We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Help with access after virus problem
Froglet
Posts: 2,798 Forumite
in Techie Stuff
I have discovered something very strange.I can sign in to my HSBC account online via my laptop but not on my computer.I had major problems at the weekend with it.Despite more than one complete AVG scan it kept showing up as infected with a virus,that AVG could not delete.It took our computer savvy mate with spybot search and destroy to get rid,and thankfully all is now ok.
However me in my panic also deleted a few tracking cookies.I wonder if that is the problem?I can get on other finance sites,ie AA ,saga,B and B and so on,and input my details there.
Any ideas what i may have done,and what can i do to restore my account log in page.I can acess the first page but not the second.
However me in my panic also deleted a few tracking cookies.I wonder if that is the problem?I can get on other finance sites,ie AA ,saga,B and B and so on,and input my details there.
Any ideas what i may have done,and what can i do to restore my account log in page.I can acess the first page but not the second.
0
Comments
-
Just deleting cookies wouldn't do it. Unless when you removed them you somehow denied permission for them to set again by the site.
To be honest, with those probs on your main PC, I would stick to using internet banking with the machine you are certain is clean.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Spybot is ok, but it wouln't do any harm to scan with MalwareBytes - install, update, full scan, fix and post the log here. Then use HijackThis - full scan, don't fix anything, just post the log.0
-
Right i have discovered it is the data execution prevention that is preventing me opening and logging in.This occurs with HSBC,Barclays and Alliance and Leicester.I have looked at what i can do and it seems there is nothing.Is it better to leave it and use my laptop instead? Why has this suddenly arisen? and does it mean i still have a virus that could attack these specific websites??0
-
Odd.....................
http://en.wikipedia.org/wiki/Data_Execution_Prevention#Configuration
Or use a browser other than IE?Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
I would use your laptop for the moment, and run the scans as mentioned on the PC (MalwareBytes and HijackThis). If you have had a recent virus, and it is still doing odd things, I wouldn't even think of going near online banking.
You need to make sure that the PC is clean before looking at things like DEP, which could just be symptoms of virus activity.
If you do still have a virus, you also risk infecting your laptop if you are transferring files or networked.0 -
ok here is the first part Malwarebytes' Anti-Malware 1.42
Database version: 3331
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09/12/2009 18:13:59
mbam-log-2009-12-09 (18-13-59).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 236556
Time elapsed: 35 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iercpt.iercptbho.1 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\iercpt.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickInstallPack (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\QuickInstallPack (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\qip (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\My Downloads\personalantispy_ifree.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\Abbr (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\PersonalAntiSpy\Data\ProductCode (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\QuickInstallPack\QuickInstallPack on the Web.url (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\QuickInstallPack\QuickInstallPack.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\QuickInstallPack\Uninstall QuickInstallPack.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\qip\data.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\qip\FreeCleaner.exe.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Desktop\QuickInstallPack.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
can't believe how many problems it found!0 -
and the second part
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:06, on 09/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MDM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6492 bytes0 -
This might sound extreme, but I would reinstall the OS to ensure that everything is clean.0
-
Bet your glad you couldn't get onto your online banking nowcan't believe how many problems it found!
Hopefully MalwareBytes has cleaned things up, but may be worth scanning again to double check.
The HijackThis log looked a bit odd at first, but most of the things seem legit.
There are a couple that could do with checking:
C:\WINDOWS\mHotkey.exe ..... Do you have Chicony Multimedia Hotkeys
MDM.EXE and DWTRIG20.EXE are legit MS processes, but I wouldn't expect them to be running normally on startup - I would be interested in another opinion on this.
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) ... This can be removed as it's a remnant of what MalwareBytes cleaned.0 -
Thank you so much for looking at this.However it STILL has not solved the problem,i cannot log in to my bank,and to Alliance and Leicester.
On the laptop i have the same AVG 9 that i recently installed. And I am on vista not xp,and no probs.Having said that i have only had the laptop since August ,this computer has been running now for 3 years.
So what do you recommend i do next? I am not savvy enough to understand what you are asking me about the multimedia hotkeys.And apart from the one you mentioned,do i not need to delete anything else from the Hijack log list?
am scanning again now.Is it normal to only do the C and E drive,or should i ask it to do all of them?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards