ScottR said:It looks like it was the "Torpig" virus. SpyBot caught it.
After much research and help from more knowledgable people, it appears that this virus runs in memory and hijacks IE to take any web form page that you submit and redirect it to a bogus site. The really scary part is that the URL in the address bar looks like a legitimate page (i.e. the Paypal server) and not a bogus/redirected page.
Thanks for all the ideas and encouragement everyone!
ScottR said:It looks like it was the "Torpig" virus. SpyBot caught it.
After much research and help from more knowledgable people, it appears that this virus runs in memory and hijacks IE to take any web form page that you submit and redirect it to a bogus site. The really scary part is that the URL in the address bar looks like a legitimate page (i.e. the Paypal server) and not a bogus/redirected page.
Thanks for all the ideas and encouragement everyone!
toomanybugs said:Yes, I had a bug like that also...
Best of luck Scott, I hope you don't need to re-install windows twice to kill your bug..
Bugs.
rackmsuckr said:Ha, is that why your name is toomanybugs? LOL. I like your new avatar!
One of the things that I checked before SpyBot found the virus was the Hosts file and it only contained the 127.0.0.1 entry. So, the virus was using some other method to redirect OR it may have written a Registry entry to point to some other file besides Hosts on the path you give above.cubswin said:Probably was getting redirected by the hosts file which on windows xp is located in c:\windows\system32\drivers\etc folder and can be opened with notepad. The hosts file can be used to redirect sites without having to mess with the url. Say I have www.yahoo.com and I point it at my own ip number in the host file. Yahoo suddenly becomes me for the machine with the host file entry.
I'd check to make sure it doesn't have much in it. Think spybot still adds entries in the host file back to 127.0.0.1 which is a loopback to your own network card.