![]() ![]() I've seen that JS file here on eBay signin recently (has no reason to and never bothered to look before), I use old insecure browsers (FF3.6.24 and FF31), I'm not getting pwned by that JS file upon eBay signin, nobody else has reported any issues other than the earlier AV alerts which have stopped popping up (Avast/AVG likely fixed their virus defs), and Virustotal shows the site and that specific file are no threat. I check manually once in a while (months), know my system, and it's clean. *I say very, very unlikely here, because if that were true, at least one of the other 100 AV suites would detect the problem, we would hear about it from people with compromised machines, and there would be reports here and all over the internet about malware here. What you are talking about is a possible real infection with something labeled as JS:Redirector-BKD by whatever AV you are using, that you could have picked up anywhere (except here*), via website driveby's, installing infected applications, email links, and on and on. There were no infections, there is no "virus" or trojan, and nobody got infected. The AV suites threw up (a probably incorrect warning), and that was the extent of it. What everyone here was seeing appears to be a false detect of an obfuscated eBay JavaScript file by Avast and AVG AV when eBay signin page is visited. Or, I might be way off, but I'm still havin the same issues with no change since it first "happened". I've been sitting and starring and working and learning and trying and fighting this thing for 3 days now, and I feel I "know it" pretty well, getting used to how it has changed the behavior and timings of all the internet related things. ![]() You can tell the connection is being slowed down in the same way that it has been in browsers, even though you can't watch it fighting it (in the lower left hand corner of said browser of your choice). I mean it seems to even be in the connection avast has with it's own servers and services as it won't let me validate my new liscense codes for these avast products. It seems to be effecting all in/out traffic to the internet. I still have it, and it also seems to be stopping me from installing any of the 2 out of 3 avast products I purchased today that require a download/update (premium and vpn). Maybe, if it can't be removed without a manual restore of the effected windows files (and what all files are they), then couldn't a product like avast (be made to) detect this as an abnormal behavior and act on it accordingly? Ya know, update definitions and add some code to address this one. ![]() ![]() dll files without changing their name or size so the only way to tell is with a bit viewer, and then deletes all traces of itself so it's undetectable. Then over time everyone discovers it ends up being a sys root trojan attack where it modifies system. From what I gather this has been going on, morphing, and becoming more sophisticated with each new launch of attacks over 10+ years now for this type of trojan, where people think it's a browser or regular mailware redirect infection at first. Do a google search from the default google homepage and you may find yourself on a fake yahoo search. The sites it handshakes with is random(?) depending on what site/link you click on. Doing tons of handshakes and redirects with tons of fake versions of websites. that left) while it loads a (any) page, and you should see it "fighting it/working through it". Look at the bottom left corner of your browser window (put up your left hand. Nothing can be found, which is how it likes it. I've done all the scans, boot time and safe mode. I just got done with a 1.5hr remote pc service call to Avast Virus Removal Assurance, and the guy ended up saying that they are only trained to help remove mailware and regular virus's and this was too much for him. I have been working through this thing with the same "BKG" designated version of this files attempted redirect as the rest of you on my own over the last 3 days. I've noticed that this "virus" (sys root redirect?!?) effects more than just ebay sign in. Great to see so much attention and efforts by the comunity here. ![]()
0 Comments
Leave a Reply. |