Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan

[UserA789]

Now my Chrome is not functioning.  Is this part of the same issue...?

See picture below

[mbyx]

...and the MAC user?

Yes. The useragent sent by the browser to the server includes (among other things) the browser type/version and the operating system you're using. Using this information the web site can customize the output so it displays correctly on mobile devices for example, or to target users using OS's that support their software, etc.

[UserA789]

...and the MAC user?

Yes. The useragent sent by the browser to the server includes (among other things) the browser type/version and the operating system you're using. Using this information the web site can customize the output so it displays correctly on mobile devices for example, or to target users using OS's that support their software, etc.

So you would suggest that Avast has the same FP error in Mac and Windows due to different browser ID's and Operating Specific Data (OS Identifiers).  That kinda confuses me.  How about PMing me more to explain this so the thread can maintain its integrity to the OP.  Thanks.

Cool.  Did you see my post on Chrome not working above your reply?

===================================================================
So I thought, maybe I need to update Java.  I went to my Admin profile and opened the Java Control Center.  Had the latest version but it would not close.

[mbyx]

Cool.  Did you see my post on Chrome not working above your reply?

Mmm ... I don't use Chrome so can't offer any suggestions but I have a feeling that is an unrelated issue. Maybe a Chrome user can chime in.

[UserA789]

Cool.  Did you see my post on Chrome not working above your reply?

Mmm ... I don't use Chrome so can't offer any suggestions but I have a feeling that is an unrelated issue. Maybe a Chrome user can chime in.

Things not right in my FB login either.  I have my FB set up to REQUIRE a code, if not already approved. I went in deleted ALL DEVICES.. I opened ACTIVE SESSIONS and ended all activity.  Closed the browser then restarted the entire PC...

I was not prompted for a security code, as usually occurs when doing these steps.  I was logged into FB as though I had never logged out or as though I had saved a browser/device.  As you can see this was not so.

More things and more things are coming up inconsistent; and all occurring after this Gmail Bankfruad notification.

EDIT: I have just been made aware that somehow texts are being sent from my Facebook to my friends in my phones contact list (in other words; they aren't even on FB).  So from my phone to my PC; Im having some definite issues... funny how #Google is in the middle of it all.

[webdesk]

Posted this on another thread here too:
I have a multiple license for Internet Security package & the very first use right after updating to the latest version 2014.9.0.2006 trying to go to GMAIL, on each machine, where the update was taken a day apart, the message for Bankfraud-BYL started.

My concern is that the trojan went undetected in the earlier version, not that it is being trapped in the latest version.

What complicates it for me is that I was getting an unfamilar logon screen for GMAIL for a day or two on the 2nd machine BEFORE the update was done on it today and Avast did not trap it under the earlier version - will try to search if Google did in fact put out a new login page in a moment...

attached the GMAIL login screen in question:

[webdesk]

found news on Mashable that at least the new GMAIL login screen is valid! You can read about here: http://mashable.com/2013/10/20/gmail-login-redesign/

[TheChad]

Posted this on another thread here too:
I have a multiple license for Internet Security package & the very first use right after updating to the latest version 2014.9.0.2006 trying to go to GMAIL, on each machine, where the update was taken a day apart, the message for Bankfraud-BYL started.

My concern is that the trojan went undetected in the earlier version, not that it is being trapped in the latest version.

What complicates it for me is that I was getting an unfamilar logon screen for GMAIL for a day or two on the 2nd machine BEFORE the update was done on it today and Avast did not trap it under the earlier version - will try to search if Google did in fact put out a new login page in a moment...

attached the GMAIL login screen in question:


Just out of sheer coincidence, I don't think you need to worry about this.  I unpacked a brand new laptop last night and immediately installed avast.  The first thing I did online was go to gmail and it popped up with this error which made me think that it was a false alarm. That being said, I did not have any earlier versions loaded on that machine before the most recent one.

Best,
TheChad

[silverwinglie]

EDIT: It appears the relevant post has been deleted

[UserA789]

Okay... when I go to google.com and lcick on the GMail link there Im directed to the screen in shot 1.  From their I click on the top right "Sign In" and Im at the NEW Google log in screen.

The new login screen is verified.

However, when I type in mail.google.com I get the HTML: BankFruad warning screen and the old look.  It appears that someone has 'rooted' (I think that's the term) the old mail page for Google, or maybe that's why Google changed it to begin with.  Thanks to Avast, Im sure Im fine now.

