Jump to content

paul3vanz

Member
  • Posts

    95
  • Joined

  • Last visited

  • Donations

    $0.00 

Everything posted by paul3vanz

  1. Calling all security experts... Basically, with our bank (HSBC UK), when you access the Internet Banking in Internet Explorer 8, the login page goes through ok, with SSL enabled and the green address bar, until the page that requests the random digits from the security code and my date of birth. If the security software that our bank recommends (Trusteer Rapport) is enabled, when you submit the page, the next page contains a broken HSBC page and the rapport log shows "IP adress 116.125.172.233 doesn't match HSBC". It appears that Rapport tries to intervene, but fails... The page URL then turns to hxxp://fred6rer.net/1/2/portal/5ee2aa71870dada9032b520ce9728047.php?id=65940D2548A7316FD91C8C91A1E2F4E8&u=aHR0cHM6Ly93d3cuaHNiYy5jby51ay8xLzIvO2pzZXNzaW9uaWQ9MDAwMF9CM0N4S09DNTlPSWpSeldZaGVrUVYyOjE0ZXQ1bTh0Mztqc2Vzc2lvbmlkPTAwMDBfQjNDeEtPQzU5T0lqUnpXWWhla1FWMjoxNGV0NW04dDM/aWR2X2NtZD1pZHYuQ3VzdG9tZXJNaWdyYXRpb24= This is obviously a phishing attempt, especially when looking at the domain more closely, reveals that the primary name server of fred6rer.net is NS1.ZZ8NS.COM, which is registered with DOTNAME KOREA CORP (http://www.dotname.co.kr) http://reports.internic.net/cgi/whois?whois_nic=fred6rer.net&type=domain http://reports.internic.net/cgi/whois?whois_nic=ZZ8NS.COM&type=domain if Rapport is disabled and you try to log in (using made-up login details), after entering the digits from the security code and date of birth, the following page is a replica of the HSBC site, but with a phishing message... It states that the digits you entered weren't recognised and asks you to enter the full security code in the box provided. This page shows the URL as hsbc.co.uk, starting with https:// but there is no padlock or green address bar. This only occurs on Internet Explorer, not Firefox. With Firefox, when you try to log in (with incorrect details), the final stage of the login just states that the details were incorrect, which is the correct thing that should happen. I then wanted to see if this affected other banks, so I tried going to another bank (Lloyds TSB - which we are not customers with) and a similar thing happens, the login page asks first for random digits and the SSL shows the green bar to show the site is safe, but when you submit that page, it asks for you memorable place, phone banking security code and date of birth. I am using Avira Antivirus, Spybot, Malwarebytes Antimalware and I've just installed Windows Defender. They say they have removed everything they found, but this still happens. I ran HijackThis and I can't see anything untoward. I ran LSPFix as I read that LSPs can intercept traffic. I want to know how can malware do this , while still show a valid URL for the bank and why is it only in Internet Explorer. Don't LSPs affect all browsers? I am going to format the hard drive and reinstall Windows, but I just want to get to the bottom of how this malware is working. hijackthis.log.txt
  2. Seems like it did affect everyone lol: http://www.pocket-lint.co.uk/news/news.pht...g-malware.phtml http://www.making-the-web.com/2009/01/31/g...stops-searches/ It's fixed now and only lasted for around half an hour, which explains why it did it on my laptop but not my main computer, i must have noticed on my laptop a few minutes before they fixed the bug and checked my main computer after they fixed it. It's quite scary to think that Google can stop working. How on earth will I find the answer to the most trivial rubbish that pops into my head?
  3. It's Internet Explorer 7, the green star/tick is AVG Antivirus Free. It supposedly reports bad sites. Google is now working alright for me. Bizarre!
  4. I don't know whether this is happening to anyone else, but every link on Google Search results warns that it may 'harm my computer'. Here's what I get: (Note: I couldn't resist by searching for this hehe)
  5. Cacti certainly looks interesting. I will give it a go when I can, not sure whether it will work with my router though (Orange Broadband LiveBox), thanks very much for your help viperz2000. DU Meter looks good too, I don't think it will distinguish between Internet and LAN traffic though, briefly looking through the Options thanks for the suggestion though ringfinger.
  6. Hi folks, Is there any software (preferably free) that can monitor how much I download/upload over a month. I know there are many tools out there that do this, but... I'm using the Internet on a desktop and a laptop, both through wireless ADSL and I copy files between these computers. The software I've tried so far, doesn't distinguish between Internet traffic and LAN traffic. I just want to find out how much I've downloaded in a month, excluding transferring files over the LAN. Any ideas? (wasn't sure whether to post this in here or the software forum)
  7. i had this happen with exactly those 2 files, it may not be this, but my files happen to get corrupted, god knows how. try double-clicking them on your computer to see if the unpack the files correctly, thats a start anyways....
  8. only way i can think of is by installing Roboform: http://www.roboform.com/ you can save and autofill passwords and forms. if you want it for unattended Windows then, install it silently, copy across your data folder (something like C:\My Roboform Data\) and that should do it. don't ask how as ive not tried it.
  9. i always thought Windows ME sounded like a disease, strangely ME is a disease where people get all lethargic, kinda like the way the operating system acts! I'd sooner use Windows 2000 for a game than ME. What's you hardware specs, I'm sure you'll be able to run 2000 fine. P.S. I don't mean any disrespect to anyone with the disease!
  10. try these locations, these are the most obvious ones: Registry Entries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Folder Locations C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\YOURUSERNAME\Start Menu\Programs\Startup also try this freeware app, lists them all for you, saves hunting round the registry: http://www.snapfiles.com/get/autoruns.html here's some more info on stratup locations as well: http://aroundcny.com/technofile/texts/tec022402.html there's absolutely loads of entries from what i've found. i saw a virus/spyware attach itself to every single one of them. services and the task scheduler are another idea, check them out and possible disable them.
