New
#1
Hidden Nasty
I have had a thread running for a few days now regarding this issue but I thought it pertinent to post this:
This is a copy of a report I have just sent to PayPal:
I appreciate that the problem is with my computer and not your organisation but this Phishing Trojan is targeting your site so it is in your interest to understand what is going on and what steps I have taken to eradicate it. Here is a full report to date; I am sending it to Kaspersky and it is also being posted on ‘Seven Forums’.
I do not normally need to survey my PayPal account other than to routinely ensure all is correct, but last Sunday (05/05/13) I needed to qualify a transaction from the previous month and it was then that I became aware of the problem: I attempted to open the ‘Show all transactions’ sub-page from my account home-page and a warning from my anti-virus software KIS 13 (fully updated) told me the page was not safe.
I accessed my account using my Tablet and all was well; the spoof page software is definitely on my computer so I set about trying to find it and remove it from my system.
I went and re-installed the correct certificate – just in case.
Then I went to the bad PayPal page and checked the security certificate against Steve Gibson’s site and discovered it did not match the official PayPal certificate. This is your genuine thumbprint:
21:77:48:25C:4A:9C:54:CE:02:B0:70:92:8A:2E:72:CE:58:78:E7
and this is the one that appears when I access PayPal:
e3 ac 7c b1 69 30 59 63 a6 66 7c d4 b4 55 6e 41 6a 34 cd 5c
So, the next thing I did was run a deep scan using my KIS.13 web security facilities. It didn’t find anything.
Next thing was to un-install the recently updated Java and try your site again; that didn’t fix it.
Then I ran Windows Defender Offline.
Then I ran Malware Bytes.
Then I did a full default re-set on Internet Explorer (10).
I then tried Ad-aware.
Then ESET online cleaner.
Last night I ran Microsoft Malicious Software removal tool followed by Microsoft Safety Scanner.
The problem is still there. Any suggestions would be gratefully received. Keith.