Video Screencast Help

Bank of America security screen*hacker scam

Created: 12 Mar 2011 | 8 comments
a12's picture

Recently tried to access my BoA account. After successful log-in, my account came up, then was shaded to gray as an official-looking BoA screen appeared over it asking for information such as SSN, DL, checking account, atm information. I am unable to access my account from one of my computers, but can access it from another. BoA advised that it is a virus.

My Symantec anti-virus is up-to-date. When I ran it, nothing was detected. I then downloaded Spyware Doctor (free version). It located 4 viruses, including one called Banker. Any tips for how to remove these from my system?

Thank you.

Comments 8 CommentsJump to latest comment

Fatih Teke's picture

Hello,

Have you ever scan your computer in safe mode?

Best Regards.

Fatih

 Everything works better when everything works together.

a12's picture

Hi,

I have. The scan detected 4 viruses. What I need to do now is eliminate them. Any suggestions on which program would work best? They appear to be exe and my Symantec does not pick up on them.

Kind regards,

R

Thomas K's picture

I would try running the Norton Power Eraser Tool to remove these threats.

http://security.symantec.com/nbrt/npe.asp?lcid=103...

Here are two others that may be helpful if the PE tool does not work out.

Malicious Software Removal Tool - http://www.microsoft.com/security/pc-security/malware-removal.aspx

MalwareBytes - http://www.malwarebytes.org/mbam.php

Keep us posted on your issue.

Best,

Thomas

cmptekinc's picture

Disable system restore

Delete temp files

Restore browser settings

Verify that your antivirus definitions are up to date

You can run power eraser, I would also recommend that you use a couple of other products (Malwarebytes and Spybot Search & Destroy work great to remove spyware and other junk, CCleaner to remove temp files and check for registry errors)

Check your startup items Start --> MSCONFIG (for Windows7) or Start-->run-->msconfig (for XP) then go to Startup tab

Run HiJackThis and review the logs

You may also need to run the scans in Safemode.

Realistically, if this was my PC, I wouldn't mess around and I would just wipe and reimage. Sometimes it takes a lot more time and effort to get rid of the viruses then having to reimage the PC...

Good luck.

Mithun Sanghavi's picture

Hello,

What version of Symantec Endpoint Protection are you using?

As you said, that Symantec is not detecting the Threat and the Other Antivirus software is detecting it, could you tell us if the Threat was detected and Removed OR it has not taken any steps till now?

Incase, if it has not removed the Files, I would always recommend you to follow the given steps in the Article and send the Suspicious files collected from the Machine by Symantec Support Tool to be Submitted to the Symantec Security Response Team.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/business/support/index?pag...

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

MichaelD50's picture

How can any of you comment or recommend a plan of action if you don't even know what product the poster has installed?

Please reply, a12, with the exact product, version and defs date that you are working with.

Thanks

Michael

sandra.g's picture

The scan detected 4 viruses.

I'm guessing you mean the scan you did with Spyware Doctor--is there more information from the scan than just the name "Banker"? If your Symantec AV product is updated with current certified definitions (or even Rapid Releases definitions) and nothing is being detected on a full scan (preferably in Safe Mode), I would strongly suggest (as above) that the files found with Spyware Doctor be submitted for analysis.

My first thought when I read the description above is does this behaviour occur with Internet Explorer, Firefox or both? I worked with a customer once that saw that behaviour only in IE but not Firefox. If I remember correctly it was boot.mebroot or trojan.mebroot. I'm not saying that's what you have but there are trojan/rootkit aspects of those detections.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!