We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
dnschanger trojan?
martyp
Posts: 1,089 Forumite
in Techie Stuff
Hi all,
Not sure how many of you may have encountered this but I've now seen it on both my gf's laptop and her parents home PC.
Basically, you go to a supposedly secure site like ebay or a banking site and it brings up a form asking for security information.
Obviously you should never give such info out over e-mail etc but in both cases you would type in the address of the site and it looks like it should do when it loads but then when you enter your user id and password you then get a dodgy web page.
In the instance I was looking at yesterday it was on the Lloyds TSB site, after logging in it then asked for security information including ATM pin code and the security code on the back of the debit card!
It showed the Lloyds web address in the address bar and everything else seemed as normal.
I ran HijackThis, Spybot and checked the Hosts file and although Spybot got rid of tons of stuff this remained.
Installed Firefox and went to the Lloyds website and it didn't bring up this dodgy screen.
Anyone know anything about this if it is a DNSchanger or something and how best to remove it? I tried various AV/Malware/Spyware Programs previously and it never seemed to go. I'm thinking I'd have to manually hack the TCPIP/DNS entries in the registry...
Not sure how many of you may have encountered this but I've now seen it on both my gf's laptop and her parents home PC.
Basically, you go to a supposedly secure site like ebay or a banking site and it brings up a form asking for security information.
Obviously you should never give such info out over e-mail etc but in both cases you would type in the address of the site and it looks like it should do when it loads but then when you enter your user id and password you then get a dodgy web page.
In the instance I was looking at yesterday it was on the Lloyds TSB site, after logging in it then asked for security information including ATM pin code and the security code on the back of the debit card!
It showed the Lloyds web address in the address bar and everything else seemed as normal.
I ran HijackThis, Spybot and checked the Hosts file and although Spybot got rid of tons of stuff this remained.
Installed Firefox and went to the Lloyds website and it didn't bring up this dodgy screen.
Anyone know anything about this if it is a DNSchanger or something and how best to remove it? I tried various AV/Malware/Spyware Programs previously and it never seemed to go. I'm thinking I'd have to manually hack the TCPIP/DNS entries in the registry...
0
Comments
-
If Malwarebytes doesn't shift it (full scan) then go get combofix from bleepingcomputer.com........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards