We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Nationwide Internet Banking

Options
2»

Comments

  • RussJK
    RussJK Posts: 2,359 Forumite
    edited 27 May 2011 at 9:59AM
    Chiefgrasscutter pointed out this thread, strangely the title 'nationwide internet banking' never attracted my attention ;)

    I would never trust this computer again without a reinstall from a Windows CD, but it'll be worthwhile identifying the agent responsible for the hijack.

    See if any of the following find what the agent is:
    HitmanPro (http://www.surfright.nl/en/hitmanpro) - don't install, just do a single scan. If it can't run, then hold LEFT CTRL for Forced Breach mode
    Prevx 3 - needs to install, and puts on a resident program, can't remove anything in the free version other than rootkits, but might tell you what you're dealing with*.
    Tdsskiller - (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) finds a limited group of rootkits
    aswMBR - (http://public.avast.com/~gmerek/aswMBR.htm) finds a limited range of rootkits

    *alternatively, see if using Prevx Safeonline prevents this from happening as it's supposed to protect against identity theft!: http://www.prevx.com/safebook.asp

    I'd be curious to see a Hijackthis log (http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe). Save to desktop, hold LEFT SHIFT and RIGHT CLICK on the file, Run as Administrator, do Scan and Save log, copy/paste the log into here. Don't Fix anything.

    Realistically, if you've got something like this, the smart thing to do is backup and reinstall - but it would be a good idea to identify the threat if you can so perhaps you can prevent it in the future. When reinstalling, make sure you learn how to fixmbr and fixboot from the recovery console in case anything is hiding. Treat the backup as suspicious and put security into place first before accessing it.
  • RussJK
    RussJK Posts: 2,359 Forumite
    edited 27 May 2011 at 11:43AM
    Well if you don't keep getting infected:
    https://forums.moneysavingexpert.com/discussion/2654025
    https://forums.moneysavingexpert.com/discussion/3162138
    https://forums.moneysavingexpert.com/discussion/3085798

    Might I suggest you get an entirely different antivirus solution? McAfee is woefully inadequate. Either it's been letting new infections in, or the underlying infection (rootkit) has remained. Even if you reinstall, if the MBR is infected or other computers on a network are infected then it's pointless as it'll just get reinfected.

    You really need to start clean (format, wipe the MBR, reinstall from a 100% safe & original Microsoft DVD), and use something better than McAfee - such as any of the free antiviruses (Avira, Avast, etc).

    Prevention is better than cleaning every few months when the latest infection happens.

    From top to bottom after a clean install of Windows:
    1. Change the DNS server on the ADSL modem to point to ClearCloud's DNS for free malware site blocking (www.clearclouddns.com). Test with Youtube to make sure it doesn't cause any obvious slowdown of the net.
    2. Use a HOSTS based block on each computer using something like MVPS or MalwareDomainList (http://winhelp2002.mvps.org/hosts.htm, http://www.malwaredomainlist.com/hostslist/hosts.txt). I use Hostsman to make it simple, need to regularly update it manually (http://www.abelhadigital.com/hostsman)
    3. Have a decent antivirus such as Avira. If you really want to pay for one, then get some ideas from here: http://av-comparatives.org/. e.g. F-Secure, Avira, Kaspersky, NOD32.
    4. Disable the antivirus firewall if it comes with one, and use the Windows firewall
    5. (optional but recommended) Have a decent complementary guard, such as Malwarebytes Pro (have to pay for lifetime licence), or Prevx (free for detection), or Immunet (without the clamav virus engine) as these catch what the traditional antivirus programs miss
    6. Use Sandboxing (such as Sandboxie http://www.sandboxie.com/) especially when browsing or opening PDFs etc, that way infections are contained to the sandbox and can easily be deleted. If you use Adobe 10, then force make it only open PDFs in protect mode (which is actually a sandbox) - some PDFs don't work in this mode, but will work when you open it under Sandboxie.
    7. Use Adblock Plus with Easylist, as well as MalwareDomainList (http://adblockplus.org/en/subscriptions) since infected ads are a source of malware. MalwareDomainList blocks content from known bad sites. Noscript would be more effective, but less usable IMO.
    8. Use Flashblock, due to flash based exploits.

    Uninstall Java unless you need it. Turn off the autoupdates of Flash, and just check for updates yourself on a regular basis.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture