Is there a way for sites to detect and block this?
No. The host is compromised.
Even if the bank mailed you a copy of their real cert, the compromised host could just update the malware to fetch the real cert and display that when the user tries to view the cert's details.
Even if the bank handed you a copy of a UNIQUE cert they use for ONLY for you, IN PERSON, and you handed them your own UNIQUE client cert, the compromised host could just watch all the legit shit happen when you log in the first time, then fuck you in the ass with that legit information.
Even "2-factor" authentication with a RSA clock won't help - these codes are good for a window of time (to allow people time to enter them and to allow for latency, clock skew, etc.). A compromised host can just use the same valid code rapidly within that window. Some systems require you to enter two distinct codes for a transaction, but this doesn't solve anything either as a compromised host can just trick the user into thinking they're moving $100 into their account when the real transaction is moving $10000 into the attackers account.
True one-time use keys don't fix this either.