Trojan horse alert when accessing PayPal Website

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 2,470
    Windows 7 Home Premium
       #21

    pieren,

    My apology for the delay. Sunday...

    The RogueKiller report does not show malware, the Hosts file is OK, and there are no Domain Name System (DNS) hijacks showing where malware has an override on your computer's TCP/IP configuration to point at an undesirable DNS server.

    Had a quick glance at the FRST report, and do not see anything there, but, will take a closer look.

    Press on with using the program on Post #12, Temporary File Cleaner, and then do a Boot Time Scan with avast! to make sure malware can’t load itself into system memory:

    Start the avast! user interface
    In the left column, click: Scan Computer
    Under Scan Computer, click: Boot-time Scan
    In the next prompt, select: All harddisks
    Click the orange bars on the Heuristics sensitivity, and set to: High
    Check: Scan for Potentially Unwanted Programs
    Check: Compressed (packed) archived files
    Click: Schedule Now
    Restart the computer.

    If anything is found during the boot scan the prompts are self explanatory, follow their advice.
    When done, please post the Scan Log, or, post a screenshot of the results:
    Screenshots and Files - Upload and Post in Seven Forums



    Next, follow up with the free version of Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer
    Save to the Desktop.

    Double-click the downloaded file to run MBAM.

    When the installation begins, follow the series of setup wizard prompts pressing Next, and on the last prompt, press: Install
    When done with this phase, press: Finish

    MBAM automatically starts and takes you to the main console and to the Scanner tab.
    On the Scanner tab:
    Select: Perform Quick Scan

    Click: Scan

    When the scan is finished, a message box shows: The scan completed successfully. ..etc.

    If anything is found, click Show Results to display all objects found.
    Click OK to close the message box and continue with the removal process.
    Make sure that everything is checked, and click: Remove Selected

    When removal is completed, a report opens in Notepad.
    (The log is automatically saved and can also be viewed by clicking the Logs tab).

    If anything is found, please copy/paste the contents of the MBAM report and provide in your reply.


    Also, post back on whether you are still getting the Bankfraud-BBE [Trj] notice.
      My Computer


  2. Posts : 17,322
    Win 10 Pro x64
       #22

    Just an FYI when installing Malwarebytes,

    Make sure to uncheck the box to start the trial of the pro version at the last screen.
    Attached Thumbnails Attached Thumbnails Trojan horse alert when accessing PayPal Website-mbam.jpg  
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #23

    Thanks, derekimo!

    Not sure whether that entry was present the last time I installed MBAM.

    Thanks for bringing it up to our attention. :)
      My Computer


  4. Posts : 17,322
    Win 10 Pro x64
       #24

    You're welcome. :)
      My Computer


  5. Posts : 548
    Windows 7 Ultimate x64 SP1
       #25

    According to the topic regarding this at the Avast forums, it would appear this was a false positive from Avast. However, I'd still err on the side of caution to be on the safe side and run a few scans if you're unsure.
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #26

    I'd still err on the side of caution to be on the safe side and run a few scans
    Excellent point, King Arthur!

    It is an interesting thread, and also points to vulnerabilities in Internet Explorer.

    While running scans, it would be a good idea to include the following:

    Security Check:
    http://screen317.spywareinfoforum.org/
    Save to your Desktop.
    Double-click: SecurityCheck.exe
    Follow the onscreen instructions inside the black box.
    When done, a Notepad report opens automatically, called: checkup.txt

    Pay attention to the items identified in red.
    SecurityCheck may produce some false warnings, but it is a good idea to check its entries anyway.
      My Computer


  7. Posts : 9,600
    Win 7 Ultimate 64 bit
       #27

    King Arthur said:
    According to the topic regarding this at the Avast forums, it would appear this was a false positive from Avast. However, I'd still err on the side of caution to be on the safe side and run a few scans if you're unsure.
    False positive my Aunt Fanny! Someting is definitely going on and either no one really knows what is going on or they don't want to admit fault. I first detected and removed the trojan with SAS, then got it again before Avast finally detected it on a scan and started blocking it when going into PayPal. When I checked today, I was no longer getting the block popup. What's curious is PayPal notified me by email that I needed to update my password a couple, three days ago. Not trusting a link in an email, I went directly to the site and, when I tried to log in, I again was told I needed to update my password. Supposedly, PayPal was doing this with everyone and was requiring more secure passwords. I've already changed my passwords and usernames for my bank accounts, etc. and I'm going to my credit union tomorrow to block the card PayPal is using and both get a new one and open a debit account (no credit to draw against that way) strictly for internet purchases and add money only when making purchases.

    I've already run various scans several times and I'm running Avast again right now. I'll run MBAM Pro and SAS free after that.
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #28

    Good going Lady Fitzgerald!!
    I've never seen an account (that I frequent) to send an e-mail asking me to update my password!

    This is a 'phishing' e-mail to gather more information.
      My Computer


  9. Posts : 9,600
    Win 7 Ultimate 64 bit
       #29

    Jacee said:
    Good going Lady Fitzgerald!!
    I've never seen an account (that I frequent) to send an e-mail asking me to update my password!

    This is a 'phishing' e-mail to gather more information.
    I have, although it's rare (and I still don't trust links in emails). And the fact that I got the same message when I went to PayPal directly instead of via the link suggests that this one was legitimate.

    I've finished my scans and I'm still clean.
      My Computer


  10. Posts : 548
    Windows 7 Ultimate x64 SP1
       #30

    I haven't gotten any email to change passwords on PayPal and I'm unaware if I've been asked to change my password, but I'm playing it safe and trying to avoid going to PayPal's website until all of this subsides.
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:09.
Find Us