Author Topic: bankfraud-bbe  (Read 51259 times)

0 Members and 1 Guest are viewing this topic.

revtim

  • Guest
Re: bankfraud-bbe
« Reply #60 on: April 28, 2013, 02:56:42 PM »
Mapera:  you may be on to something.  Yesterday Avast detected a threat, "INI:Shortcut-inf [Trj] in my IE Favorites\From Internet Explorer\games\BF2\BF2SWikiweaponsunlocks-Bf2S.com etc.. which I think was a false positive since I haven't done anything related to BF2 in a couple of years.   

After finishing the scan AVAST suggested I do a boot scan so I agreed and is just so happened that Windows had an update waiting to install and did the install on the shutdown.  I am running Win 64XP Pro.  Anyway, the bootscan picked up this Bankfraud-BBE threat. 

I don't know if this ads to the conversation but the reason I did the complete scan in the first place was I got a couple of "Virus Blocked" signals that, according to AVAST originated in my E:\System Volume Information\restore file... which I couldn't access to investigate further.

I do hope there is a resolution to this soon but since upgrading AVAST from free to paid, I have not been impressed by their customer service. 

smiggy48

  • Guest
Re: bankfraud-bbe
« Reply #61 on: April 28, 2013, 03:02:15 PM »
I've been hit by this too - over 24 hours ago. Has the latest Windows 7 update anything to do with it?

revtim

  • Guest
Re: bankfraud-bbe
« Reply #62 on: April 28, 2013, 03:04:32 PM »
Just wondering: If this Bankfraud-BBE is indeed rapidly spreading virus, wouldn't it stand to reason that discussions of it would be showing up on the threads of multiple anti virus program discussions?  A quick check of Google turns up ONLY discussions regarding AVAST.  Accordingly, couldn't one assume that either AVAST is way ahead of the curve when it comes to virus detection and all the rest of the industry is asleep at the wheel OR.. it's a false positive created by AVAST?

I am no expert when it comes to this genre but I am a logical thinker... am I wrong?

insaneintenti0n

  • Guest
Re: bankfraud-bbe
« Reply #63 on: April 28, 2013, 03:13:56 PM »
I'll add another data point:

iMac OSX 10.8.3 - so this isn't just a windows thing. I haven't tried on my Win7 box, and probably won't.
AVAST Free 7.0
Also went to paypal.com and received the same bankfraud-bbe warnings.
Ran a scan and have 5 'infected' files all in my Firefox profile cache.

jdbarnes

  • Guest
Re: bankfraud-bbe
« Reply #64 on: April 28, 2013, 04:42:05 PM »
System did a scheduled full scan last night, and this morning it flagged the Bankcard-BBE trojan on all .html files I had ever saved from the PayPal payment receipt page. Some of these date back to 2007, so I must assume this is a false positive.
BTW: I can log into PayPal with no problem using Firefox.

caricell

  • Guest
Re: bankfraud-bbe
« Reply #65 on: April 28, 2013, 05:21:44 PM »
Got the same message today when logging into my paypal account..and when I tried to print receipts it printed blank pages. It's not an IE9 issue, as I am running IE 8.

Any word from AvAST?

gdownie

  • Guest
Re: bankfraud-bbe
« Reply #66 on: April 28, 2013, 06:48:18 PM »
I just started seeing this trouble yesterday.  Only on accessing PayPal  site & only with IE (9 in my case...no add ons).  Other browsers, (Chrome, Firefox, Opera...),  don't cause Avast to register a warning and all subsequent scans run clean. 

I've gone thru the motions of reporting to both Avast & PayPal as a suspect issue & (hopefully) a false positive.  Interesting & rather disturbing problem that I would hope gets prompt attention.  PayPal is in a lot of ways 'the' center of the universe for cyberspace transactions.  Loss of security there will toss things up a bit.

NetPotion

  • Guest
Re: bankfraud-bbe
« Reply #67 on: April 28, 2013, 07:29:02 PM »
Where there was one warning, there are now two. This just keeps getting better - and better.

Avast just updated and I visited PayPal. This is what I saw *after* I received the bank fraud warning again.


Parabelle

  • Guest
Re: bankfraud-bbe
« Reply #68 on: April 28, 2013, 07:49:31 PM »
WTF AVAST Let us know what the heck  is going on!!!!!  >:(  Is it your software or is it PAYPAL?????????

toshiba01

  • Guest
Re: bankfraud-bbe
« Reply #69 on: April 28, 2013, 07:58:03 PM »
Hello.
Same problem all day. Avast updated at the moment, same shit >:(. Try to contact paypal and avast NOTHING. :o
VTF is going on.

Regards.
Sebastijan.

gdownie

  • Guest
Re: bankfraud-bbe
« Reply #70 on: April 28, 2013, 08:09:07 PM »
Just tried accessing PayPal site using IE9...all seems normal (no alerts).  Fixed, maybe?

Johnny4745

  • Guest
Re: bankfraud-bbe
« Reply #71 on: April 28, 2013, 08:14:21 PM »
I have been watching this thread, and I noticed that The File System Shield is the one catching this Trojan, not the Webshield.  The File System Shield monitors programs and files stored on your computer.

According to the Popups posted, Internet Explorer seems to have been infected before going to Paypal.

The reason people see this with IE and not Firefox, is because Firefox is not infected.

Internet Explorer obviously has a weakness that is being exploited by this Trojan, and it doesn't affect Firefox.

So I would say the problem is not with Avast, it's doing its job, and the problem is not with Paypal.  The problem is with Internet Explorer.

caricell

  • Guest
Re: bankfraud-bbe
« Reply #72 on: April 28, 2013, 08:16:55 PM »
What you are saying makes total sense. Does sound like an IE vulnerability that's been exploited. Man...how do we fix THAT. ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: bankfraud-bbe
« Reply #73 on: April 28, 2013, 08:18:41 PM »
from the pictures posted in reply #41 and #42 it seems all are located in temp folders.....

dont know if this have any effect but you may try clean your temp folders...

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: bankfraud-bbe
« Reply #74 on: April 28, 2013, 08:32:05 PM »
Not sure whether this is a real Kryptick variant or just another FP?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!