Infected by Spyware/Keylogger

nirubhai · May 27, 2007

I'm in trouble....

I clicked on a link in my orkut scrapbook and it took me to a phishing site, asking to login again. I closed that window (browser FF).

Then I tried to report the sender but heck! I was not able to paste the phishing url in the 'report abuse' message. The moment I tried to paste that url, all the text after that url was getting reversed instantly. Also the cursor was moving from right to left only for that url. It took me almost half an hour and much struggle to type the url, the message and report him as bogus.

But I guess it has installed some code in my PC and even now if I try to paste that url in ANY window, it gets reversed! No matter where I paste it, the cursor moves from right to left ONLY for that url. This is strange. And I fear that whatever I type might be getting logged.

Now I'm not logging into any site due to the fear that my passwords might get steal. I have tried scanning with Norton, ZoneAlarm (both were already active). But it coubld not fix this behavior.

I am not giving those url here because that spyware can infect even by clicking the url.

Please help me guys.... How do I detect & remove this virus/spyware/keylogger? (whatever it is...)

hdsk.23 · May 27, 2007

yes these are clearly syptoms of the spyware....
to remove it i recommend u to boot in safe mode, and scan with a spyware remover.......

Choto Cheeta · May 27, 2007

try and install Spybot SnD from, *www.spybot.info, disable the System Restore and run a system scan

if possible get a proper AVS like Kaspersky

run a full system scan

anandk · May 27, 2007

ur hosts file has been hijacked.

its located in C:\WINDOWS\system32\drivers\etc

i suggest u download a GOOD hosts file from *www.mvps.org/winhelp2002/hosts.htm
unzip it and place it in the above location. replace ur existing file. dont worry !
read info in this link so that u r also satisfied. then LOCK ur hosts file.

falso run adaware, avg, a-squared (or any 2 good anti-spys).
then use 'ccleaner' to clear up residual pc junk.

for details, c my post here at *www.thinkdigit.com/forum/showthread.php?t=47624&highlight=browser+hijacked

ravi_9793 · May 27, 2007

if possible also do full online scan.

ashfame · May 27, 2007

What you are saying is the work of a HACKER?
This Pakistani hacker has created a link like that looks like regular orkut links (Read them clear, you will get that it is something like OKRUT not Orkut) but when opened it opens with a login screen of same as that of Orkut and when you enter the info there, it saves your username & password there which can be viewed by everyone on a different page.
I will post the links when i will find them!
Edit:
Cant find the links!!
It doesnt contain any spyware etc, I have tried login in in that page with a fake user name & password & when you choose to open the second link, it shows you a list of many users who hav tried that!

abhijangda · May 28, 2007

use spybot or ad-aware se. one more thing that's why I don't like orkut.

it_waaznt_me · May 29, 2007

Aaila Nirubhai ..?

Maybe that link is in Right to left order ..? Like many scripts are written .. Why dont you try pasting it in some Unicode aware application and then check it ..

Infected by Spyware/Keylogger

nirubhai

Broken In

hdsk.23

~ Harshdeep ~

Choto Cheeta

Rebooting

anandk

Distinguished Member

ravi_9793

TechTin.com

ashfame

Padawan

abhijangda

Padawan

it_waaznt_me

Coming back to life ..