Member Avatar for hatespy

Hi,

Yesterday when I used IE 6 to go to Paypal web site, it went to www.paypal.com.org. So I closed the browser and didn't go there again. Is my PC infected ? I just went to Paypal web site again today, it seemed to be the genunine Paypal site.

What should I do to avoid identity theft in this case?

I have NOD32, ZoneAlarm with Antivirus, Spyware Blaster for online protection. I periodically scan my PC with Spybot Search & Destroy, Spyware Terminator and A-squared free. Are there any other software I should have?

Thanks in advance.

  • 3 Contributors
  • 4 Replies
  • 145 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by jbennet

Recommended Answers

All 4 Replies

Member Avatar for jbennet

yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

Member Avatar for gerbil

Hatespy, it is most likely not a problem with your computer, more likely Paypal was momentarily down and IE then fooled with the URL. If you want a complete explanation [or one, anyway] click on the link in your post above and then in the webpage that opens click the link How you got here...
Com.org is benign.

Member Avatar for hatespy

Thanks a lot, folks!

James, I checked the "hosts" file as suggested, below "127.0.0.1 localhost" there are tons of weird URLs I never visited.

Should I delete all of them?

Would there be any risk involved?

Thanks!


yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

Member Avatar for jbennet

spybots immunisation adds some lines, but spyware can add lines too. delete everything apart from the "127.0.0.1 localhost" line and reapply the spybot immunisations

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.