paul3vanz

Calling all security experts... Basically, with our bank (HSBC UK), when you access the Internet Banking in Internet Explorer 8, the login page goes through ok, with SSL enabled and the green address bar, until the page that requests the random digits from the security code and my date of birth. If the security software that our bank recommends (Trusteer Rapport) is enabled, when you submit the page, the next page contains a broken HSBC page and the rapport log shows "IP adress 116.125.172.233 doesn't match HSBC". It appears that Rapport tries to intervene, but fails... The page URL then turns to hxxp://fred6rer.net/1/2/portal/5ee2aa71870dada9032b520ce9728047.php?id=65940D2548A7316FD91C8C91A1E2F4E8&u=aHR0cHM6Ly93d3cuaHNiYy5jby51ay8xLzIvO2pzZXNzaW9uaWQ9MDAwMF9CM0N4S09DNTlPSWpSeldZaGVrUVYyOjE0ZXQ1bTh0Mztqc2Vzc2lvbmlkPTAwMDBfQjNDeEtPQzU5T0lqUnpXWWhla1FWMjoxNGV0NW04dDM/aWR2X2NtZD1pZHYuQ3VzdG9tZXJNaWdyYXRpb24= This is obviously a phishing attempt, especially when looking at the domain more closely, reveals that the primary name server of fred6rer.net is NS1.ZZ8NS.COM, which is registered with DOTNAME KOREA CORP (http://www.dotname.co.kr) http://reports.internic.net/cgi/whois?whois_nic=fred6rer.net&type=domain http://reports.internic.net/cgi/whois?whois_nic=ZZ8NS.COM&type=domain if Rapport is disabled and you try to log in (using made-up login details), after entering the digits from the security code and date of birth, the following page is a replica of the HSBC site, but with a phishing message... It states that the digits you entered weren't recognised and asks you to enter the full security code in the box provided. This page shows the URL as hsbc.co.uk, starting with https:// but there is no padlock or green address bar. This only occurs on Internet Explorer, not Firefox. With Firefox, when you try to log in (with incorrect details), the final stage of the login just states that the details were incorrect, which is the correct thing that should happen. I then wanted to see if this affected other banks, so I tried going to another bank (Lloyds TSB - which we are not customers with) and a similar thing happens, the login page asks first for random digits and the SSL shows the green bar to show the site is safe, but when you submit that page, it asks for you memorable place, phone banking security code and date of birth. I am using Avira Antivirus, Spybot, Malwarebytes Antimalware and I've just installed Windows Defender. They say they have removed everything they found, but this still happens. I ran HijackThis and I can't see anything untoward. I ran LSPFix as I read that LSPs can intercept traffic. I want to know how can malware do this , while still show a valid URL for the bank and why is it only in Internet Explorer. Don't LSPs affect all browsers? I am going to format the hard drive and reinstall Windows, but I just want to get to the bottom of how this malware is working. hijackthis.log.txt

Seems like it did affect everyone lol: http://www.pocket-lint.co.uk/news/news.pht...g-malware.phtml http://www.making-the-web.com/2009/01/31/g...stops-searches/ It's fixed now and only lasted for around half an hour, which explains why it did it on my laptop but not my main computer, i must have noticed on my laptop a few minutes before they fixed the bug and checked my main computer after they fixed it. It's quite scary to think that Google can stop working. How on earth will I find the answer to the most trivial rubbish that pops into my head?

It's Internet Explorer 7, the green star/tick is AVG Antivirus Free. It supposedly reports bad sites. Google is now working alright for me. Bizarre!

I don't know whether this is happening to anyone else, but every link on Google Search results warns that it may 'harm my computer'. Here's what I get: (Note: I couldn't resist by searching for this hehe)

Cacti certainly looks interesting. I will give it a go when I can, not sure whether it will work with my router though (Orange Broadband LiveBox), thanks very much for your help viperz2000. DU Meter looks good too, I don't think it will distinguish between Internet and LAN traffic though, briefly looking through the Options thanks for the suggestion though ringfinger.

Hi folks, Is there any software (preferably free) that can monitor how much I download/upload over a month. I know there are many tools out there that do this, but... I'm using the Internet on a desktop and a laptop, both through wireless ADSL and I copy files between these computers. The software I've tried so far, doesn't distinguish between Internet traffic and LAN traffic. I just want to find out how much I've downloaded in a month, excluding transferring files over the LAN. Any ideas? (wasn't sure whether to post this in here or the software forum)

i had this happen with exactly those 2 files, it may not be this, but my files happen to get corrupted, god knows how. try double-clicking them on your computer to see if the unpack the files correctly, thats a start anyways....

only way i can think of is by installing Roboform: http://www.roboform.com/ you can save and autofill passwords and forms. if you want it for unattended Windows then, install it silently, copy across your data folder (something like C:\My Roboform Data\) and that should do it. don't ask how as ive not tried it.

i always thought Windows ME sounded like a disease, strangely ME is a disease where people get all lethargic, kinda like the way the operating system acts! I'd sooner use Windows 2000 for a game than ME. What's you hardware specs, I'm sure you'll be able to run 2000 fine. P.S. I don't mean any disrespect to anyone with the disease!

try these locations, these are the most obvious ones: Registry Entries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Folder Locations C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\YOURUSERNAME\Start Menu\Programs\Startup also try this freeware app, lists them all for you, saves hunting round the registry: http://www.snapfiles.com/get/autoruns.html here's some more info on stratup locations as well: http://aroundcny.com/technofile/texts/tec022402.html there's absolutely loads of entries from what i've found. i saw a virus/spyware attach itself to every single one of them. services and the task scheduler are another idea, check them out and possible disable them.

if you've already bought it, why don't you just try it out? just check you have updated graphics drivers and directx then it should run fine. tis a good game, i bought it a couple of weeks back.

this will delete that entire -Site0 key: [-HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] delete a value (will delete the line about local directory): [HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] -"Local Directory"=dword:00000001 delete contents of a value (will blank the local directory value): [HKEY_LOCAL_MACHINE\Software\Macromedia\Sites\-Site0] "Local Directory"=- that should all work ok, hope this is of use to you. Whoops, fixed mistake as mentioned below, sorry!

this one had me stumped for ages!! i could add all the reg's in the world, but could i delete one? no! well anyways, all you have to do is add a minus (-) before the line of registry you want to delete. will post an example in a minute

yes please would be grateful if you could post it on here

i used Symantec for a while but I have noticed it miss a few things, also its interface is a bit naff, nortons is much better. on a side note, i am now using Kaspersky Personal 5, which is great, it has a better interface than previous versions and has a great track record for picking up viruses. Costs around £25 of their web-site. The install is just under 10 meg. it can scan 100s of different types of archives, much better than norton/symantec. i always went for norton because of the name, but then i found out the statistics compared to cheaper/free AV software.