0

Hi,

Yesterday when I used IE 6 to go to Paypal web site, it went to www.paypal.com.org. So I closed the browser and didn't go there again. Is my PC infected ? I just went to Paypal web site again today, it seemed to be the genunine Paypal site.

What should I do to avoid identity theft in this case?

I have NOD32, ZoneAlarm with Antivirus, Spyware Blaster for online protection. I periodically scan my PC with Spybot Search & Destroy, Spyware Terminator and A-squared free. Are there any other software I should have?

Thanks in advance.

3
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by jbennet
0

yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

0

Hatespy, it is most likely not a problem with your computer, more likely Paypal was momentarily down and IE then fooled with the URL. If you want a complete explanation [or one, anyway] click on the link in your post above and then in the webpage that opens click the link How you got here...
Com.org is benign.

0

Thanks a lot, folks!

James, I checked the "hosts" file as suggested, below "127.0.0.1 localhost" there are tons of weird URLs I never visited.

Should I delete all of them?

Would there be any risk involved?

Thanks!


yeah it seems a virus has modified a thing called your hosts file to redirect you.

Do it in this order

the "hosts" file lives in C:\WINDOWS\system32\drivers\etc

IT SHOULD ONLY CONTAIN

127.0.0.1       localhost

also check the file "lmhosts.sam". Everything should be commented out with a # - if anything is on a line on its own then delete it.

next, go into spybot s+d and do a scan and fix all then do "immunise"
then check with all your other programs to be sure

after that download a tool called HijackThis. Rename hijackthis to something else and then run it. Choose to run a scan and save a log. Post the log file here.

0

spybots immunisation adds some lines, but spyware can add lines too. delete everything apart from the "127.0.0.1 localhost" line and reapply the spybot immunisations

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.