Strange problem with Banking Sites.

Acer / Aspire 5633wlmi
May 18, 2009 at 06:13:46
Specs: Windows XP

Around the middle of April was when i first experienced this problem. I used to be able to go to and click on the login button there to go to the Internet Banking Screen. But since mid april, when I do this, the following happens...
The address bar shows
The page looks like the bank but where I used to enter my login details now theres a message...
We're sorry but the service is temporarily unavailable. Please try again later.

I've tried calling the bank but they say theres no problem with their systems. Also I have no problem with their website on another machine and am even able to login to my account.

On my laptop however, I'm unable to see the login form, no matter which browser I use, be it IE7, IE8, Firefox 3, Safari or Opera!

I dont have any other problems and am able to login to hotmail and other secure sites without a problem.

Another problem is with Yorkshire bank, if I try and login to their banking interface, Firefox gives me this error messgae. uses an invalid security certificate.

But I know that theres nothing wrong with the certificate as I dont get this message if I login from another machine.

I tried to uninstall the last few windows updates but that didnt help either. I've tried restoring the registry to a few days in the early days of April but that didnt help either. So I'm not sure what has happened in April to cause this problem. I've only noticed one other post online of a user with a simlar problem and he solved it by reinstalling windows! But given the stuff I have on my laptop that would be my last resort, so I'm hoping someone here will be able to help or atleast point me in the right direction.


See More: Strange problem with Banking Sites.

Report •

May 18, 2009 at 06:17:34
Can you please post your AVZ log:

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

Report •

May 19, 2009 at 00:28:12
Hi Neoark,

Thanks in advance. Here is the link...


Report •

May 19, 2009 at 04:06:23
It does seems like your host file was hijacked. Please run this script in AVZ:

SearchRootkit(true, true);

Your computer will reboot after it reboots follow this steps:

Attach a Combofix log, please review and follow these instructions carefully.

Download it here ->

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs ( Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.

To Private Message me Click Here

Report •

Related Solutions

May 19, 2009 at 04:48:33

Thanks a million for this. I've not only saved myself having to redo my entire laptop but I've also learned something from this. As always now it makes perfect sense.

After reading your post, I viewed my hosts file and found a massive list of banks in there. So indeed, the hosts file was hijacked! So I deleted all those records, saved it, rebooted and then was able to view the natwest login screen. I didnt login tho as I had one final question to ask you....

Do I still need to do the steps you have requested above, or is this enough? Let me know...

Thanks again,

Report •

May 19, 2009 at 05:02:21
Well yeh we don't know what caused those entries. Did you get infected before and kaspersky fixed it? If you know the cause of those entries then just run a full system scan with kaspersky. Also change all your passwords. Last thing is your dns server might still be hijacked switch to .

To Private Message me Click Here

Report •

May 21, 2009 at 06:48:48

Thanks. Yes I'd noticed a problem and had done a virus scan, found the virus/trojan. But couldnt figure out why I couldnt get onto the banking sites.

Now all seems to be well. I've run scans on all machines on my home and office network and none have found any problems. I also did an ipconfig /all and confirmed that my DNS servers were correct. Lastly I've run scans for two consecutive nights in a row with reboots inbetween and they have come up all clean. So I guess alls well now. And yes, I'm now able to access all banking sites as well.

I cant thank you enough as you have indeed saved me a lot of hassle. Thanks again!


Report •

Ask Question