Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Rogue hosts walaying genuine ones

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 05-27-2010
P. Jayant
 

Posts: n/a
Rogue hosts walaying genuine ones
I have been using the web-site of the State Bank of India
(www.onlinesbi.com) for over five years to log-in and pay various bills like
those of the electricity company or the DTH Operator. For the last three
months, however, I have had to change over to the Internet Banking service
of another bank where also I have an account, just because the moment I
enter the onlinesbi address and press enter, a rogue service provider with
the address sbionline.co.in opens up and offers to pay my bills for anything
I need from Real Estate and Jewellery to household appliances and gadgets.
It even presents me a page to enter my username and password just the way
the State Bank of India does. If ever I am inattentive and enter those
details I use for the S B I account, the rogue asks me to fill up a detailed
form of information about my ancestry, current style of living etc. This is
obviously, a phishing racket.
But how do I get rid of it and get to the genuine host I want? I tried the
instructions given in a Microsoft guide
http://www.microsoft.com/windows/ie/.../ietopten.mspx which is
meant for the Error message "the web page could not be displayed" but deals
with rogue hosts. But when I checked in the Windows\system32\drivers\hosts
folder, I did not find any rogue host to put a cross at the start or the end
of its name.

Are there any other ways of stopping the rogue hosts? Is there any authority
apart from S B I themselves who could take action on such rogues? How does
one report these violations to them?

P. Jayant


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-27-2010
VanguardLH
 

Posts: n/a
Re: Rogue hosts walaying genuine ones
P. Jayant wrote:

> I have been using the web-site of the State Bank of India
> (www.onlinesbi.com) for over five years to log-in and pay various bills like
> those of the electricity company or the DTH Operator. For the last three
> months, however, I have had to change over to the Internet Banking service
> of another bank where also I have an account, just because the moment I
> enter the onlinesbi address and press enter, a rogue service provider with
> the address sbionline.co.in opens up and offers to pay my bills for anything
> I need from Real Estate and Jewellery to household appliances and gadgets.
> It even presents me a page to enter my username and password just the way
> the State Bank of India does. If ever I am inattentive and enter those
> details I use for the S B I account, the rogue asks me to fill up a detailed
> form of information about my ancestry, current style of living etc. This is
> obviously, a phishing racket.
> But how do I get rid of it and get to the genuine host I want? I tried the
> instructions given in a Microsoft guide
> http://www.microsoft.com/windows/ie/.../ietopten.mspx which is
> meant for the Error message "the web page could not be displayed" but deals
> with rogue hosts. But when I checked in the Windows\system32\drivers\hosts
> folder, I did not find any rogue host to put a cross at the start or the end
> of its name.
>
> Are there any other ways of stopping the rogue hosts? Is there any authority
> apart from S B I themselves who could take action on such rogues? How does
> one report these violations to them?
>
> P. Jayant


Use a shortcut to eliminate the user blunders of entering the wrong URL
at a later time.

If you are using the correct URL but ending up at a different site then
contact your ISP or whomever's DNS server you are using and inform them
that their DNS server may be poisoned. Until then, you could specify
the IP address of the site as the URL in a shortcut instead of using a
hostname that requires a DNS lookup. If your DNS provider continues to
remain poisoned then you'll have to use someone else's, like OpenDNS.

A hostname not listed in the 'hosts' file is not the only means of
getting redirected to a phishing site. You might be infected with
malware.
Reply With Quote
  #3 (permalink)  
Old 05-27-2010
P. Jayant
 

Posts: n/a
Re: Rogue hosts waylaying genuine ones
Sorry I forgot to mention:
1) I am using Windows XP/SP3
2) my browser is Internet explorer 8 and
3) The Phishing filter is ON


P. Jayant



Reply With Quote
  #4 (permalink)  
Old 05-27-2010
PA Bear [MS MVP]
 

Posts: n/a
Re: Rogue hosts waylaying genuine ones
There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/de...prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

I can recommend the expert assistance offered in these forums:
http://spywarehammer.com/simplemachi...php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php, and
http://aumha.net/viewforum.php?f=30


P. Jayant wrote:
> Sorry I forgot to mention:
> 1) I am using Windows XP/SP3
> 2) my browser is Internet explorer 8 and
> 3) The Phishing filter is ON

<paste>
> I have been using the web-site of the State Bank of India
> (www.onlinesbi.com) for over five years to log-in and pay various bills
> like
> those of the electricity company or the DTH Operator. For the last three
> months, however, I have had to change over to the Internet Banking service
> of another bank where also I have an account, just because the moment I
> enter the onlinesbi address and press enter, a rogue service provider with
> the address sbionline.co.in opens up and offers to pay my bills for
> anything
> I need from Real Estate and Jewellery to household appliances and gadgets.

