eBay

monkeyboy1-5 · ‎11-17-2018

When I sign into eBay, I receive the following message:

We’ve safely aborted connection on www.ebay.com because it was infected with

JS:Redirector-BMU [Trj].

Clearing cookies does not solve the issue.

leftovers4me · ‎11-17-2018

@roadking5555 wrote:
I am using the same windows 7 version as you on my home computer with the free version of Avast and using firefox Quantum 63.0.3 (64-bit).

I can get on eBay after the the Avast threat message same as you. The same thing happened to me last year and for some reason it went away.

Based on previous discussions on these boards and running other virus software I believe it to be a false positive. It does not happen on my work computer running firefox Quantum 63.0.3 with windows 7, BUT....I do not have AVG/Avast on that computer and I do not get the message.

It bothers me that we have to play a guessing game and wonder: "Is it a false positive? or Is ebay infected?"

I'm sure all of you don't like it either. I've posted in the Avast support forum this issue and mentioned this thread here...I hope together we can get something done about it...after all isn't that the point of these forums.

I hate having to wait till it 'just goes away'. It's an excuse to allow it to repeat again and not take accountability.

Thanks for all your information and support!

berserkerplanet · ‎11-18-2018

>>Fortunately I have AVG, the paid subscription of an anti-virus program.

That isn't fortunate - AVG has been owned by Avast since 2016, the products have merged, and both have the same problem with false positives due to over agressive heuristic detections.

https://support.avg.com/answers?id=9060N000000TsFrQAK

>>Seems to me eBay should be tracking this down and handle it on their end

Why? It's a user caused problem that results from using a defective Antivirus suite that cries "wolf" over non-existent threats. Why should eBay be doing anything about that? (it would be nice if they had a tech staff that interacted with users and could say yea or nay, but they don't operate that way. Probably partly due to lawyers. Mostly due to cost cutting and a bad PR model)

The odds that one antivirus (Avast/AVG) out of hundreds of detection suites is the only one to discover an insidious threat are about zero.

If there were a real threat, users using other mainstream Antivirus/malware suites would be chiming in in droves. All I see is Avast/AVG complaints.

berserkerplanet · ‎11-18-2018

>>...does that mean it is something only peculiar to Avast and AVG as those 2 are not listed
>>as scanning this but no negative results from the 70 or so other scan engines?

Pretty much.

That's what I was getting at in post #5. Between those results ("we see no threats"), and past history of Avast (and by association AVG) with false positives, I'd say it's very, very likely this is a false positive scenario.

Of course it is impossible to state with absolute certainty that it is a false positive situation based on the above info, but nevertheless it is very likely (it would require seeing the actually code triggering the detection and deciding if it contains anything malicious which would require someone like an Avast coder, an eBay coder, or other security professional since eBay JS is 1000's of lines of spaghetti code with no contextual or function references or comments as seen from the user side.)

https://www.ebay.com/rdr/js/s/rrbundle.flat.min.js is the same RoboRadar login script that caused this same commotion with Avast a while back. The simplest way to deal with it is to just block it using Adblock Plus rule as I do (I block it because it isn't needed to log into eBay and I have a thick tin foil hat.) Adblock Plus rule: ebay.com/rdr/js/s/*$domain=ebay.com

Problem solved without eBay or Avast doing anything.

https://community.ebay.com/t5/Selling/Are-AVG-Users-getting-notice-of-REDIRECTOR-BKG-Trojan-Virus-Fr...
https://community.ebay.com/t5/Technical-Issues/EBAY-SIGNIN-SCREEN-CAUSING-NORTON-ANTIVIRUS-TO-BLOCK-...
https://community.ebay.com/t5/Technical-Issues/Can-t-sign-in-on-PC-to-list-print-labels-edit-etc/m-p...
https://community.ebay.com/t5/Selling/Can-anyone-help-Cant-stay-signed-in/m-p/28880171/highlight/tru...

sugarnspice777 · ‎11-18-2018

@member5150 wrote:
Same here. I cleared cookies, ran virus scan, and antimalware. None of it worked. It's either a real problem with the site or my securtity program (avast) is throwing false positives. It would be great if someone from ebay could tell which it is.

