locked
Phish Virus RRS feed

  • Question

  • My computer got infected with a Phish virus that I noticed after signing onto my online banking center. I was redirected to a page that asked way too many questions. I've run all types of virus scans and can't get rid of it.. Any suggestions?

    Thursday, July 9, 2009 1:48 AM

All replies

  • The Network Monitor team does not have any expertise in removing Viruses.  Phishing sites are normally just sites that fake the user out in thinking it's the official site and then ask for the password which it then saves.  It uses this information to gain access to your information from the real banking site.

    So I've not heard of a virus which causes this, though it's not out of the question.  However, the real solution is to make sure you are going to your banking site directly by typing it in and not via a link in email or from another website. If this still doesn't get you to the correct location, then I would call the bank and see if they can provide you the correct IP address and then verify the starting page is correct.  They might also be able to give you an IP address to use instead, like http://192.168.1.1 for instance.

    If this still doesn't work, then you can use Network Monitor to take a trace while you are performing this opperation and figure out how it resolves the name of your bank.  This is a bit more complex if you are not familiar with network traffic at this level, but it can be done.  You can find the DNS request, if there is one, and then verify the origin of the name.  If the DNS server is not one you recognize and not provided by your ISP, then this could be a virus which redirects this information.  If no DNS request goes out ("IPConfig /FlushDNS" will make sure it's not cached), then perhaps a virus has hard coded the address in your HOSTS file.

    Again, this is not our area of expertise, but hopefully I've given you some information to work with.  And if you collect a trace and have more questions, please feel free to ask.

    Thanks,

    Paul

    Monday, July 13, 2009 2:06 PM