# Online Banking Virus Page



## roker (23 Jan 2010)

Today I tried to go on line to my UK bank account, and was puzzled that it had 3 boxes 

1/ User ID
2/ Password
3/ Memorable Information (all of it)

I entered User ID and Password, but not Memorable Information because last time I logged on, it asked for about 4 or 6 random number/position from these details.

I phone the bank help line and they told me I had a virus and that this was a false scam page and do not enter my Memorable details. I have run a virus scan and sent the page to the bank security, but so far cannot log on to my account because this page is still there, or change my password, it is exactly as the bank page with an extra box. Fortunately they need all 3 details to access my account


----------



## Complainer (23 Jan 2010)

How do you bring up the page? Do you have it logged in your favourites/bookmarks? Try typing in the URL of the bank in the address bar at the top.


----------



## AlbacoreA (24 Jan 2010)

If the bank knows this spam page. They must know how to clean it out.


----------



## roker (24 Jan 2010)

After entering the bank webpage, from my Favourite, when I go to log in account, it brings up the false page. This is frightening, although I keep my anti virus and spyware up to date, I had 5 Trojans after hours of scanning, I now have the correct page with two boxes for logging in but it still has the same htpps web address, the lock at the bottom is greyed out, so I am still suspicious and cannot and will not log in. The only way now is to telephone the bank and write a letter. I was surprised how relaxed the bank was on this issue when I phone, they told me to run Anti virus scan. Any advise would be welcome


----------



## AlbacoreA (24 Jan 2010)

What av are you running. Have you run Ccleaner and spybot?


----------



## roker (24 Jan 2010)

I have Avast and Spybot. Spybot picked up what Avast missed. I did notice that something was switching off my Firewall for a couple of week.
I deleted my shortcut from my Favourites and entered the bank from the web page and now seem to have the correct page which will not let me log in because the bank security have informed me they have disabled it, which makes me feel a little more at ease.

This is one of them Win32.Zbot
[broken link removed]


----------



## AlbacoreA (24 Jan 2010)

Sounds like you have it sorted. It not unusual for SpyBot to catch things the AV doesn't. Its doing a different thing.


----------



## roker (24 Jan 2010)

Just a warning to others, it was so clever throwing up an almost identical bank page, it even had warnings on it about giving away details and sending to the security depatment.


----------



## AlbacoreA (24 Jan 2010)

Its good practice to check the url of sites where you enter details. 

Also don't use the same username and password for different sites. 

As the problems at boards.ie demonstrates.


----------



## roker (24 Jan 2010)

How do I check the URL? The sight seemed secure because it had hpps//  only the lock at the bottom of the screen was grey


----------



## AlbacoreA (24 Jan 2010)

As far as I know, they can't spoof the domain name. If check the correct page with the fake one the root is normally different. It might have your bank name, or a modified version of it somewhere in it, to fool people. But they won't have the same domain as your real bank. It may be almost the same, but its not the same.


----------



## roker (26 Jan 2010)

Did another scan and it was back (WIN32.Zbot), only Avast picked it up this time. I cannot understand how it gets in.


----------



## AlbacoreA (26 Jan 2010)

Make sure its not this...
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=377


----------

