"P. Jayant" <> wrote in message
news:OrtmgzU$...
> I have been using the web-site of the State Bank of India
> (www.onlinesbi.com) for over five years to log-in and pay various bills
> like those of the electricity company or the DTH Operator. For the last
> three months, however, I have had to change over to the Internet Banking
> service of another bank where also I have an account, just because the
> moment I enter the onlinesbi address and press enter, a rogue service
> provider with the address sbionline.co.in opens up and offers to pay my
> bills for anything I need from Real Estate and Jewellery to household
> appliances and gadgets. It even presents me a page to enter my username
> and password just the way the State Bank of India does. If ever I am
> inattentive and enter those details I use for the S B I account, the rogue
> asks me to fill up a detailed form of information about my ancestry,
> current style of living etc. This is obviously, a phishing racket.
> But how do I get rid of it and get to the genuine host I want? I tried the
> instructions given in a Microsoft guide
> http://www.microsoft.com/windows/ie/.../ietopten.mspx which
> is meant for the Error message "the web page could not be displayed" but
> deals with rogue hosts. But when I checked in the
> Windows\system32\drivers\hosts folder, I did not find any rogue host to
> put a cross at the start or the end of its name.
>
> Are there any other ways of stopping the rogue hosts? Is there any
> authority apart from S B I themselves who could take action on such
> rogues? How does one report these violations to them?
>
> P. Jayant
>
It depends on how deeply it's in the system, but you may find that
Malwarebytes Anti-Malware from
http://www.malwarebytes.org/ may clear this
out, just try the free version. However, if it's like one of the systems I
had to clear recently that has this embedded right down as a rootkit with
boot sector code then it'll be a tedious job to remove, I'd only recommend
this for someone who is happy to run Combofix and go through all the
required steps (so far I haven't had a single system not get cleaned with
this).
I'd also second Bob's reply - if you've already entered some of the details
including your password get onto your bank and let them know, and get your
password changed (and login name/id if possible) as well as any other
secondary password/PIN that they use to identify you, and if you have no
other PC to use that you know is clean then also ask them to suspend your
online banking while you sort out your PC.
The only sure way to get rid of something like this is a reformat and
reinstall, however I would suggest that if you do this that you maybe use a
low level format utility from the hard disk manufacturer first as otherwise
you risk the malware installer being executed once Windows has been
reinstalled if it's in the boot sector of the disk.
Reporting violations is often a waste of time, especially as sbionline.co.in
is located in Germany and the IP is owned by PlusLine Systemhaus GmbH so
your bank could likely do nothing anyway. With one of the recent infections
I've cleaned up I reported the phishing site to both the bank concerned (in
the UK) and the company in the US who run the datacentre where the rogue
site is hosted, the bank simply said there was nothing they could do and the
hosting company never replied and simply closed the real time chat windows I
used for technical support, and the rogue was still up and running weeks
later and is probably still there.
--
Dan
Similar Threads
Linear Mode
