hijacking

1. The first thing, it all starts with a clean computer system. A computer system with viruses or keyloggers may be the cause unauthorized people to be inside of your PayPal account. Use security programs on your computer.
2. Make sure the site you are in is the verified PayPal site, and not a Phishing site. You can check this out by checking the domain name in the browsers url bar. You should see PayPal’s actual site address, and not something else.
3. Don’t keep large amounts of money in your PayPal account, because people can easily send your money to other accounts in a blink of an eye if they gain access to it. Instead of keeping it on PayPal, keep it inside your bank account.
4. Check your Paypal history on a daily basis. This way, you can stop money from being transfered if you see it happening when and where it shouldn’t be.
5. This may be common sense, but use a strong password! Use a mixture of lowercase, uppercase, symbols, and numbers. Make it harder for a hacker to guess to begin with! Reading this post by Chris may help.
6. When you’re buying something with PayPal, be sure to check that the site you are on is secure. Do this by checking the url bar. The site should contain “HTTPS”. This will help you determine if the site is fraudulent or not. You can also do research on Google about certain sellers that you may not be sure of.
7. Shop with well-known companies who have established a good reputation.

Earlier this year, I posted about my experience with 0ww and the HiPoint Ltd hijackers.

This post has generated a few e-mails with requests for help to remove the threat. So here goes a mock-up of one of the answers:

 Steve H. sent me an email asking how to remove the HiPoint tools from his computer. This is my reply: 

### 

From your message, I believe that only one computer is exploited, and that your request is not regarding a business network. Please correct me if I am wrong, as that would require a different approach.

What the HiPoint tools is doing to your computer, I can only guess (as I have no intention of actually trying it currently).
To remove it, you may want to try tools like Spybot Search and Destroy from Kolla in Germany: www.kolla.de - this is free tool, which I use much myself. Make sure you download from Kolla himself - as there are a few rouge versions out there.
There are alternatives that may or may not work better - among those Lavasoft Ad-Aware is well known. http://www.lavasoftusa.com/
It is not free, however.

If it is not possible to remove it (either the tools do not find it, or finds it again and again), then I suggest you low-level format your hard drive, and reinstall your OS. Make sure you do have backups of your data before the formatting, though, or the data is gone.

The re-installation process takes a few hours, and you need to patch your OS after the installation.

The true challenge is in the future - to avoid these kind of attacks. They get smarter by every day, and very few, if anyone, can expect to keep their computer clean all the time. So I hope you do not feel that you have done somethings stupid by clicking the button - remember I almost did the same, and I deal with these things as my job... :)

###

Steve also had some issues with the file MGRS.exe. 

This thread gives valuable input: http://forums.techguy.org/malware-removal-hijackthis-logs/591494-solved-mgrs-exe-startup.html

###

And of course - why not just use the Microsoft own malware scanner? After all, they made the OS, so they should be in control of what is what? Right?  One of the bonuses of using the Microsoft OneCare tools, is that they are free, and you know you can trust the publisher. 

 ###

To end this post, five tips on how to avoid the malware:

1. Keep an updated and trusted AntiVirus tool running at all times. Make sure it focuses on doing its job, and not telling you what it is about all the time. It is a generally good idea to combine it with a software firewall and antispam. 

2. Keep you OS updated at all times. If you run windows, make sure Windows Update is on, and configured for automatic download and update. If you run Linux, make sure you set it up to download and install updates automatically (how? depends on the distros - usually pretty simple by adding an update source and setting it to check automatically)

3. Use common sense when surfing, downloading and running software. Not sure? Then don't do it!  

4. Learn how to deal with it - how to spot a hoax, how to recognize a bad website, and how to see the bad guys. Remember that if an offer sounds too good to be true, it is! Even on the Internet! 

5. Have fun! After all, what is the use of computers and Internet if you cannot have some fun with it? And when you are protected, and know how to deal with the threats, you can surf in confidence!