eBay Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are AVG Users getting notice of REDIRECTOR -BKG Trojan Virus From this site?

Go to Best Answer
ekmadonna
Rockstar

‎06-05-2018 05:35 PM

Twice 2night I logged out of this account and tried logging into my buying account and got a message from AVG that they aborted my log in because www.ebay.com was Infected with JS:REDIRECTOR-BKG {TRJ}?? Any other AVG users getting this message?

Message 1 of 47
latest reply
46 REPLIES 46

Are AVG Users getting notice of REDIRECTOR -BKG Trojan Virus From this site?

Go to Best Answer
gitechbuffalo
Explorer
In response to berserkerplanet

‎06-11-2018 06:07 PM

Great to see so much attention and efforts by the comunity here. Too bad ebay takes a hands off approach.

 

I've noticed that this "virus" (sys root redirect?!?) effects more than just ebay sign in.

 

I have been working through this thing with the same "BKG" designated version of this files attempted redirect as the rest of you on my own over the last 3 days. I just got done with a 1.5hr remote  pc service call to Avast Virus Removal Assurance, and the guy ended up saying that they are only trained to help remove mailware and regular virus's and this was too much for him. I've done all the scans, boot time and safe mode. Nothing can be found, which is how it likes it.

 

Look at the bottom left corner of your browser window (put up your left hand... that left) while it loads a (any) page, and you should see it "fighting it/working through it". Doing tons of handshakes and redirects with tons of fake versions of websites. The sites it handshakes with is random(?) depending on what site/link you click on. Do a google search from the default google homepage and you may find yourself on a fake yahoo search. From what I gather this has been going on, morphing, and becoming more sophisticated with each new launch of attacks over 10+ years now for this type of trojan, where people think it's a browser or regular mailware redirect infection at first. Then over time everyone discovers it ends up being a sys root trojan attack where it modifies system .dll files without changing their name or size so the only way to tell is with a bit viewer, and then deletes all traces of itself so it's undetectable.

 

Maybe, if it can't be removed without a manual restore of the effected windows files (and what all files are they), then couldn't a product like avast (be made to) detect this as an abnormal behavior and act on it accordingly? Ya know, update definitions and add some code to address this one. I mean, it's recurring sooooo....

 

I still have it, and it also seems to be stopping me from installing any of the 2 out of 3 avast products I purchased today that require a download/update (premium and vpn).

 

It seems to be effecting all in/out traffic to the internet. I mean it seems to even be in the connection avast has with it's own servers and services as it won't let me validate my new liscense codes for these avast products. You can tell the connection is being slowed down in the same way that it has been in browsers, even though you can't watch it fighting it (in the lower left hand corner of said browser of your choice).

 

I've been sitting and starring and working and learning and trying and fighting this thing for 3 days now, and I feel I "know it" pretty well, getting used to how it has changed the behavior and timings of all the internet related things... lol

 

(**bleep**!)

 

Or, I might be way off, but I'm still havin the same issues with no change since it first "happened".

 

Cheers

Message 46 of 47
latest reply
0 Helpful

Are AVG Users getting notice of REDIRECTOR -BKG Trojan Virus From this site?

Go to Best Answer
berserkerplanet
Rockstar
In response to gitechbuffalo

‎06-12-2018 10:12 PM

I think you are misinterpreting this.

What everyone here was seeing appears to be a false detect of an obfuscated eBay JavaScript file by Avast and AVG AV when eBay signin page is visited. The AV suites threw up (a probably incorrect warning), and that was the extent of it. There were no infections, there is no "virus" or trojan, and nobody got infected.

What you are talking about is a possible real infection with something labeled as JS:Redirector-BKD [Trj] by whatever AV you are using, that you could have picked up anywhere (except here*), via website driveby's, installing infected applications, email links, and on and on.

*I say very, very unlikely here, because if that were true, at least one of the other 100 AV suites would detect the problem, we would hear about it from people with compromised machines, and there would be reports here and all over the internet about malware here.

I run NO AV. I check manually once in a while (months), know my system, and it's clean. I've seen that JS file here on eBay signin recently (has no reason to and never bothered to look before), I use old insecure browsers (FF3.6.24 and FF31), I'm not getting pwned by that JS file upon eBay signin, nobody else has reported any issues other than the earlier AV alerts which have stopped popping up (Avast/AVG likely fixed their virus defs), and Virustotal shows the site and that specific file are no threat.

So it's apples and oranges. The false detect gets lumped under the same generic trojan tag by Avast and AVG as an actual infection by the actual malware does.


Unfortunate that you were trojaned, and I wish you luck getting rid of it. A full restore may be the way to go, and you need to try to figure out how you got compromised to prevent it from happening again.
Message 47 of 47
latest reply
About this board

Welcome to the Selling board! You can chat with other sellers about anything to do with running a business on eBay

For news and more see:

 


Selling related questions?

Featured Posts

View all
Top