PayPal is infected

MUST READ THIS

THIS TOO.

Earlier I was looking at glow products and Norton told me that I was under attack. I clicked the ok/shut up button, then it popped up again. This started to happed as quick as I could push the button. I immediately turned off the computer, started it up again ran a complete scan, then opened up my horrible browser, and ate all my cookies. I've started emptying my cookie jar and my temp files daily, and everytime I buy something online.

Somebody needs to find these guys and /ubbthreads/images/graemlins/twakfl.gif, no /ubbthreads/images/graemlins/xyxgun.gif, that's more like it.

Is this why I haven't been able to log in to PayPal all afternoon? I thought it might be my computer, but the problem websites seem very limited, so a computer problem on my end seemed less likely.

I haven't tried logging in, and I'm not going to, at least today. They don't want to tell us all the sites that are infected. I even heard the Microsoft site and some of their servers were infected.

I logged in earlier and didn't have a problem, maybe it's fixed? I'm running ZoneAlarm Pro and Computer Associate's EZ AntiVirus and they are both up to date.

This is still another reason that I use Netscape.
It seems that most of these "bugs" attack IE or Outlook.

Glenn

I prefer Mozilla over Netscape (and both beat IE by a mile). My computer geek son tells me they use the same SW engine, and you can shut off all pop-ups/unders with Mozilla.

Some interesting stuff about Paypal over at glocktalk.com

They don't seem to be the friend of gun owners.

The Beam,

I was about to ask if Mozilla is affected. But then I read the last paragraph of your second link, which says:

The Macintosh version of Internet Explorer is not affected, nor are non-Microsoft browsers such as Mozilla, Opera and Apple Computer Inc.'s Safari browser, security experts said.

That's good news for some of us. Thanks for starting this thread.

Paul

well, we'll have to accept that the net has lost its innocence and is becoming just like the streets of NY ...
/ubbthreads/images/graemlins/frown.gif
bernhard

Are we sure paypal is infected by this?

[ QUOTE ]
Kiessling said:
well, we'll have to accept that the net has lost its innocence and is becoming just like the streets of NY ...
/ubbthreads/images/graemlins/frown.gif
bernhard

[/ QUOTE ]

You mean less crime ridden than most big European cities? /ubbthreads/images/graemlins/wink.gif Hehehe.... I'm just messing with ya. But seriously, why do you guys have such a bad image of NY? /ubbthreads/images/graemlins/thinking.gif Have you guys checked crime stats? Have you ever even been here?

edit: I read that turning off java keeps this virus from infecting your computer. So do that for now.

[ QUOTE ]
tylerdurden said:
Are we sure paypal is infected by this?

[/ QUOTE ]
--------------------
I'll be a volunteer...you PayPal me $20 and I'll let you know if I got it! /ubbthreads/images/graemlins/grin.gif (Sorry - my typing fingers were in control and I couldn't resist!)

sorry Sinjz ... /ubbthreads/images/graemlins/grin.gif ... take it as ignorance from a stranger, and replace NY with Berlin or Moskov then ...
bernhard /ubbthreads/images/graemlins/tongue.gif

P.S.: been there, liked it, but only 5 days ...

Yet another reason I use Opera.

Running ZoneAlarm and AVG (set to update daily) and haven't had anything unusual show up here.

I use Netscape... using IE is just asking to be infected, if not from this than from something else...

Long story, but maybe it might come in handy to someone.

Working on my sisters computer over the past couple of weeks has been a wakeup for me. I had set her up with Win 2k and Norton, behind a router and had forgot to get back and install a software firewall thinking hey, she'll probably be ok...

Sigh, wow did I pay. She called me and was complaining about popups, her homepage being hijacked, and her searches always taking her to a certain site she'd never seen before. All stuff I had heard of. I was sure I could easily fix it and finally get around to installing a firewall. But then she confused me when she said the pop-ups came up whether she was browsing or not... /ubbthreads/images/graemlins/confused.gif

Anyone had any experience with Look2Me ?

Besides a bunch of the standard stuff (tscash, etc) she had this little gem. WOW is this a PITA! Just like she said it initiates pop-ups out of nowhere soon after Windows start up, browser running or no. And it works by .dlls that are randomly named so you can't just search for specific ones to identify the culprit. More irritating, it inserts itself into Explorer.exe so 1. You don't see it running in Task Manager, 2. Your firewall quite possibly won't question it querying Look2Me servers, and 3. Its .dll's can't be deleted even in safe mode, this means AdAware and Spybot don't even dent it. AND, the dll has copies that, working in conjunction with registry entries, recreates the .dll if anything does somehow happen to it.

/ubbthreads/images/graemlins/banghead.gif

Plus its constantly updated so alot of the tools and info out there to deal with it doesn't necessarily apply anymore.
What I finally ended up doing was using Adaware to identify the name of the .dll (ie. the one it couldn't delete) I looked and identified several similarly named dll's. Then I used my Win 2k CD to boot into the recovery console and deleted (actually renamed to *.bak for safety) each of these dlls. (Then I used the recovery console to rename one of the dlls back to *.dll since it wasn't related to look2me and was, I discovered, quite necessary for Windows to run. sigh) Back into safe mode and run adaware to clean up any detrius and manually cleaned up any bad entries in the registry.

The author of this scrourge is apparently a guy named Timothy Nichols. If anyone knows him and sees him, please punch him dead in the face for me and bunch of other net users.

Anyway, the moral of the story is I quickly moved my own system over to Firefox, did likewise for my sister (along with Zone Alarm Pro of course) and moved us both over to Sun's Java VM for good measure. Got a date tomorrow with my mom to give her system (running Tiny Firewall thank God) the same treatment.

ActiveX is no longer welcome in my household.

Michiganman,

Sounds similar to the one that got me abt 3 weeks ago. (I was running ZoneAlarm Pro and NAV and was hijacked anyway!) Mine's called coolsearch and it is immune to Spybot, latest AdAware and PestPatrol. The "Pros" are still working on an extraction tool. I gave up!! Running Mozilla now which is immune. I'd also like a little time (in the dark) with those S.O.B.'s.

Larry

tvodrd, go here. Try his CWShredder and see if it helps you. I've also gotten some good use out of his HijackThis which has replaced PCMag's StartupCopPro in my toolbelt. (Note: Please do a search on Google for these names to check for any reports of malfeasance. I know they're safe and effective but it would be foolish not to check them out first before using them on your system) /ubbthreads/images/graemlins/smile.gif

As for ZoneAlarm, I think the key is keeping the "Block Embedded Objects" in the Mobile Code section checked. I have always done that and haven't encountered _any_ bugs on my personal system.

Hi MichiganMan,

HijackThis/SpywareGuard (running now!)-been that route. I lack the competance to mess around in my registry. I have printed out and run some very complicated procedures to remove it without sucess. At least this one (came from Russia) doesn't contain a keylogger or call home! Thanks for the tip on "Block Embedded Objects." That was set for "off."

Larry