Either way, I only get the so called FP on the old log in screen.

Now to clear up my phone issue.  My friend was sent a message to look like it was from me, but they misspelled my name.  That is now a moot issue and explained.  Sorry to interject details that were not accurate.  However; I did experience the lack of security on my FB page login (like that's any surprise at any point); I don't know if its related to whats occurring on the old GMail login screen or just the genius' at FB development.

As well, my Chrome is still doing the same thing indicated earlier.  I will uninstall; run a virus scan, then re-install Chrome from scratch.

Be back in a few minutes with the results...

[UserA789]

Okay... who wants to explain this now? 

I uninstalled Chrome.  Cleaned my reg and junk files. Restarted.  Did not do a scan... sorry, Ill get to that next.

After all that, I open Chrome.  It goes to the Chrome GMail start Screen as usual.  So I open a new tab and try the exact thing mentioned above... I typed in the address window "google.com' and hit enter.   I click on the top right GMail link as mentioned above; I get sent to the OLD log in screen with the Trojan message again.  THIS WAS IN CHROME FROM THE ADMIN PROFILE.

Plus Avast reports the site as UNKNOWN

So I log out of the profile.  I log into the normal user profile and once again Chrome reports 'Your preferences cannot be read..." dialog box.

However, IE goes to the OLD page once... I close and repeat the procedure and Im back to the NEW log in.

So, maybe this thread is back to its original title...

Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan

Hypothesis:  Illicit 'something' is occurring on Google right now.  TwinHeadedEagle reports no malware on my machine... I'll buy that for more than a dollar.  Everything else is back to normal; including FB.  I will be removing Chrome again; since it's apparently its choking on something right now.

I will be happy to try and reinstall Chrome for testing.. but you all now have all the clear details I have.

..any other thoughts would be appreciated.

[itsjustintyme]

I am having the same problem, it occurred after looking up banking information on Mint.com. I have gone through the whole removal protocal that TWIN mentioned and am now ready to attach info so that someone can check if the problem has been resolved. Thank you for your time.

Justin

[UserA789]

Found the intiating link for the stranger problems.  A friend with the following link to one of my posts on another social site:

http://sitecheck.sucuri.net/results/teenink.com/mobile/213135/ -this may be due to it requiring a subscription though.  Im unsure if the site does require subscription for viewing.

EDIT:  (mainly to remove creepiness) ...just to clarify; my friends daughter sent him the link attached to a video of Jimmy Kimmel interviewing people on the street, asking which act they supported more: The Obama Care Act or The Affordable Health Care Act.  Now Im not getting political here because those are the EXACT same thing... it was just funny to watch how many people knew so much about two different things that were not two different things.

This is the check on the site; which reports warnings but not blacklisted.  Since cleaning things a bit better; I'll check GMail issues (if still being sent to the older login screen that gives the warning) and the Chrome issues now.

[Saavik]

Hello,
I believe someone else has already said it, but I checked on Avast Facebook page and they have replied to some questions regarding this issue as being a false positive. After the last update, I'm able to login to gmail without any warnings.

From https://www.facebook.com/avast?filter=2 :

Thank you for reporting this. Trojan Horse" HTML:Bankfraud-BYL [Trj] was a false positive, and the detection is already disabled (should be OK in the next VPS). It was falsely detecting Gmail login page in specific circumstances.

As for the new/old gmail layout, it seems to come and go, sometimes I get the new one and sometimes the old and this was already happening for a couple days, but this didn't seem to make any difference when avast reported the Trojan.

Hope this helps.

[UserA789]

Im down it was a false positive.  Most likely from some Gmail servers having the new log in so when you'd end up on a server not yet updated; it would give the UNKNOWN info to Avast (as far as webrep) and set off an alarm because Avast knew the screen didn't match current Google server records (that were updated BEFORE the servers).

Regardless, Im having issues that I cant explain.  I can only get Chrome to run on one profile, the others give the error in the screenshot below.  As well, my Avast Miniport NDIS driver reports it cannot run (I have a thread on that one). Il take the Chrome issue to Chrome support.

Im not fanning this subject; If Avast is comfortable enough to say it was ONLY a FP and could not have been anything else, then this thread can be locked from further commenting but I still have a pile of inconsistencies that started AFTER the Avast False Positive warning of a Trojan.