Earlier this week an email - allegedly from my stockbroker – arrived, stating it contained information about one of my equities. Opening the attachment there was what appeared to be the broker's log on page, except it asked for my account number, full password rather than three selected characters from it, and my dealing password, which is usually only required when dealing.
Not suspecting phishing from any address other than a bank, I entered the details and was taken to a page with no mention of any of my holdings with this broker. It was only when I phoned to ask about the email, and was greeted by a warning about a spate of recent phishing attacks on their customers that I realised what had happened.
The account has been blocked until I notify them my PC is clean.
Scans with Malwarebytes and Superantispyware found nothing. Avira Antivir Premium found one hidden object, but they offer no facility for quarantining anything, and I was unable to manually remove it from the registry as it was hidden. When I contacted the Avira Forum for help, I was asked to submit the log file. Their reply said that the hidden object was not harmful.
This leaves me uncertain as to whether my PC really is clean. Why would anybody go to the trouble of creating a web site almost identical to a stockbroker unless there was some way to profit from it? Having my full log in details, they could sell my holdings and attempt to withdraw the cash, but in all probability would fail, as in the UK trades are settled three days after trading, and most people would, like me, have ample time to phone and ask about the message, and discovering the truth, block the account.
Therefore, it would appear that the whole exercise was designed to get me to visit the fake web site, it order to download a keylogger or other malware on to my PC. But where is it, when three scans have not shown it? Avira may have blocked any such download without giving notice of doing so - I just don't know.
So I sought guidance from Avira as to whether I should reformat the hard drive to be certain the PC is safe, but they have not responded, and visiting the Forum I find my case is now marked as solved.
I consider it unsafe to log into my bank or any other financial site from my desktop PC whilst having doubts about its security, and had planned to reformat the hard drive this weekend. However, I would like to save the considerable time involved, if possible, especially as my installation disk is for XP SP2 so there will be an enormous number of updates to install if I take that route.My doubts were increased Wednesday when the daily Avira scan lasted 2-34-50, not the usual 30 - 40 minutes.
Is anyone able to suggest another scanner which might find and remove the malware I am convinced is there?