Google Answers: Got phished. What happened?

View Question

Q: Got phished. What happened? ( No Answer, 3 Comments )

Question

Subject: Got phished. What happened?
Category: Computers > Internet
Asked by: dansmith-ga
List Price: $5.00

Posted: 05 Apr 2006 14:34 PDT
Expires: 05 May 2006 14:34 PDT
Question ID: 715867

I recently got one of those phishing messages, pretending to be from
paypal.  I inadvertantly clicked on a fake paypal link.  It took me to
a page that looked like it was from paypal, but the url to get there
was:
    http://nr27-66-42-150-173.fuse.net:84/icsics/primapagina.php

I didn't click on anything on the destination page or enter any
information.  Could accessing the page alone have done something bad
to my PC (eg., loaded a keylogger)?  What should I do to
check/correct/clean?  The actions I took immediately were to back up
to a prior version of my registry (by using system restore), then
deleted the system restore file (by turning off system restore, then
turning it back on), then ran anti-spyware and anti-virus software.

Answer

There is no answer at this time.

Comments

Subject: Re: Got phished. What happened?
From: marksullivan-ga on 05 Apr 2006 15:13 PDT

It is unlikely that this page loaded a trojan into your computer.  In
your situation, I would not worry very much about it.  Maybe next time
you will recognize the phishing email and not visit the bogus site at
all.

However it is not impossible that you have been infected.  I'm
guessing that someone who knows how to do a registry restore has all
the latest patches installed, but that doesn't mean there isn't an
otherwise unknown vulnerability in your system.  Other than the steps
you have taken, you could:
- Run an antivirus scanner, such as AVG www.grisoft.com
- Run a spyware scanner, such as Ad-Aware www.lavasoft.de
- Configure your firewall to notify you if any processes attempt to
open an outbound connection.
- Generally watch for network activity when you're not doing anything to cause it.

Subject: Re: Got phished. What happened?
From: legolas-ga on 05 Apr 2006 15:54 PDT

You overreacted. Nothing happened. Probably the lagest amount of
damage was caused by you using system restore and deleting all the
restore information.

Legolas-ga

Subject: Re: Got phished. What happened?
From: dansmith-ga on 07 Apr 2006 13:00 PDT

Thanks for the reassurances/suggestions.

Patches are up-to-date.  Anti-virus and anti-spyware scans (done
immediately afterwards) came out clean.  I have a firewall (zonealarm)
configured to generally prevent outbound communication.

My biggest concern was that I wasn't sure what the ":84" port
reference in the url did.  Could it somehow circumvent my firewall by
giving the destination web page permission to use port 84 for it's own
purposes?

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy