Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan horse alert when accessing PayPal Website

28 Apr 2013   #21
cottonball

Windows 7 Home Premium
 
 

pieren,

My apology for the delay. Sunday...

The RogueKiller report does not show malware, the Hosts file is OK, and there are no Domain Name System (DNS) hijacks showing where malware has an override on your computer's TCP/IP configuration to point at an undesirable DNS server.

Had a quick glance at the FRST report, and do not see anything there, but, will take a closer look.

Press on with using the program on Post #12, Temporary File Cleaner, and then do a Boot Time Scan with avast! to make sure malware can’t load itself into system memory:

Start the avast! user interface
In the left column, click: Scan Computer
Under Scan Computer, click: Boot-time Scan
In the next prompt, select: All harddisks
Click the orange bars on the Heuristics sensitivity, and set to: High
Check: Scan for Potentially Unwanted Programs
Check: Compressed (packed) archived files
Click: Schedule Now
Restart the computer.

If anything is found during the boot scan the prompts are self explanatory, follow their advice.
When done, please post the Scan Log, or, post a screenshot of the results:
Screenshots and Files - Upload and Post in Seven Forums



Next, follow up with the free version of Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer
Save to the Desktop.

Double-click the downloaded file to run MBAM.

When the installation begins, follow the series of setup wizard prompts pressing Next, and on the last prompt, press: Install
When done with this phase, press: Finish

MBAM automatically starts and takes you to the main console and to the Scanner tab.
On the Scanner tab:
Select: Perform Quick Scan

Click: Scan

When the scan is finished, a message box shows: The scan completed successfully. ..etc.

If anything is found, click Show Results to display all objects found.
Click OK to close the message box and continue with the removal process.
Make sure that everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
(The log is automatically saved and can also be viewed by clicking the Logs tab).

If anything is found, please copy/paste the contents of the MBAM report and provide in your reply.


Also, post back on whether you are still getting the Bankfraud-BBE [Trj] notice.


My System SpecsSystem Spec
.
28 Apr 2013   #22
derekimo

Microsoft Community Contributor Award Recipient

 
 

Just an FYI when installing Malwarebytes,

Make sure to uncheck the box to start the trial of the pro version at the last screen.


Attached Images
Trojan horse alert when accessing PayPal Website-mbam.jpg 
My System SpecsSystem Spec
28 Apr 2013   #23
cottonball

Windows 7 Home Premium
 
 

Thanks, derekimo!

Not sure whether that entry was present the last time I installed MBAM.

Thanks for bringing it up to our attention.
My System SpecsSystem Spec
.

28 Apr 2013   #24
derekimo

Microsoft Community Contributor Award Recipient

 
 

You're welcome.
My System SpecsSystem Spec
28 Apr 2013   #25
King Arthur

Windows 7 Ultimate x64 SP1
 
 

According to the topic regarding this at the Avast forums, it would appear this was a false positive from Avast. However, I'd still err on the side of caution to be on the safe side and run a few scans if you're unsure.
My System SpecsSystem Spec
28 Apr 2013   #26
cottonball

Windows 7 Home Premium
 
 

Quote:
I'd still err on the side of caution to be on the safe side and run a few scans
Excellent point, King Arthur!

It is an interesting thread, and also points to vulnerabilities in Internet Explorer.

While running scans, it would be a good idea to include the following:

Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.
When done, a Notepad report opens automatically, called: checkup.txt

Pay attention to the items identified in red.
SecurityCheck may produce some false warnings, but it is a good idea to check its entries anyway.
My System SpecsSystem Spec
28 Apr 2013   #27
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by King Arthur View Post
According to the topic regarding this at the Avast forums, it would appear this was a false positive from Avast. However, I'd still err on the side of caution to be on the safe side and run a few scans if you're unsure.
False positive my Aunt Fanny! Someting is definitely going on and either no one really knows what is going on or they don't want to admit fault. I first detected and removed the trojan with SAS, then got it again before Avast finally detected it on a scan and started blocking it when going into PayPal. When I checked today, I was no longer getting the block popup. What's curious is PayPal notified me by email that I needed to update my password a couple, three days ago. Not trusting a link in an email, I went directly to the site and, when I tried to log in, I again was told I needed to update my password. Supposedly, PayPal was doing this with everyone and was requiring more secure passwords. I've already changed my passwords and usernames for my bank accounts, etc. and I'm going to my credit union tomorrow to block the card PayPal is using and both get a new one and open a debit account (no credit to draw against that way) strictly for internet purchases and add money only when making purchases.

I've already run various scans several times and I'm running Avast again right now. I'll run MBAM Pro and SAS free after that.
My System SpecsSystem Spec
28 Apr 2013   #28
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Good going Lady Fitzgerald!!
I've never seen an account (that I frequent) to send an e-mail asking me to update my password!

This is a 'phishing' e-mail to gather more information.
My System SpecsSystem Spec
28 Apr 2013   #29
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Good going Lady Fitzgerald!!
I've never seen an account (that I frequent) to send an e-mail asking me to update my password!

This is a 'phishing' e-mail to gather more information.
I have, although it's rare (and I still don't trust links in emails). And the fact that I got the same message when I went to PayPal directly instead of via the link suggests that this one was legitimate.

I've finished my scans and I'm still clean.
My System SpecsSystem Spec
29 Apr 2013   #30
King Arthur

Windows 7 Ultimate x64 SP1
 
 

I haven't gotten any email to change passwords on PayPal and I'm unaware if I've been asked to change my password, but I'm playing it safe and trying to avoid going to PayPal's website until all of this subsides.
My System SpecsSystem Spec
Reply

 Trojan horse alert when accessing PayPal Website




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trojan Horse and backdoor.poison
How can i remove this trojan Horse?. I am unable to remove it through avast and malwarebytes. Is there any idea to remove without harming the file system. Please help
System Security
Trojan Horse?
Lately my HP 6620 is slow. Ran defrag, chkdsk, McAfee, Malwarebytes, Max Secure Spyware, System Mechanic (will not do a full analyze anymore). Ran Spybot Search & Destroy and it stops for quite awhile on Win32.bicololo. Googled this and it says it's a trojan. I can't find it anywhere in the...
System Security
Trojan Horse
Hello All Norton pick this up and can't Delete it.:mad: a0ee3d65141.Class ( Trojan Horse ) Need "Help" On how to get rid of this!:hot: Thanks for your help:geek:
System Security
Trojan horse in svchost.exe... What?
Hey. I was checking virusses, but then I was something really strange. AVG antivirusscanner 8.5 gave a Trojan horse in 'svchost.exe'... But that's a Windows file, right?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App