Can't log into bank accounts

R

red12049

Well-Known Member
Reaction score
149
Machine: Gateway Vista 32 bit. IE8 and FF 3.6. Two Identities.

Cleaned viruses/rogues recently. Machine ran like a charm, everything seemed to work fine. Got a call from customer today, neither she nor husband can log into their banks, from either identity. Checked machine, autoruns ok, HijackThis ok, no sign of any infection. Ran combofix, MalwareBytes, and two different virus scanners. Reset IE8, and Firefox. Here's the kicker... I can log into my accounts just fine on that machine. And she can log into her and husbands' accounts on any other machine.

Any thoughts? Appreciate any help.

Rick
 
Hey,

Did you disable any browser plug-ins during the tune-up? Check to see, if so re-enable them all and see if that works? Then obviously disable each one in turn to speed the browser back up (I.E) If its doing it in Firefox, then re-install Flash and Java etc.

Check the date and time correct on the machine.

If that doesn't work try creating a new user account on the computer and see what that does?
 
Reset Internet Explorer to default settings? Theres a button somewhere in the Internet Options box, maybe in advanced settings.
 
bensthelens said:
Hey,

Did you disable any browser plug-ins during the tune-up? Check to see, if so re-enable them all and see if that works? Then obviously disable each one in turn to speed the browser back up (I.E) If its doing it in Firefox, then re-install Flash and Java etc.

Check the date and time correct on the machine.

If that doesn't work try creating a new user account on the computer and see what that does?
Click to expand...

Ben,

Will check date and new account after the holiday. Thank you for jogging my memory.

Everyone else: Except or Norton (not on the system) your questions were answered in my original post. Thanks.

Rick
 
Update:

Date is correct, new account makes no difference.

Any other thoughts? Thanks

Rick
 
test other HTTPS sites like a hotmail login etc and see if that works correctly... if not investigate https in more detail
 
hey..

You didnt mention in your update about the browser plugins i mention in my first post.. Or about flash and java?

Did you check those?

How many instances of internet explorer open in task manager when you open it?

Have you reset windows firewall?

Have you tried without security software installed?

Can you log into hotmail.. Or anything else https?

Have you reset networking components?

Ben
 
bensthelens said:
hey..

You didnt mention in your update about the browser plugins i mention in my first post.. Or about flash and java?

Did you check those?

How many instances of internet explorer open in task manager when you open it?

Have you reset windows firewall?

Have you tried without security software installed?

Can you log into hotmail.. Or anything else https?

Have you reset networking components?

Ben
Click to expand...

Ben,

Done everything here. Machine works fine, you'd never know there was a problem except for those two bank accounts. But they can log into those two accounts on any other computer. I watched them do it in my shop. And I can log into any of my accounts on their computer (different banks). Someone else mentioned their MAC address being blocked by their bank. I'll check that on Tuesday. Thanks for the thoughts.

Rick
 
Sounds like a dns hijack to me i have had dozens of machines hijacked by stealth dns/proxy hijack.
Chances are you missed a rootkit hiding a hijack best to try dr web live cd,then hitman pro i have seen this many times before it will not allow you to go to certain web sites.
 
Do they get an error when they can't log in or is it just a blank page?

Maybe bad cookies or maybe cookies turned off?

Have you tried clearing the Temporary Internet Files, History and Cookies, etc.?

Is a pop-up blocker blocking a pop-up login window?

Did you replace the host file after removing the malware?

Can you ping the banks sites?

Have you tried temporarily disabling your firewall and antimalware software?

Is JavaScript disabled? if it is enabled then disable it and restart the computer and then re-enable it and try logging in.

Do you have the latest version of Java installed?

Does the computers IP stay the same or does it change, the banks servers could be blocking that IP address.

Have you checked the DNS settings and also the proxy settings?

Have you tried enabling compatibility mode in IE?

Have you tried running IE and Firefox with addons/extensions disabled?

Have you tried clearing the SSL state?

After removing the malware did you run system file checker and did you re-register all the .dll files for IE?

Have you tried changing the MTU setting? I've read that a lower value works better like going from 1492 to 1400 or 1472
 
B Trevathan said:
Do they get an error when they can't log in or is it just a blank page?

Maybe bad cookies or maybe cookies turned off?

Have you tried clearing the Temporary Internet Files, History and Cookies, etc.?

Is a pop-up blocker blocking a pop-up login window?

Did you replace the host file after removing the malware?

Can you ping the banks sites?

Have you tried temporarily disabling your firewall and antimalware software?

Is JavaScript disabled? if it is enabled then disable it and restart the computer and then re-enable it and try logging in.

Do you have the latest version of Java installed?

Does the computers IP stay the same or does it change, the banks servers could be blocking that IP address.

Have you checked the DNS settings and also the proxy settings?

Have you tried enabling compatibility mode in IE?

Have you tried running IE and Firefox with addons/extensions disabled?

Have you tried clearing the SSL state?

After removing the malware did you run system file checker and did you re-register all the .dll files for IE?

Have you tried changing the MTU setting? I've read that a lower value works better like going from 1492 to 1400 or 1472
Click to expand...

Customer goes to login page, enters username. Page accepts user name, switches to password. Customer enters password, password is rejected. After so many tries, they have to go through the procedure to reset the password. Then the new password is also rejected (on their machine). On any other machine, username and password work fine. On their machine, I can log into any of my accounts (bank, cc, email) with no problem.

Temp files & cookies gone. Tried IE with no add ons. Reset both IE and Firefox. The machine does it in their location and my shop (different IP addresses). As I said before, the only way you'd know the machine had a problem is with this one bank.

The only thing that has remained constant is the machine's MAC address. Think I'm going to disable the onboard ethernet and install a NIC tomorrow, which will change the MAC, and see if it is the bank blocking that MAC for some reason.

Rick
 
There are MAC changer software (freeware) that you can use. You don't need to change the NIC.
 
red12049 said:
Think I'm going to disable the onboard ethernet and install a NIC tomorrow, which will change the MAC
Click to expand...

You could just change the MAC address value, lots of cards have a setting where you can change it.
locallyadminaddress.gif
change-mac-address.jpg

There are other ways to change it if a card doesn't have a setting but I guess putting in a new card would be just as easy.


The second thing I would try would be the MTU setting. To check the value in Vista just run from a command prompt:
netsh interface ipv4 show subinterfaces
This will show the MTU set by Vista on each network device.
 
Last edited:
Are they using non standard characters in their passwords? Maybe the keyboard has changed, I recently had that on a server and the admin couldn't login caused by the keyboard set to US instead of UK.:) Try the passwords in Notepad so you know the asterisked passwords are indeed correct.
 
Thanks all for the info on MAC address, but just as easy to throw a NIC in it.

Martyn, their username/password works on every other computer but their own. And my username/passwords works fine on their machine. I think that should rule out keyboard, but thanks.

Rick
 
You must log in or register to reply here.

Similar threads

HCHTech
GoDaddy again - Outlook error 7ita9
Replies
3
Views
185
callthatgirl
callthatgirl
callthatgirl
How to Import and Export PST into New Outlook
Replies
0
Views
150
callthatgirl
callthatgirl
HCHTech
Windows server activation problems
Replies
12
Views
833
Sky-Knight
Sky-Knight
HCHTech
Microsoft365 - notification emails that old events on shared calendar are being deleted
Replies
8
Views
1K
Sky-Knight
Sky-Knight
Metanis
[TIP] Automatic updates to digital wallets!
Replies
1
Views
292
britechguy
britechguy
Back
Top