Help! What would you do to avoid Paypal identity theft?

Question

hatespy 0 Newbie Poster

16 Years Ago

Hi,

Yesterday when I used IE 6 to go to Paypal web site, it went to www.paypal.com.org. So I closed the browser and didn't go there again. Is my PC infected ? I just went to Paypal web site again today, it seemed to be the genunine Paypal site.

What should I do to avoid identity theft in this case?

I have NOD32, ZoneAlarm with Antivirus, Spyware Blaster for online protection. I periodically scan my PC with Spybot Search & Destroy, Spyware Terminator and A-squared free. Are there any other software I should have?

Thanks in advance.

windows-virus

3 Contributors
4 Replies
145 Views
19 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by jbennet

jbennet 1,618 Most Valuable Poster

16 Years Ago

yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

gerbil 216 Industrious Poster · Answer 1 · 2008-02-18T17:39:08+00:00

Hatespy, it is most likely not a problem with your computer, more likely Paypal was momentarily down and IE then fooled with the URL. If you want a complete explanation [or one, anyway] click on the link in your post above and then in the webpage that opens click the link How you got here...
Com.org is benign.

hatespy 0 Newbie Poster · Answer 2 · 2008-02-18T21:36:55+00:00

Thanks a lot, folks!

James, I checked the "hosts" file as suggested, below "127.0.0.1 localhost" there are tons of weird URLs I never visited.

Should I delete all of them?

Would there be any risk involved?

Thanks!

yeah it seems a virus has modified a thing called your hosts file to redirect you.
Do it in this order
the "hosts" file lives in C:\WINDOWS\system32\drivers\etc
IT SHOULD ONLY CONTAIN
127.0.0.1       localhost
also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.
next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure
after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

jbennet 1,618 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2008-02-18T22:36:27+00:00

spybots immunisation adds some lines, but spyware can add lines too. delete everything apart from the "127.0.0.1 localhost" line and reapply the spybot immunisations