Phishing program Attack!

Discussion in 'Malware Help (A Specialist Will Reply)' started by johnbaldwin, Sep 27, 2008.

  1. johnbaldwin

    johnbaldwin Private E-2

    Well about 48 hours ago I opened an email, thinking it was from a potential client, This email had a read confirmation attatchment. When I clicked okay to send the email opened and was empty.

    Five minutes later my webroot antivirus starts prompting me about BHO's trying to be installed. Several in a row.

    I stopped all of them I thought... then my PC just reboots! I'm not sure what to think! Afterwards everthing seemed normal. Then about 15 hrs later I clicked on my banking link and the normal usbank page opened.

    I entered my username and hit the submit, which usually takes me to a screen for my password, but suddenly I get a usbank page that is askingfor some peculiar info. I call the bank and they say that they would never do this!

    I ran webroot and it found something, sorry I can't remember what, so I delete it and think maybe this solves the problem. I then try th bank again and login was normal.

    An hour or so later, I tried to login to payapl and BOOM another phishing attempt! So, I'm like wtf? I try the bank again and it is back there too!

    I have run the read me first programs and am providing logs along with three jpg's of the phishing scam screen shots. Please Help! This is extremely bothersome!

    The SAS did not find any problems... so no log was generated.
     

    Attached Files:

    johnbaldwin, Sep 27, 2008
    #1
  2. johnbaldwin

    johnbaldwin Private E-2

    Here are the jpgs.
     

    Attached Files:

    johnbaldwin, Sep 27, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I still need the C:\ MGLogs.zip from running the C:\ MGTools.exe.
     
    TimW, Sep 28, 2008
    #3
  4. johnbaldwin

    johnbaldwin Private E-2

    here it is... sorry. Thanks for any help you can give.
     

    Attached Files:

    johnbaldwin, Sep 28, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any problems. I assume you have run CCleaner and I would like you to run:
    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Are you still getting the fake sites? Are you runnning Site Advisor from McAfee?
     
    TimW, Sep 28, 2008
    #5
  6. johnbaldwin

    johnbaldwin Private E-2

    I have run both and I still have the problem.

    The problem does seem to be Internet Explorer specific. I also have firefox and safari installed, I use them to develop, and they are uneffected.

    So what would be used to cause secure (https) pages to be hijacked by a phishing scheme in IE?

    When I log into my bank account in firefox the URL in the browser is the SAME as the URL the fishing site shows... how is this possible? Some kind of Iframe?

    I really need help with this.:confused
     
    johnbaldwin, Sep 29, 2008
    #6
  7. johnbaldwin

    johnbaldwin Private E-2

    "Are you runnning Site Advisor from McAfee?"....

    No.
     
    johnbaldwin, Sep 29, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's see what this does:
    Now go to Bitscan link: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
     
    TimW, Sep 29, 2008
    #8
  9. johnbaldwin

    johnbaldwin Private E-2

    That scan found nothing.
     

    Attached Files:

    johnbaldwin, Sep 29, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Sep 29, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds