1 2 Previous Next 10 Replies Latest reply on Dec 1, 2013 3:42 PM by Peter M

    Removel Phishing

    mrat240

      Everytime I type in Ebay in my web browser a try to go to there site it sends me to another site that is wanting my personal information. How do I go about getting this off my computer?

       

      Message was edited by: mrat240 on 11/26/13 3:58:20 PM CST
        • 1. Re: Removel Phishing
          Peter M

          Check the last link in my signature below for some hints and tools.

           

          Try running Stinger, Malwarebytes Free and perhaps also AdwCleaner.

          • 2. Re: Removel Phishing
            mrat240

            I have tried using these also contacted a local computer tech. He found some host files that was not allowing any of my browsers to go to ebay. It would take me to a fasle site requiring information such as SS number credit card number mothers madian name. He removed all the files it appeared everything was good and this morning I get on the computer and again I type in ebay and it shows up again.

            http://offer.ebay.com/ws/eBayISAPI.dll?PlaceCreditCardOnFile&&transactionid=0&qu antity=1&refererpage=2&ssPageName=ACCT:PCOF:CC

             

            This is what is in the browser bar. Any idea how to get this off my system?

            • 3. Re: Removel Phishing
              Peter M

              No idea what that means except there's something wrong with your browser - it is an eBay page.  Have you tried another browser?  Try the 'Safe Mode with Networking" suggestion in the last link in my signature below for Malwarebytes Free.

              • 4. Re: Removel Phishing
                Hayton

                The autocomplete implies that browser history hasn't been cleared. Doing a standard cleanup (clear cache, delete browsing history, delete temp files) might help. CCleaner's good for this sort of thing.

                 

                As for the Hosts file, the poster should check what's in it (location is c:\windows\system32\drivers\etc\Hosts, at least it is on this system) and if it's been modified that could mean some sort of malware infection.

                • 5. Re: Removel Phishing
                  mrat240

                  Trust me when I say this I now nothing about computers, I rely on alot of help and virus programs to keep my machine clean.

                  The tech we use got rid of the problem, WE THOUGHT. I was able to go to ebay like any other computer, about 6 hrs later I look at the screen and it is red and says I have a trojens horse virus you need to restart your system. I did. Everything appeared fine. Then I tried to go to ebay and this pops up. 

                    http://offer.ebay.com/ws/eBayISAPI.dll?PlaceCreditCardOnFile&&transactionid=0&qu   antity=1&refererpage=2&ssPageName=ACCT:PCOF:CC

                   

                  I have cleared my cache, delete my browser,(Firefox & IE ) deleted all temp files, rum malewarebytes,ccleaner, mcafee, and the problem is still there.

                  • 6. Re: Removel Phishing
                    mrat240

                    well i read you post again, and I found it. could someone tell me how to get rid of it. I have deleted it 2 times and somehow i shows back up. this is the help i need.

                    This is what it looks like.

                     

                     

                     

                     

                    # Copyright (c) 1993-2006 Microsoft Corp.
                    #
                    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
                    #
                    # This file contains the mappings of IP addresses to host names. Each
                    # entry should be kept on an individual line. The IP address should
                    # be placed in the first column followed by the corresponding host name.
                    # The IP address and the host name should be separated by at least one
                    # space.
                    #
                    # Additionally, comments (such as these) may be inserted on individual
                    # lines or following the machine name denoted by a '#' symbol.
                    #
                    # For example:
                    #
                    #      102.54.94.97     rhino.acme.com          # source server
                    #       38.25.63.10     x.acme.com              # x client host

                     

                    # localhost name resolution is handle within DNS itself.
                    #    
                    #           

                     

                     

                     


                    127.0.0.1    my.ebay.com
                    127.0.0.1    cgi.ebay.com
                    127.0.0.1    offer.ebay.com
                    127.0.0.1    feedback.ebay.com
                    127.0.0.1    motors.search.ebay.com
                    127.0.0.1    search.ebay.com
                    127.0.0.1    pages.ebay.com
                    127.0.0.1    pages.motors.ebay.com
                    127.0.0.1    myworld.ebay.com
                    127.0.0.1    motors.listings.ebay.com
                    127.0.0.1    cgi1.ebay.com
                    127.0.0.1    contact.ebay.com
                    127.0.0.1    srx.ebaymotors.ebayrtm.com
                    127.0.0.1    motors.shop.ebay.com
                    127.0.0.1    forums.ebay.com
                    127.0.0.1    answercenter.ebay.com
                    127.0.0.1    shop.ebay.com
                    127.0.0.1    ocs.ebay.com
                    127.0.0.1    cschatlb-na.corp.ebay.com
                    127.0.0.1    cschat1-na.corp.ebay.com
                    127.0.0.1    cschat.ebay.com
                    127.0.0.1    helpdesk.corp.ebay.com
                    127.0.0.1    qu.corp.ebay.com
                    127.0.0.1    www.ebay.com

                    • 7. Re: Removel Phishing
                      Peter M

                      What operating system are you using mrat40?   Also did you ever install the eBay toolbar in any of your browsers?   If so I would uninstall it.   Post your operating system and then we'll tell you the best way to restore that hosts file to normal.

                      • 8. Re: Removel Phishing
                        Peter M

                        Actually here goes...this is good for anything BUT Windows 8/8.1

                         

                        Open McAfee SecurityCenter

                        Click Navigation

                        Click General Settings and Alerts

                        Click Access Protection to expand

                        Uncheck Access Protection and click Apply

                         

                        Minimize SecurityCenter to your taskbar so you can reverse this afterwards.

                         

                        Then go to Microsoft Fixit website and run the tool.

                         

                        Here:  http://support.microsoft.com/kb/972034

                         

                        Don't forget to re-enable Access Protection.

                         

                        For Windows 8/8.1 there a link in there to fix it yourself.   You'll still need to temporarily disable Access Protection though.

                         

                         

                        .

                         

                         

                         

                        Message was edited by: Ex_Brit on 30/11/13 10:43:35 EST AM
                        • 9. Re: Removel Phishing
                          mrat240

                          I am using operating system 7. I did everything you said. Shut the system down reboot and it is still on there.

                          1 2 Previous Next