U...did ebay get hacked?

I’m trying to log on to my account and when I click Sign In, it takes me to a page that all the security people you’ve ever known warn you about. This page asks for ALL my personal information, including mother’s maiden name, credit card number, and ATM PIN. I’m like WTF???

Doper ebayers, can you log into your account with out that screen popping up?

And anyone know a phone number to ebay where I can talk to a live person?

I just logged in with my regular username and password and didn’t have any problems or see any screens such as you describe. It sounds like you may be infected with malware.

God damn it I was afraid of that…

Anything I can download to get rid of it? My computer has been acting funny lately…

Ouch. Sorry to hear of your misfortune.

You can find some excellent answers/advice/where-to-begin information in this GQ sticky.

That link is an excellent source. My suggestion would have been MalwareBytes and Avast! installed from a flash drive while running in safe mode. You might have to copy the installer programs to your desktop while running normally and then run them after you reboot.

Rhythmdvl, I just noticed that your link is going to the SDMB test server. Are you using an old bookmark to access the boards? If so, update your bookmark.

ETA: I fixed the link in your post to go to the live server, but you can see the link you posted in the quoted text above.

I’m running a-squared Anti-Malware the regular version and it’s now an antivirus package. This program is not a resource hog and it’s been working beautifully. I’d at least give the free stuff a try if you don’t want to pay for the regular package. They have an online scanner too, if you don’t want to install something. I’ve been trying many antivirus packages given away on one year promotional licenses and this is the one that’s been the cat’ meow.:wink:

This one was a one day give a way so your out of luck on the full version being free.

Microsoft Security Essentials is free Antivirus/Anti-malware. It seems to work pretty well, and is really good at putting things back the way they should be after disinfection.


In Windows, there’s a file under the** C:\Windows\System32\Drivers\etc** directory called “hosts”. This file contains a list of domain names (such as ebay.com) to IP addresses (such as the IP address to a site pretending to be ebay). Normally this file is empty because your nameserver is being used, but malware writers will add in their own entries into this file. If you type “ebay.com” and there’s an entry to “ebay.com” in there, you’ll be taken to the IP address there instead of the real Ebay site.

Try to see if you can open that file with Notepad. You won’t be able to edit that file to remove the bogus entries, but you can at least see if it is filled with bogus entries).

If you can’t get to that directory via Windows Explorer or open it up with Notepad, open up a Windows’ Console: Look under the Program Menu under the Start menu. Go to Accessories. When you bring up a Window, type in the following commands:

This will display the hosts file one screen full at a time. As I said, it should not contain any entries (Lines starting with “#” are comments). If it contains anything except possibly a reference to localhost or local, you’ve got troubles.

If you happen to have used products that use the hosts file as one avenue to protect you (Spybot Search and Destroy is one that can modify the hosts file for you), you may see a bunch of other entries that start besides one for localhost. That’s a way of effectively disabling resolution of undesirable internet addresses (it points the address back to your own computer rather than letting it take you somewhere nasty) so you don’t need to worry about lines if they happen to be there.

"What does the ‘U’ refer to in your thread title?

I assumed it was a mistype of ‘Um’.

Note that there are more sophisticated ways than the hosts file to accomplish this, so a clean hosts file is good, but not sufficient to keep you safe.

It was “Uh” :smiley:

Apparently I had the Sinowal Rootkit Virus, something that all of the anti-ad, anti-virus, and cleaner applications in the link didn’t get rid of. However, I tracked down ebay’s customer service number, which was a chore in and of itself, and told them I had an issue with my account. A day later, I get a call and a solution. There’s a program called MBR that fixes this virus, and now it’s gone!

For future reference, and to help everyone else, this thing exploits a security flaw in old versions of Adobe Acrobat and Flash, so update those programs immediately! It’s such a pain in the ass to get rid of but thanks to this problem, I now have 3 different anti-spyware and 3 anti-virus things running at once. I suppose it’s a good tradeoff. At least this story had a happy ending. It’s just unfortunate that my love of midget scat porn had gotten me into trouble yet again