I got this reported by AVG a first on Nov. 18... it said it had safely aborted the connection, and scans by both AVG and Malwarebytes found nothing, so I thought I was safe. I also use AdBlock and never see ads on eBay.
But at the time it happened, I had clicked to "Contact Seller" from an item page, and after the AVG warning, eBay took me to the sign-in page even though I was already signed in, which it's never done before. There seemed to be a small Adobe Flash window that popped up in the corner of the screen quickly, then vanished. I disabled Flash on eBay, and that stopped happening, but it still takes me to the login page if I try Contact Seller (on the second page, after they attempt to provide canned answers first).
Then, yesterday, after paying for an item I'd won the night before, the item page was removed from the site, and my purchase history now has a mysterious note that says "We had to remove this listing from the site and you're not required to complete the transaction. If you've already sent payment, the sale should process as normal and you don't have anything to worry about. If you have any questions about delivery, please check tracking or contact your seller. If you run into any trouble along the way eBay is here to help. Please visit the Resolution Center to help resolve any problems you may encounter.".
I've never had that happen before, in many years of eBay across hundreds of items. I assume the page contained malware of some kind.
And about the same time, I got a phishing email pretending to be a "Your item has shipped" email, about a different item that I received days ago. But that phishing email included my actual shipping address, which makes me wonder if it was from the seller who had the item removed, who got my address from my payment. Which then of course makes me wonder if my PayPal login and payments were hacked also!
Did AVG really prevent the infection? Is there something lingering still? Is PayPal (or other logins) at risk also? For others out there, does clicking through from an item page to 'Contact Seller' (past the suggested answers, to actually try contacting), request you to sign-in even if you're already signed in? That is, is the sign-in normal activity? It didn't used to be, but maybe eBay changed it for added security. Please, try it and report what happens for you.
I've seen suggestions that this could be everything from a rootkit to a false positive. It really does not seem to be a 'false positive'. Does anyone have anything definitive? eBay doesn't seem to be of much help. I'm afraid to login, not just eBay, but anywhere, if it's 'watching'. I fear restarting my PC, if that will complete installation of anything that's lurking.
Please, eBay, come clean about what's going on. It's too easy to just say it's AVG's fault... why does it keep happening? Can you work with them, and ask them to nail down what is triggering it? Maybe it's a false positive, maybe not -- but they should be able to look at exactly what the trigger is, and make the call.