Trojan - please read

[Lazyboy164]

Ok well i got a fake email from "Jagex" yesterday. It was about becoming a player MOD. I knew it was fake but i was curious to how dumb it was so i opened it and then clicked the link. All of a sudden my Norton pops up" Urgent Trojan Cant repair file - access denied"

 

 

 

 

 

 

 

I closed it immediately and did a Norton 2005 full system scan and it came out clean. So i opened the email again, got the pop ups again but read the actual form. Near the bottom it asks for your username and password.

 

 

 

 

 

 

 

the exact name of the trojan was JS.Trojan.Blinder

 

 

 

 

 

 

 

after doing a bit of research I came up with the conclusion all it does is masks (blinder = makes you blind?) the actual URL of the site your going to.

 

 

 

 

 

 

 

If this is still on my computer, which i don't think it is since Norton didnt find it, could it contain a keylogger or something of the like where I could lose my account?

 

 

 

 

 

 

 

NOTE-i didnt fill of the form oviously.

 

 

 

 

 

 

 

Any info is greatly appreciated.

 

 

 

 

 

 

 

[EDIT] if the form asks for your password, why would they put a keylogger in? Unless the hackers are actually smart and think you'll think that way.....lol im confusing myself.

[Lazyboy164]

bump, please anyone

[blade995]

first of all DON'T log into runescape till you are absolutly(sp) sure it's gone.

 

 

 

 

 

 

 

Scan with ad-aware http://www.lavasoft.com

 

 

 

 

 

 

 

scan with spybot search and destroy http://www.safer-networking.org/en/mirrors/index.html

 

 

 

 

 

 

 

scan with housecall antvirus (safer to use 2 than 1) http://housecall.trendmicro.com/

 

 

 

 

 

 

 

post a hijackthis log http://merijn.org/downloads.html

 

 

 

 

 

 

 

make sure your computer is all pached.

[runesmithie]

One thing I saw listed on the Symantec site was to disable system restore before you try to take it out ;)

[Karvinen]

The "blinder" trojan only attempts to fake the Internet Explorer address bar. Not really dangerous but on not uptodate IE, the address bar would show http://www.runescape.com.

 

 

 

 

 

 

 

http://securityresponse.symantec.com/av ... inder.html