Author Topic: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan  (Read 23046 times)

0 Members and 1 Guest are viewing this topic.

TheChad

  • Guest
Re: Attack On GMAIL or My PC?
« Reply #15 on: October 23, 2013, 02:03:09 AM »
Saavik may be on to something... in Chrome and Firefox I am directed to Gmail's new sign-in page and get no error, however, in IE, I am directed to the old sign-in page and get the error every time...

Weird

TheChad

amandajnmaui

  • Guest
Re: Attack On GMAIL or My PC?
« Reply #16 on: October 23, 2013, 04:47:26 AM »
What tools should I use with MAC OSX 10.6? The CCleaner I have, but all the other tools are for windows, which tools should I use? I'm using safari, and I also get the pop while in chrome. I downloaded the TOR browser last night could this have been the problem?
« Last Edit: October 23, 2013, 04:57:24 AM by amandajnmaui »

IrukaUmino26

  • Guest
Re: Attack On GMAIL or My PC?
« Reply #17 on: October 23, 2013, 06:01:14 AM »
Oops, sorry I posted the same issue in the other thread, which referred back to this thread.

I'm using Internet Explorer 10, btw. I tried Firefox and there seems to be no issues. But I'm paranoid to use Firefox now. If one browser isn't right, I don't trust any of them.

I was trying to research this topic, and actually stumbled upon an old thread about a similar "Bankfraud-BBE", which was a false positive which was corrected when Avast! provided an update? Is this "Bankfraud-BYL" just a similar thing? Or if not, I'm no computer expert. I really need someone's guidance if my PC is being attacked. I already logged into an e-mail account, my FB, and my bank account yesterday. Now I'm extremely paranoid and on the edge, I can't even attend to my studies. I didn't start getting this alert until literally few hours ago. I had no issues with Gmail this MORNING. Strange that it appears 5 hours later, when NO ONE was on my laptop.
« Last Edit: October 23, 2013, 06:20:10 AM by IrukaUmino26 »

UserA789

  • Guest
Re: Attack On GMAIL or My PC?
« Reply #18 on: October 23, 2013, 06:03:45 AM »
Could a moderator mege the two threads?  Im changing my topic heading to include the name of this Trojan... even if it is just a good trace mark for the developer.  Its a little late now for bug fixes  :'( t this new little variant.

IrukaUmino26

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #19 on: October 23, 2013, 07:37:54 AM »
Here are some similar incidents in the past:

1) http://www.androidheadlines.com/2013/03/avast-mobile-security-giving-false-positives-for-malware.html

2) http://downloadsquad.switched.com/2009/12/03/avast-has-a-freak-out-goes-on-a-false-positive-spree/


And here is someone who is experiencing the same thing, so I guess this is occurring for a lot more people than expected. So either we're all screwed, or hopefully there is just a glitch in the virus definitions, etc.

http://www.pcadvisor.co.uk/forums/1/tech-helproom/4259508/avast-is-doing-something-odd-when-opening-gmail/

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #20 on: October 23, 2013, 08:16:03 AM »
Your PC is clear, no malware present

Let's clear the tools:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

virusinfected

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #21 on: October 23, 2013, 11:48:46 AM »
Hello everybody. Here the same problem.

The first thing I've done is restoring the sistem to yesterday date. then I've found this threat at this forum.

I'm attaching here the files with the log reports


thx in advance.
« Last Edit: October 24, 2013, 09:31:06 AM by virusinfected »

TheChad

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #22 on: October 23, 2013, 12:37:41 PM »
Your PC is clear, no malware present

Let's clear the tools:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

Awesome news, thanks for your help twin!  When this warning comes up, should we then report it as a false positive?

Best,
TheChad
« Last Edit: October 23, 2013, 12:41:57 PM by TheChad »

sileeno123

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #23 on: October 23, 2013, 04:13:58 PM »
Can someone please tell me what is going on?  Everytime I try to sign in to my google account, my computer says it has put the HTML:Bankfraud-BYL [Trj] into the virus chest.  I am now seeing tons of people across the web complaining about the same thing happening to them.  They use avast too.  HELP Please

UserA789

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #24 on: October 23, 2013, 05:22:10 PM »
Your PC is clear, no malware present

Let's clear the tools:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

I will do this but I have a question (or two):

So is this a false positive?  My Avast just updated and Im getting the same message; is Avast aware of whats causing the false positive?