<blithersnippage>

Reply With Quote
  #5 (permalink)  
Old 05-27-2010
Bob Lucas
 

Posts: n/a
Re: Rogue hosts walaying genuine ones
This comment is in addition to all of the other replies.

I am concerned that you have probably entered your on-line
banking user name and password on a phishing website. I strongly
recommend you use a different computer (from an Internet cafe,
perhaps) to sign into your on-line banking account. Then, you
MUST change your password immediately. Otherwise, the fraudsters
will have access to all the money in your account.

If you cannot access the account, telephone your bank and ask
them to change your password.

I hope this advice is not too late.


"P. Jayant" <p_jayant@dataone.in> wrote in message
news:OrtmgzU$KHA.3880@TK2MSFTNGP04.phx.gbl...
> I have been using the web-site of the State Bank of India
> (www.onlinesbi.com) for over five years to log-in and pay
> various bills like those of the electricity company or the DTH
> Operator. For the last three months, however, I have had to
> change over to the Internet Banking service of another bank
> where also I have an account, just because the moment I enter
> the onlinesbi address and press enter, a rogue service provider
> with the address sbionline.co.in opens up and offers to pay my
> bills for anything I need from Real Estate and Jewellery to
> household appliances and gadgets. It even presents me a page to
> enter my username and password just the way the State Bank of
> India does. If ever I am inattentive and enter those details I
> use for the S B I account, the rogue asks me to fill up a
> detailed form of information about my ancestry, current style
> of living etc. This is obviously, a phishing racket.
> But how do I get rid of it and get to the genuine host I want?
> I tried the instructions given in a Microsoft guide
> http://www.microsoft.com/windows/ie/.../ietopten.mspx
> which is meant for the Error message "the web page could not be
> displayed" but deals with rogue hosts. But when I checked in
> the Windows\system32\drivers\hosts folder, I did not find any
> rogue host to put a cross at the start or the end of its name.
>
> Are there any other ways of stopping the rogue hosts? Is there
> any authority apart from S B I themselves who could take action
> on such rogues? How does one report these violations to them?
>
> P. Jayant
>

Reply With Quote
  #6 (permalink)  
Old 05-27-2010
Dan
 

Posts: n/a
Re: Rogue hosts walaying genuine ones

"P. Jayant" <p_jayant@dataone.in> wrote in message
news:OrtmgzU$KHA.3880@TK2MSFTNGP04.phx.gbl...
> I have been using the web-site of the State Bank of India
> (www.onlinesbi.com) for over five years to log-in and pay various bills
> like those of the electricity company or the DTH Operator. For the last
> three months, however, I have had to change over to the Internet Banking
> service of another bank where also I have an account, just because the
> moment I enter the onlinesbi address and press enter, a rogue service
> provider with the address sbionline.co.in opens up and offers to pay my
> bills for anything I need from Real Estate and Jewellery to household
> appliances and gadgets. It even presents me a page to enter my username
> and password just the way the State Bank of India does. If ever I am
> inattentive and enter those details I use for the S B I account, the rogue
> asks me to fill up a detailed form of information about my ancestry,
> current style of living etc. This is obviously, a phishing racket.
> But how do I get rid of it and get to the genuine host I want? I tried the
> instructions given in a Microsoft guide
> http://www.microsoft.com/windows/ie/.../ietopten.mspx which
> is meant for the Error message "the web page could not be displayed" but
> deals with rogue hosts. But when I checked in the
> Windows\system32\drivers\hosts folder, I did not find any rogue host to
> put a cross at the start or the end of its name.
>
> Are there any other ways of stopping the rogue hosts? Is there any
> authority apart from S B I themselves who could take action on such
> rogues? How does one report these violations to them?
>
> P. Jayant
>


It depends on how deeply it's in the system, but you may find that
Malwarebytes Anti-Malware from http://www.malwarebytes.org/ may clear this
out, just try the free version. However, if it's like one of the systems I
had to clear recently that has this embedded right down as a rootkit with
boot sector code then it'll be a tedious job to remove, I'd only recommend
this for someone who is happy to run Combofix and go through all the
required steps (so far I haven't had a single system not get cleaned with
this).

