Hi,

Yesterday when I used IE 6 to go to Paypal web site, it went to www.paypal.com.org. So I closed the browser and didn't go there again. Is my PC infected ? I just went to Paypal web site again today, it seemed to be the genunine Paypal site.

What should I do to avoid identity theft in this case?

I have NOD32, ZoneAlarm with Antivirus, Spyware Blaster for online protection. I periodically scan my PC with Spybot Search & Destroy, Spyware Terminator and A-squared free. Are there any other software I should have?

Thanks in advance.

yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

Hatespy, it is most likely not a problem with your computer, more likely Paypal was momentarily down and IE then fooled with the URL. If you want a complete explanation [or one, anyway] click on the link in your post above and then in the webpage that opens click the link How you got here...
Com.org is benign.

Thanks a lot, folks!

James, I checked the "hosts" file as suggested, below "127.0.0.1 localhost" there are tons of weird URLs I never visited.

Should I delete all of them?

Would there be any risk involved?

Thanks!


yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

spybots immunisation adds some lines, but spyware can add lines too. delete everything apart from the "127.0.0.1 localhost" line and reapply the spybot immunisations

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.