  11. if you've already bought it, why don't you just try it out? just check you have updated graphics drivers and directx then it should run fine. tis a good game, i bought it a couple of weeks back.
  12. this will delete that entire -Site0 key: [-HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] delete a value (will delete the line about local directory): [HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] -"Local Directory"=dword:00000001 delete contents of a value (will blank the local directory value): [HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] "Local Directory"=- that should all work ok, hope this is of use to you. Whoops, fixed mistake as mentioned below, sorry!
  13. this one had me stumped for ages!! i could add all the reg's in the world, but could i delete one? no! well anyways, all you have to do is add a minus (-) before the line of registry you want to delete. will post an example in a minute
  14. yes please would be grateful if you could post it on here
  15. i used Symantec for a while but I have noticed it miss a few things, also its interface is a bit naff, nortons is much better. on a side note, i am now using Kaspersky Personal 5, which is great, it has a better interface than previous versions and has a great track record for picking up viruses. Costs around £25 of their web-site. The install is just under 10 meg. it can scan 100s of different types of archives, much better than norton/symantec. i always went for norton because of the name, but then i found out the statistics compared to cheaper/free AV software.
  16. Im a long time user of the Send To shortcut for Notepad, it's one of the first things I do after re-installing Windows (well before I was using unattended cds), nice to see the word being spread on here! Also Ive seen the registry tweak before but I chose not to use it because you don't get a nice little Notepad icon with it! So there's your challenge, I personally tried ages ago, but it was messing with CLSIDs and I didn't know what I was doing!
  17. ill agree with MHz comment above, i used Symantec for a while but I have noticed it miss a few things, also its interface is a bit naff, nortons is much better. on a side note, i am now using Kaspersky Personal 5, which is great, it has a better interface than previous versions and has a great track record for picking up viruses. Costs around £25 of their web-site. The install is just under 10 meg.
  18. thanks a lot, ill give it a whirl @jroc: i don't want to use the web update because it will take a while to download, i prefer to keep a fairly up to date copy on my cd. then when the system is up and running, only a small amount need to be downloaded.
  19. well i used the flyakite guide and it doesn't say that they have to be 4 letters. If it does, I stand mistaken, I think it's quite easy to call your folder HOME1 instead of HOM1 and not realise that won't work. As far as Hex Editing, I used XVI32 which is freeware, doesn't cost a penny, but Hex Workshop costs $49.95, that's a bit excessive to search and replace a couple of characters don't you think? especially since they both do the same job for this purpose. I was just adding my experiences in case anyone else comes across the same problem.
  20. ive just had this problem, it turns out when editing the PRO1.DAT files and SETUPLDR.BIN files it can't be any longer than 4 characters. I was using XPPRO and XPHOME, which came up with error code 5, but when I replaced them with PRO1 and HOM1 it works fine! Just thought I'd share that with you all, sorry if someone has mentioned this already!
  21. do you know if it is possible to install Kaspersky AntiVirus on Windows 2000 server? i have downloaded Orca to edit the MSI file but I don't know what I'm doing. Is there a way to fool it to think it is just standard Windows 2000 Professional? any help would be great! Forget it, found out they have a server version which works just fine If a moderator could delete this I would be grateful!
  22. @Alanoll Yes your true about the house, but that is totally different, what i've done is like building a house, having all the gas, electricity and central heating all work ok, then i go and get air conditioning fitted and find that the air conditioning wasn't suitable for the type of wiring in my house. i think that sounds appropriate, just about to leave for work so will read back later. just upgraded my server so i probably won't try any more fixes until the weekend. thanks for all your help folks.
  23. ive not used nlite at all, i didn't even know what it was until someone said it might be that. one other thing, i did have it as a compilation disk e.g. my I386 folder is under X:\SETUP\WINXPPRO\I386 as apposed to X:\I386, could this matter? i will try and fish out an un SP2'd version of Windows and rebuild from scratch as I really would like to add this pack. Also would removing the NT/9X upgrade folders and LANG folder manually make a difference. I appreciate that it isn't a problem with the update pack, but it is a problem when I use it on my copy. There must be some file/folder or structure that isn't what is expected. I'll try later tonight, wish me luck! hehe
  24. ive just tried it again with the lite version and same result, checked the iso all the relevant files are there, very strange, guess ill have to leave this out at this point. it must be something to do with adding this update pack, this is twice now!! **** it, the pack looks awesome i want it to work (
  25. i didnt use nlite though? ah neva mind, just trying to add this pack again, see if it was a one off quirk. EDIT: Just got a sneaking suspicion... when i copy the text into DOSNET.INF and TXTSETUP.SIF there was an extra space after the first line of each text e.g. d1,RVMUpPck.inf <-Space after the 'f' d1,RVMUpPck.cab RVMUpPck.inf = 1,,,,,,,20,0,0 <-Space after the '0' RVMUpPck.cab = 100,,,,,,_x,,3,3 perhaps this is what was causing it, as when i went to Add/Remove Windows Components in the Control Panel, it said can't find "rvmuppck.inf" so perhaps it was looking for that filename but with a space on the end? very minute chance, but could it be?


×
×
  • Create New...