I'd also second Bob's reply - if you've already entered some of the details
including your password get onto your bank and let them know, and get your
password changed (and login name/id if possible) as well as any other
secondary password/PIN that they use to identify you, and if you have no
other PC to use that you know is clean then also ask them to suspend your
online banking while you sort out your PC.

The only sure way to get rid of something like this is a reformat and
reinstall, however I would suggest that if you do this that you maybe use a
low level format utility from the hard disk manufacturer first as otherwise
you risk the malware installer being executed once Windows has been
reinstalled if it's in the boot sector of the disk.

Reporting violations is often a waste of time, especially as sbionline.co.in
is located in Germany and the IP is owned by PlusLine Systemhaus GmbH so
your bank could likely do nothing anyway. With one of the recent infections
I've cleaned up I reported the phishing site to both the bank concerned (in
the UK) and the company in the US who run the datacentre where the rogue
site is hosted, the bank simply said there was nothing they could do and the
hosting company never replied and simply closed the real time chat windows I
used for technical support, and the rogue was still up and running weeks
later and is probably still there.

--
Dan

Reply With Quote
  #7 (permalink)  
Old 05-27-2010
Rob
 

Posts: n/a
Re: Rogue hosts walaying genuine ones
Bob Lucas <bob@nospam.com> wrote:
> I am concerned that you have probably entered your on-line
> banking user name and password on a phishing website. I strongly
> recommend you use a different computer (from an Internet cafe,
> perhaps) to sign into your on-line banking account. Then, you
> MUST change your password immediately. Otherwise, the fraudsters
> will have access to all the money in your account.


It must be quite a stupid and insecure bank when they allow access
to all the money in your account with only a username and password...

Which reputable bank would ever allow such an insecure web access??
Reply With Quote
  #8 (permalink)  
Old 05-27-2010
Tom Willett
 

Posts: n/a
Re: Rogue hosts walaying genuine ones


:
: It must be quite a stupid and insecure bank when they allow access
: to all the money in your account with only a username and password...
:
: Which reputable bank would ever allow such an insecure web access??

Hear! Hear!

I have to take about 5 steps to log in to mine.



Reply With Quote
  #9 (permalink)  
Old 05-27-2010
Bob Lucas
 

Posts: n/a
Re: Rogue hosts walaying genuine ones
Quite right. Unfortunately, I cannot comment upon the adequacy
of the security procedures adopted by Indian banks.

I hope the bank's security procedures will be sufficiently robust
to thwart any attempted fraud. However, don't forget that in his
original posting, the OP stated that the website asked him to
"fill up a detailed form of information about his ancestry,
current style of living etc". It follows that the fraudsters
were probably trying to harvest sufficient information to access
the account.

Even if the OP did not disclose any personal info., I stand by my
previous advice that he should change his password (plus any
secret security questions and answers) without delay. Better
safe than sorry!


"Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
news:#iCErmc$KHA.5476@TK2MSFTNGP06.phx.gbl...
>
>
> :
> : It must be quite a stupid and insecure bank when they allow
> access
> : to all the money in your account with only a username and
> password...
> :
> : Which reputable bank would ever allow such an insecure web
> access??
>
> Hear! Hear!
>
> I have to take about 5 steps to log in to mine.
>
>
>

Reply With Quote
  #10 (permalink)  
Old 05-28-2010
P. Jayant
 

Posts: n/a
Re: Rogue hosts walaying genuine ones
No. I did not enter my Username and password. I only mentioned that the
rogue put up a page identical to that of the bank asking me to enter those
details. I promptly knew it was a phishing attempt.

P. Jayant


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOSTS File Muddled Mike Windows Vista Home Premium 1 02-26-2010 14:32
hosts file Greg G microsoft.public.internetexplorer.general 2 08-21-2008 22:17
A "genuine" Vista losses registration and becomes "not genuine" Jose microsoft.public.windows.vista.general 38 07-28-2008 04:08
wat gebeurt er na een genuine check als office niet genuine is? soluti microsoft.public.nl.windows.vista 4 06-02-2008 13:55
KMS Hosts TSAM microsoft.public.windows.vista.general 0 03-03-2008 17:52




All times are GMT +1. The time now is 23:47.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120