Can I feel safe to check my GMail? Why shouldn't we be worried about that this is a real warning and not a false positive?

Being that some hackers are aware of the tools we are asked to use here; could it be something that is 'trained' to get past them?

Im not trying to insert conflict against recommendation, but others seem to encountering this and if Avast still ID's it as malware when I goto GMail I should trust Avast.

Could this be some DNS, or other style, web page traffic 'monitoring' attack?
(Iv had some other DNS style happenings taking place and have been posting them in another thread that behaves differently from the usual DNS manipulation approach: http://forum.avast.com/index.php?topic=136551.0)

mbyx

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #25 on: October 23, 2013, 05:37:05 PM »
So is this a false positive?  My Avast just updated and Im getting the same message; is Avast aware of whats causing the false positive?

Looks like a false positive as others are experiencing the same problem:

http://forum.avast.com/index.php?topic=137700.0

Hope Avast is looking into it though so we can be 100% sure abut this.

UserA789

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #26 on: October 23, 2013, 05:41:32 PM »
So is this a false positive?  My Avast just updated and Im getting the same message; is Avast aware of whats causing the false positive?

Looks like a false positive as others are experiencing the same problem:

http://forum.avast.com/index.php?topic=137700.0

Hope Avast is looking into it though so we can be 100% sure abut this.
That thread is a secondary thread of this thread.  There is nothing yet to say this is a false positive either.

Maybe Im mistaken here but if it was a false positive; wouldn't it go off regardless of using Chrome, IE, or FF?  This seems to be mostly confined to IE users plus one FF user on a Mac (Don't know how Windows Avast would give the same FP as Mac Avast).
Your PC is clear, no malware present

Let's clear the tools:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

Ran this and log was created.

I have one other question; would it matter what profile I ran the suggested tools from (I ran them from my main administrator account, not my normal user account)?

My apologies for my spelling errors.  As an Admin Chief, I did have to spell correctly. This had me in a rush so my elderly mother can pay her bills... safely.  I promise, I am not King Abdul Ma Jarhahara form Nigeria (LOL)  :o
« Last Edit: October 23, 2013, 05:49:33 PM by UserA789 »

mbyx

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #27 on: October 23, 2013, 05:54:43 PM »
That thread is a secondary thread of this thread.  There is nothing yet to say this is a false positive either.

That thread deals with the same issue. Only Avast will be able to confirm conclusively if it's a false positive though, but the odds are high that it is. Hopefully they will look into it soon.

Maybe Im mistaken here but if it was a false positive; wouldn't it go off regardless of using Chrome, IE, or FF?

Not necessarily, Google does it all the time. They detect the user agent of your browser and serve slightly different responses.


sileeno123

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #28 on: October 23, 2013, 05:55:50 PM »
Apparently this is a false positive.  Just saw a post on FB from avast.

UserA789

  • Guest
Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan
« Reply #29 on: October 23, 2013, 06:00:59 PM »

Not necessarily, Google does it all the time. They detect the user agent of your browser and serve slightly different responses.
...and the MAC user?

Im getting confident it is a FP but Im used to things like that being fixed in the next update Avast releases.  I know this may something that is harder to find out than normal but Im going off what Im used to on things like FP and Avast.

However; there is a new surge in DNS style attacks and my original query to this all was more concerned this is something attacking GMail.

Hope Avast is looking into it though so we can be 100% sure abut this.
No need to hope... they are usually on it.  I hope that's all this paranoid thread turns into as well.

Additionally, if this is simply a FP; I will add that to the title of this thread to insure others aren't more concerned than need be.

It is possible to become infected by simple navigation to a website WITHOUT further end user interactions.  Does anyone remember "nCase" infecting PC's by simply going to realplayer website? 180 Solutions opened our eyes in the manner of what we thought was possible vs what is truly possible.
« Last Edit: October 23, 2013, 06:18:10 PM by UserA789 »