Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Another Ebat/Pay pal redirect

  • This topic is locked This topic is locked
2 replies to this topic

#1 kshan


  • Members
  • 30 posts
  • Local time:01:02 AM

Posted 19 February 2010 - 08:34 PM

I think this infection happened on ebay. When you try to log in it asks for account renewal wanting SS#, credit card info, DOB address, phone #, mothers maiden name. everything to steal your identity. Right now only IE8 is infected or affected. Firefox is ok for now. I contacted Ebay they said don't worry about your password, just use Firefox and take your computer to a store. The redirected login screen does not care what user name or password you use, it just goes to the personal info screen no matter what you enter.

here is the address bar for the sign in page:


here is the address bar for personal info page:


This is also posted on ebay in their forums, however bleepingcomputer has more knowledge about these redirects.

I have run all the programs I could find, Malwarebytes, Dr. Web, Norton, Onecare, microsoft malicious software removal, mbr, gmer. They all say everything is ok. The only odd thing is with recovery console, fixmbr says my "mbr is nonstandard and my hard drive may become unreadable if I continue". So I did not continue.

I hope some one can find a method of removal.

Thanks for your help.


BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,771 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:02 AM

Posted 21 February 2010 - 08:08 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys so they cannot be permanently deleted. Other types of malware can even terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Pandy



  • Members
  • 9,559 posts
  • Gender:Female
  • Local time:02:02 AM

Posted 27 February 2010 - 05:58 PM

Thia topic is will now be closed as there is a logfile posted in the Virus, Trojan, Spyware, and Malware Removal Logs here http://www.bleepingcomputer.com/forums/t/299002/now-what-do-i-do-ebay-redirect-malware/.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?


Follow us on Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users