help please! pc re-directing online banking to dodgy site

zzzLazyDaisy

Hi, I lent my laptop to my sister and it came back with LOTS of malaware on it.

With help from the techies yesterday I have cleaned it up and it appears to be running clear BUT when I attempt to go to my on-line banking it is taking me to a dodgy website that looks just like my bank's website, but is asking me for lots of personal info. I have spoken to my bank and they have confirmed that it is not their website, and I have also accessed on-line banking with my other pc with no problems.

I have run a full scan on MacAfee, and also on Malawarebytes this morning, both are clear.

Any advice would be welcome

EDIT to add that I am using firefox

Thanks

Daisy

aliEnRIK

zzzLazyDaisy wrote: »

Hi, I lent my laptop to my sister and it came back with LOTS of malaware on it.

According to your other thread, it only found one!
"C:\Windows\Tasks\MSWD-1a2d42fe.job (Trojan.DNSChanger) -> Quarantined and deleted successfully."

What are you referring to when you say 'lots'?

Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program


.......................................................................



Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)

zzzLazyDaisy

Hi, yes by the time I came to MSE I had already scanned with McAfee, Ad-aware, spybot, and iobit 360 security, and they had got rid of most of the stuff, including three trojans, some viruses, and a keylogger.

Then on the advice of MSE'rs I ran Malawarebytes and it only found one, which was deleted.

But I am still having problems, there is clearly still something left on my system as when I try to use on-line banking it is re-directing me to this dodgy website which is asking me for personal details.

I'll follow your instructions now, thanks

EDIT - I don't know if this is related, but there is a windows update (sp3?) which needs downloading, but when I try, it fails.

aliEnRIK

Dont attempt ANY updates until the systems clean

macman

And please get rid of McAfee, that's probably how you are infected in the first plece. Try Kaspersky. If your bank is Barclays, it's free. If not, try Avira, Avast or Microsoft Essentials.
Make sure you run the McAfee removal tool after uninstalling.

zzzLazyDaisy

Okay, please be gentle, I am obviously doing something wrong...

I did what you said, but Hijack this said that my system has denied access to the host file. Also when I did the scan it wouldn't let me create a log.

Can you talk me through it again please?

Sorry

Lokolo

Instead of double clicking the hijack icon to load. Right click and Run As Administrator.

zzzLazyDaisy

when I right click the icon, there isn't a 'run as administrator' option

Edit just a thought - I am running windows 7, does that make a difference?

I have just run Highjackthis again, it does the scan, brings up lots of info but then brings up notebook which says

'cannot find the c:/program files/trend micro/hijackthis/hijackthis.log file do you want to create a new file?'

(its actually backward slash but I can't find that on my keyboard)

tarden

It should be there directly under 'Open' and say run as...
which leads you to another window where you enter who you want to run the program as - in this case 'administrator'

Lokolo

You want to say yes to that file creation I think!

zzzLazyDaisy

Okay, when I right click it says 'open', 'open file folder (f), trouble shoot compatibility.

There is nothing that says 'run as'

Also I clicked yes to the question 'do you want to create a new file' and it just brought up a blank screen....