False Positive? HTML:Bankfraud-BYL [Trj]

[nbizness]

Hello.  I am a subscribed (i.e. paying) user of avast! Pro Antivirus.  Several times in a row now, I have received an alert when loading the Gmail logon page in MS I.E. 9.0.21 - https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en

My avast! informs me that each time I loaded that page, it attempted to create a file called ServiceLogon[1].htm which was being detected as a "Trojan Horse" HTML:Bankfraud-BYL [Trj].  The file was apparently moved safely to my "chest" each time (which, if it actually was malware, is good to know). 

I was not sure if it was a legit detection, though, or whether maybe one of the many changes Google seems to constantly be making to the design of their system was registering as malware when it wasn't.  NOT being sure, though, I didn't know if I should click on the link offered in avast!'s pop-up message to "Report the file as a false positive" - for all I know, it might in fact be malware. 

Do any more experienced users/staff have any idea what's going on here?  Should I go ahead and report it through that link?

Thanks for your help - it looks like (once again) avast! has protected me from the bad guys... 

[Pondus]

also reported by another user.    http://forum.avast.com/index.php?topic=137691.0

[Saavik]

Hello. This is also started happening to me every time I load the gmail login page since this evening, whenever I'm using Firefox (version 24.0). It doesn't happen with Safari.

Today was also the first time for me of the new gmail login interface, and I didn't click on any suspect e-mails recently, so it seems that it may be a problem with this new interface. 

[UserA789]

also reported by another user.    http://forum.avast.com/index.php?topic=137691.0

[ronnalah]

I started getting the HTMl:Bankfraud-BYL [Trj] threat alert today as well.  Only with IE 10.0.92.  With the Gmail logon page.  It doesn't happen with Gmail logon page and Firefox, only with Internet Explorer. 

If I change my default homeplage from Gmail to yahoo.com, I do not receive the threat alert.

Yesterday, I updated to Avast 2014 (free anti virus).  And, today the alerts started.

Any thoughts?

[nbizness]

I just started noticing the issue with this alert today.  Even after the reported item was moved to my "chest" I was still able to log into my gmail account.  I'm just slightly worried that I may now need to change my password to keep someone other than the NSA from snooping through the messages (and phishing for info they might be able to use to compromise my ID). 

[IrukaUmino26]

I need help as well!!

I was actually using Gmail perfectly fine this morning. I'm running Internet Explorer 10.

When I got home and tried to log onto Gmail, the alert keeps popping up! I cleared my history, cookies. I upgraded to the newer Avast engine, hoping it would go away, but to no prevail. I updated all virus definitions.  Nothing is working! Even if I put it in my chest, the alert still pops up.

I'm actually quite scared to log into Gmail, or anything now. I don't want to touch my Facebook, my online banking, etc.  I was so desperate to find a solution, I actually logged on to my Yahoo! e-mail to create an account here!!

If anyone can let me know if this is a false positive or an actual threat, I'd greatly appreciate it!! Also, if anyone can tell me if it's safe to log into my accounts or if I need to take measure to clean up my laptop, I'd really appreciate the help! Thank you!

[briand]

Hello,
I also have this  HTML:Bankfraud-BYL  since this morning, on the login page of Gmail with Internet explorer 9. It is detected by Avast8
Hope you answer soon.
MJ

[mbyx]

Just reporting that I got the exact same thing this morning (using Avast 9, IE 10, Windows 7 64bit). Nearly had a heart attack! Quite relieved to know others are seeing the same thing. It's almost certainly a false positive but it would be nice to get official confirmation ... my spidey senses are tingling!

To clarify ... Avast identifies the virus right at the Google login screen literally before you even login. It also seems to happen on the OLD google login screen only (with the username/password boxes off to the right). The new login screen (with the username/password boxes in the middle) doesn't cause the same problem.

[KaMo]

I was having this issue and tried running scans, updating Java, updating Microsoft updates, etc - the last thing I did, which was to UPDATE MY free AVAST program to the latest version (Avast 2014.9.0.2006 ).............I had been getting virus definitions updating automatically, but my program had not auto updated.....now I do not get the Bankfraud pop up when logging into my Gmail.....maybe a glitch in the older Avast program? Happy camper now!

[KaMo]

 Scratch that comment - the Bankfraud blocked pop-up has returned! eeeek......so updating to the latest avast program didn't do the trick.....Unhappy camper!

[UserA789]

No offense to the OP "nbizness' but this post is a duplicate.  The original post on this matter can be found here:

http://forum.avast.com/index.php?topic=137691.0

I have asked a moderator to lock this thread and point others to where an Avast Malware Fighter is already working on this very subject.

Again, no offense.  There is just no method to PM any mod on this thread and Avast has a top dawg on it.

http://forum.avast.com/index.php?topic=137691.0

[webdesk]

I have a multiple license for Internet Security package & the very first use right after updating to the latest version 2014.9.0.2006 trying to go to GMAIL, on each machine, where the update was taken a day apart, the message for Bankfraud-BYL started.

My concern is that the trojan went undetected in the earlier version, not that it is being trapped in the latest version.

What complicates it for me is that I was getting an unfamilar logon screen for GMAIL for a day or two on the 2nd machine BEFORE the update was done on it today and Avast did not trap it - will try to search if Google did in fact put out a new login page in a moment...

attached the GMAIL login screen in question:

[webdesk]

found news on Mashable that at least the new GMAIL login screen is valid! You can read about here: http://mashable.com/2013/10/20/gmail-login-redesign/

[nbizness]

  Re: False Positive? HTML:Bankfraud-BYL [Trj]
« Reply #11 on: Today at 06:57:58 PM »Quote No offense to the OP "nbizness' but this post is a duplicate

No offense taken - I hadn't spotted the other post before starting this one.  Haste and worry are a bad combo...