We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
dnschanger trojan?
Options
martyp
Posts: 1,069 Forumite
in Techie Stuff
Hi all,
Not sure how many of you may have encountered this but I've now seen it on both my gf's laptop and her parents home PC.
Basically, you go to a supposedly secure site like ebay or a banking site and it brings up a form asking for security information.
Obviously you should never give such info out over e-mail etc but in both cases you would type in the address of the site and it looks like it should do when it loads but then when you enter your user id and password you then get a dodgy web page.
In the instance I was looking at yesterday it was on the Lloyds TSB site, after logging in it then asked for security information including ATM pin code and the security code on the back of the debit card!
It showed the Lloyds web address in the address bar and everything else seemed as normal.
I ran HijackThis, Spybot and checked the Hosts file and although Spybot got rid of tons of stuff this remained.
Installed Firefox and went to the Lloyds website and it didn't bring up this dodgy screen.
Anyone know anything about this if it is a DNSchanger or something and how best to remove it? I tried various AV/Malware/Spyware Programs previously and it never seemed to go. I'm thinking I'd have to manually hack the TCPIP/DNS entries in the registry...
Not sure how many of you may have encountered this but I've now seen it on both my gf's laptop and her parents home PC.
Basically, you go to a supposedly secure site like ebay or a banking site and it brings up a form asking for security information.
Obviously you should never give such info out over e-mail etc but in both cases you would type in the address of the site and it looks like it should do when it loads but then when you enter your user id and password you then get a dodgy web page.
In the instance I was looking at yesterday it was on the Lloyds TSB site, after logging in it then asked for security information including ATM pin code and the security code on the back of the debit card!
It showed the Lloyds web address in the address bar and everything else seemed as normal.
I ran HijackThis, Spybot and checked the Hosts file and although Spybot got rid of tons of stuff this remained.
Installed Firefox and went to the Lloyds website and it didn't bring up this dodgy screen.
Anyone know anything about this if it is a DNSchanger or something and how best to remove it? I tried various AV/Malware/Spyware Programs previously and it never seemed to go. I'm thinking I'd have to manually hack the TCPIP/DNS entries in the registry...
0
Comments
-
If Malwarebytes doesn't shift it (full scan) then go get combofix from bleepingcomputer.com........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards