD with 4 Dell drivers, which was created some years ago when I needed to reinstall and had no access to the internet, necessitating a visit to a internet café to acquire them. After determining which was the chipset driver I unsuccessfully attempted to install it from the DVD.

    Today I again tried to download from Dell, with a similar result, except it informed me that I needed .Net Framework first, and proceeded to install v 2.0 and 3.5. Making another attempt, this time downloading all three at once, it would say 3 items on my list, which changed to zero when I clicked download. There were even instructions on how to install, but they bear no resemblance to what I am seeing in the downloads from the DVD. Just to convince me I am going crazy, returning to the DVD to see if I could get the graphics driver to install, I find it is empty, the four drivers have disappeared. And it is not a RW disk.

    I would start the whole reinstallation over again, but for the feeling that I would probably be in the same situation at the end.

    Does anybody have any idea what is going on at Dell?
    Last edited by georgelee; 2011-06-13 at 11:00. Reason: spelling

  11. #8
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    5,809
    Thanks
    185
    Thanked 701 Times in 639 Posts
    George,

    How did you do your reinstall? Most Dell's have a recovery partition accessed by pressing Ctrl+F11 at boot. If you tried to reinstall from CDs try using the recovery partition. This will set your machine exactly as it came from the factory all drivers in place except for any hardware you added/replaced after purchase.

    Before doing this make sure your data is backed up on an external device!

    Good Luck!
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  12. #9
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts
    No such luck! This machine was purchased September 2003, therefore no recovery partition, something I have looked into several times when having difficulties, especially as the wife's PC and the laptop both have it. In any case, the hard drive has been wiped last year and again this weekend. Thanks anyway.

    By the way, have you any idea why MS Update wants to install patches for Outlook, Access, Publisher and something called Info Path when I don't use them and left them out of the Office installation?

    Almost as strange, after installing XP there were 75 updates, all for SP2. Only today was SP3 listed, yet SP2 isno longer supported.

    George
    Last edited by georgelee; 2011-06-13 at 19:39. Reason: spacing

  13. #10
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    488
    Thanks
    178
    Thanked 2 Times in 2 Posts
    Solved it!

    After three days of trying I finally managed to download and install the Dell drivers, and consequently have a proper screen resolution allowing me to read everything on the screen, install the printer and regain the use of audio.

    Previously I had overlooked the fact that half way through the detailed instructions on how to download and install drivers it said ‘click here if you are having problems’. The link leads to separate instructions for IE and FF. Firefox needs .Net assistant 1.0.0, and checking revealed that I have v. 0.0.0. As it proved to be impossible to update the .net assistant, or install the latest version from MS, I switched to IE and there were no problems.

    So one should use IE when downloading drivers from Dell. Now I can remove .Net Framework 2.0, 3.0 and 3.5, all of which were installed by Dell in order to install their drivers.

  14. #11
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    You may want to hold off on removing the .net frameworks. many apps use various versions of these and consequently you would have to reinstall them if using any of these apps. They generally just sit there until called by an app that needs them. If you already have any of these apps, removing the .net framework may break the app.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  15. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,043
    Thanks
    97
    Thanked 194 Times in 169 Posts
    If George has successfully survived almost 8 years without needing .NET 2.0, I'd be only too pleased to allow him to remove them now he's realised that it's currently and historically of no use to him. Just another few hundred MB's of useless software he needs to keep checking for updates for - no thanks.

  16. #13
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    Sorry, I missed the purchase date, however I would leave the .net framework on my PC. I do not know what I might install tomorrow let alone next week or next month. The newer .net frameworks should not cause any problems and may help in the future. Plus the PC is 8 years old. I would not trust it without an Image. Electronic devices have a way of suddenly self destructing without forewarning. This comes from working many years with various levels of electronics. Images are just too nice to restore from. I can restore any of my 3 PC's in less than 10 minutes each, even if I had to replace a HD. What could be easierr.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  17. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Massachusetts
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Ted Myers View Post
    A couple of things. Change the passwords for ALL financial accounts. DO NOT use the same password for any of these accounts. These jerks depend on people using the same passwrods numerous times so don't do it!
    This is very good advice- and now may be the time to try LastPass, which allows you to create and use high strength, unique passwords on your various login's. It's highly rated and the free version is probably good enough for 90% of potential users.

  18. #15
    New Lounger
    Join Date
    Jun 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Since the attack was just an email that contained a link it is very unlikely that the PC is compromised. He just visited a web site.

    On the other hand the post does not mention that he took action regarding the compromised information. Resetting passwords and closing any linked credit cards should have been the very first, most important action.

    In order to upgrade your machine, once the hardware is not sold any more the PC manufacturer will not update the software. You have to find out what the hardware manufacturer is and then download the drivers from there (be careful not to get malware that way by downloading from e.g. a russian 'driver update' site). For example my HP desktops video driver gets its updates now from Intel.

    If your machine is new enough you might consider upgrading to Windows 7 - and put in some more memory...

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •