"Advanced Card Verification" pop up

I came to the malware removal forum because I've had a pop up window titled "Advanced Card Verification" showing up whenever I make online credit card purchases or schedule a credit card payment using my banks online bill pay service.

I've only seen this pop up window with a Mastercard logo, however, my wife tells me she has seen the same pop up with a Visa logo when she made an online purchase. The pop up is a form to be filled in and it already has my credit card number filled in and empty fields for "Expiration date", "CCV2" and "ATM PIN". There is also a SUBMIT button. Neither my wife nor I have ever completed the form. We just close the window using the red X in the corner. I've probably had this for at least 2-3 months. Until recently making some online purchases, I'd only seen it a few times when making my monthly credit card payment. The recent online purchases made me realize this is a recurring problem that I need to take care of.

I completed all of "READ & RUN ME FIRST" steps. As a test, I scheduled a credit card payment using my online bill payment service and proved that the pop up is still on my computer.

While working to complete the read & run me first steps and to make this post, I have concluded two additional problems exist with my computer:

1. Most importantly, I cannot seem to upload files. Therefore I'm not able to attach my log files at this time. I experienced a similar problem recently when I was working to exchange my Samsung refrigerator. They asked me to upload a copy of my receipt and it continually crashed IE when I tried. I was able to complete the upload from my work computer without any trouble, but that will not be an option for these files.

2. Second, all of the surfing required to complete the read & run me first served to remind me that I've been having problems with IE v7 crashing periodically while surfing. In general, the crashes have been few and far between and I've never felt compelled to identify the root cause. However, it seems that perhaps it has been more prevelent in the last couple of weeks and slowed me down a couple of times while trying to complete the read me stuff. At this time, my priority is taking care of the credit card pop up, but I just wanted you to have all of the facts.

Please let me know what my next step should be.

Thanks!

 

I've never used Firefox. I downloaded Firefox from your website and the file upload worked great. Thanks.

Your comments made me think that perhaps you do not consider this issue to be malware. I hope that is the case, but my research on the internet led me to believe that I'm dealing with malware. I saw similar issues on this site and other removal forums, but I would not be capable of attempting to do the fix myself by reading those posts.

Here is one link (not a removal forum) that I found with some basic info,
http://juleslife.wordpress.com/2008/07/12/beware-of-advanced-card-verification-popup-window/

I've attached MGlogs.zip and a picture of the pop up that I'm talking about. I did an Alt,Printscreen and then pasted to Word so I could block out my credit card number before taking a picture with my camera. I'll attach the other three logs in another reply.

 

Here are the additional log files.

Thanks.

 

Spybot log file attached. I hope this is the right file. There were no instructions in the READ & RUN ME FIRST guide for retrieving and attaching the Spybot file.

I'll work on the Bitscan instructions next.

Thanks.

 

I completed the Bitscan. I see it found some stuff. HTML Log is attached as zip.

I ran mbr.exe. Log is attached. Then I rebooted.

I was able to delete (send to recycle bin for now) the four files,

C:\Documents and Settings\Angie & Blake\Local Settings\temp\"
cf16994.exe Oct 11 2008 389120 "CF16994.exe"
cf19796.exe Oct 11 2008 389120 "CF19796.exe"
MSOHTML Oct 11 2008 "msohtml"
MSOHTML1 Oct 11 2008 "msohtml1"

I was not able to delete the two files,
C:\WINDOWS\Temp\"
bca4e2da.$$$ Oct 9 2008 46910 "bca4e2da.$$$"
fa56d7ec.$$$

When trying to delete these two files I would get a message similar to the following:
"Error Deleting File or Folder"
"Cannot delete bca4e2da: It is being used by another person or program. Close any programs that might be using the file and try again."

I ran GetLogs.bat and attached MGlogs.zip.

Thanks.

 

Ran Start > Run with the code provided.
Ran mbr.exe
Rebooted
Successfully deleted the two files (sent to recycle bin)
Ran GetLogs.bat

New mbr.log and MGlogs.zip files attached.

 

Yes,
I was able to delete the file, C:\WINDOWS\Temp\ed47fa.$

 

My problem appears to be fixed! No more pop up asking for credit card data. I completed the cleanup process and toggled system restore.

Wow, what a great service you and MajorGeeks are providing! Thank you so much for your help. I really appreciated the READ & RUN ME FIRST guide. I've attached some notes about one area that tripped me up while following the guide.

I'll surely be back to MajorGeeks for any future information, hopefully, not the malware removal forum though.

Thanks again. Keep up the fight!