I have Avast to, it is doing the same. I wonder if it is Avast?

sugarnspice777 · ‎11-18-2018

Okay, after reading posts, i feel it is AVAST/AVG and it is nothing. Just ignore.

proudpandaproducts · ‎11-18-2018

I am using Chrome and get the same thing with Avast. I have gotten a scant few false positives from them in the past and I think this may be another one.

"Paradigm Shift" ...Rejoice always, pray without ceasing, in everything give thanks...1 Thessalonians chapter 5

proudpandaproducts · ‎11-18-2018

I am getting the same message from Avast using Chrome

"Paradigm Shift" ...Rejoice always, pray without ceasing, in everything give thanks...1 Thessalonians chapter 5

partsrush · ‎11-18-2018

Same issue here.

leftovers4me · ‎11-18-2018

Hello Everyone:

I have an update from Ebay. I talked to a supervisor and he said that they are getting calls from members regarding this JS Redirect trojan. It seems all or most of the complaints are from people using either Avast or AVG.

They've escalated the issue to the technical department. He said it sounds like it might be a false positive as on their end they get no warnings of a threat. BTW, he said they use Norton. Also, he said there might be a public announcement regarding this issue on the ebay.com site for everyone to allay concerns.

The other ebay customer rep said they might contact AVG/Avast regarding this.

Being quite pro-active my entire life I've found that campaigns of people all acting together can be effective. I'd suggest you all give them a call: 866-540-3229.

viralaeon · ‎11-18-2018

Same issue here, using chrome....luckly I dont have any shipping to do so I will log back into my sellers dashboard when we get the all clear.

the-enlightened-sole · ‎11-18-2018

What I investigated thus far is that it is a false positive from AVG & Avast virus protection. Its happened before on the site and will probably go away on its own. The message is when you sign out that your connection is aborted from ebay due to infected file on Ebay JS:Redirector-BMU (Trj). I don't know what (Trj) is but maybe that set the virus protection alert. Okay, trj file definition from google: Files with the trj file extension contain the trajectory of a simulation. In this file all the coordinates, velocities, forces and energies are printed as you told GROMACS in your mdp file.What language is that?? Apparently, it is a legitimate animation file - Ebay adware. Disclaimer: Second guessing here.

the-enlightened-sole · ‎11-18-2018

What I investigated thus far is that it is a false positive from AVG & Avast virus protection. Its happened before on the site and will probably go away on its own. The message is when you sign out that your connection is aborted from ebay due to infected file on Ebay JS:Redirector-BMU (Trj). I don't know what (Trj) is but maybe that set the virus protection alert. Okay, trj file definition from google: Files with the trj file extension contain the trajectory of a simulation. In this file all the coordinates, velocities, forces and energies are printed as you told GROMACS in your mdp file.What language is that?? Apparently, it is a legitimate animation file - Ebay adware. Disclaimer: Second guessing here.

leftovers4me · ‎11-19-2018

@viralaeon wrote:
Same issue here, using chrome....luckly I dont have any shipping to do so I will log back into my sellers dashboard when we get the all clear.

Don't hold your breath for the 'all clear'. Never leave it up to anyone else. Like I said call the tollfree ebay number and express your concern, complaint, whatever.

If you leave it to others this will just go the way of all the other times when it just becomes a forgotten thread on here until it happens again. Lets at least have one instance where ebay and/or avast/avg say it is a false positive and take accountability.

Why is that important?

Because it sets a precedent that you can refer back to instead of us all going through the same waiting/guessing/worry game next time it happens. Next time we can hopefully refer to this incident and say: "Is this the same thing happening again because of the same reason (which was officially identified)?"

joesoucie22012 · ‎11-20-2018

Who owns Advast? As this is happening every year around black Friday could someone be doing this to drive away eBay buyers? And mess with seller's? Is this happening on other big commerce sites? I suspect so.

khodge44 · ‎11-21-2018

I get a redirect from ebay to this web site http://www.reimageplus.com , and there are thousands of people getting this as well the ebay site has been hacked