• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

need help identifying a virus I received from EBAY

S

stockriderman

Senior member
I received an email from ebay.It was from Ebay and it wasn't asking for any passwords. Just normal email telling me of new promotions and stuff. My kasperky anivirus detected a virus in the body

trojan-spy.html.fraud.gen. anyone heard of it?
 
Check your HOSTS file in C:\WINDOWS\SYSTEM32\DRIVERS\ETC\ to ensure that it hasn't been modified. Some of the phish emails don't actually phish, they modify your HOSTS file so that the next time you try to visit your banking site or whatever, you get re-routed to an identical copy of it and they've got you.

Another benefit of using Limited / Restricted-User accounts 🙂 HOSTS file = teh untouchAble for any process running with your privilege level that way.
 
It probably was not from eBay. Spoofed address and a virus/worm to set your PC up for relaying spam (or for adware, porn dialer, denail of service attacks, etc.).
 
Originally posted by: stockriderman
What am I suppose to look at that hosts.bak file? There's some info there. nothing that alerts me.
Click to expand...
The file is called HOSTS and has no extension. Open it in Notepad. It should say this, unless you modified it or maybe an antispyware app modified it (Spybot S&D can do it, for example):

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
Click to expand...

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top