Accrington Web - View Single Post

jambutty · 07-06-2006, 12:58

All people have to remember is never log into an account somewhere like E-Bay, E-Gold etc EXCEPT by using the bookmarked URL that you have used before.

The latest E-Gold fake site is an exact replica except for one tiny detail. On the genuine E-Gold page there are several one pixel sized graphics the same colour as the background and thus invisible. They are not in place on the fake site.

However there is a greater threat with E-Gold. Something out there hijacks your bookmarked E-Gold URL and also dumps gdiwxp.dll in WINDOWS/SYSTEM32/ and probably gdiw2k.sys as well. The last time that it happened to me gdiwxp.dll would not allow itself to be deleted. I had to do a system restore to a point before this latest threat came up to get rid of it. I then used WordPad to create a file in WINDOWS/SYSTEM32/ named gdiwxp.dll and set the attributes to ‘Read Only’. I did the same with gdiw2k.sys. I assumed that whatever was dumping gdiwxp.dll and/or gdiw2k.sys would not be able to overwrite my versions and so far it hasn’t been able to. My Bookmarked URL still gets hijacked but it has no effect.

How do I know that my E-Gold bookmarked URL has been hijacked. I use AdAware (free for personal use from http://www.lavasoftusa.com/) and it tells me and removes it.

I don’t even use a bookmarked URL for E-Gold now and just type it in instead.

When you use your now hijacked bookmarked URL you do get taken to the genuine E-Gold page and after you log in you get taken straight to your balance page and not to the page that shows your Sentinel Settings. If, when you log in successfully to E-Gold, you get taken straight to your Sentinel settings page you came assume that your E-Gold bookmarked URL has been hijacked. Go straight to your Sentinel Settings page. You will find that they have been re-set to disabled. Re-set them back to where you had them and your E-Gold account will remain secure.

This playing around with your Sentinel Settings is of little use to the miscreant unless you have a keylogger or clipboard reader on your computer. But how do you know when a brand new one does the rounds? You find out when you E-Gold account is emptied and E-Gold will not try and get you your cash back.

07-06-2006, 12:58	#14
jambutty Apprentice Geriatric Join Date: Jan 2004 Location: Darwen, Lancashire Posts: 3,706 Liked: 0 times Rep Power: 89	Re: WARNING Very convincing ebay email All people have to remember is never log into an account somewhere like E-Bay, E-Gold etc EXCEPT by using the bookmarked URL that you have used before. The latest E-Gold fake site is an exact replica except for one tiny detail. On the genuine E-Gold page there are several one pixel sized graphics the same colour as the background and thus invisible. They are not in place on the fake site. However there is a greater threat with E-Gold. Something out there hijacks your bookmarked E-Gold URL and also dumps gdiwxp.dll in WINDOWS/SYSTEM32/ and probably gdiw2k.sys as well. The last time that it happened to me gdiwxp.dll would not allow itself to be deleted. I had to do a system restore to a point before this latest threat came up to get rid of it. I then used WordPad to create a file in WINDOWS/SYSTEM32/ named gdiwxp.dll and set the attributes to ‘Read Only’. I did the same with gdiw2k.sys. I assumed that whatever was dumping gdiwxp.dll and/or gdiw2k.sys would not be able to overwrite my versions and so far it hasn’t been able to. My Bookmarked URL still gets hijacked but it has no effect. How do I know that my E-Gold bookmarked URL has been hijacked. I use AdAware (free for personal use from http://www.lavasoftusa.com/) and it tells me and removes it. I don’t even use a bookmarked URL for E-Gold now and just type it in instead. When you use your now hijacked bookmarked URL you do get taken to the genuine E-Gold page and after you log in you get taken straight to your balance page and not to the page that shows your Sentinel Settings. If, when you log in successfully to E-Gold, you get taken straight to your Sentinel settings page you came assume that your E-Gold bookmarked URL has been hijacked. Go straight to your Sentinel Settings page. You will find that they have been re-set to disabled. Re-set them back to where you had them and your E-Gold account will remain secure. This playing around with your Sentinel Settings is of little use to the miscreant unless you have a keylogger or clipboard reader on your computer. But how do you know when a brand new one does the rounds? You find out when you E-Gold account is emptied and E-Gold will not try and get you your cash back. __________________ Thanks for reading. If you have a few minutes to spare please visit my web site at http://popye.bravehost.com