06-05-2018 05:35 PM
Twice 2night I logged out of this account and tried logging into my buying account and got a message from AVG that they aborted my log in because www.ebay.com was Infected with JS:REDIRECTOR-BKG {TRJ}?? Any other AVG users getting this message?
Solved! Go to Best Answer
06-11-2018 06:07 PM
Great to see so much attention and efforts by the comunity here. Too bad ebay takes a hands off approach.
I've noticed that this "virus" (sys root redirect?!?) effects more than just ebay sign in.
I have been working through this thing with the same "BKG" designated version of this files attempted redirect as the rest of you on my own over the last 3 days. I just got done with a 1.5hr remote pc service call to Avast Virus Removal Assurance, and the guy ended up saying that they are only trained to help remove mailware and regular virus's and this was too much for him. I've done all the scans, boot time and safe mode. Nothing can be found, which is how it likes it.
Look at the bottom left corner of your browser window (put up your left hand... that left) while it loads a (any) page, and you should see it "fighting it/working through it". Doing tons of handshakes and redirects with tons of fake versions of websites. The sites it handshakes with is random(?) depending on what site/link you click on. Do a google search from the default google homepage and you may find yourself on a fake yahoo search. From what I gather this has been going on, morphing, and becoming more sophisticated with each new launch of attacks over 10+ years now for this type of trojan, where people think it's a browser or regular mailware redirect infection at first. Then over time everyone discovers it ends up being a sys root trojan attack where it modifies system .dll files without changing their name or size so the only way to tell is with a bit viewer, and then deletes all traces of itself so it's undetectable.
Maybe, if it can't be removed without a manual restore of the effected windows files (and what all files are they), then couldn't a product like avast (be made to) detect this as an abnormal behavior and act on it accordingly? Ya know, update definitions and add some code to address this one. I mean, it's recurring sooooo....
I still have it, and it also seems to be stopping me from installing any of the 2 out of 3 avast products I purchased today that require a download/update (premium and vpn).
It seems to be effecting all in/out traffic to the internet. I mean it seems to even be in the connection avast has with it's own servers and services as it won't let me validate my new liscense codes for these avast products. You can tell the connection is being slowed down in the same way that it has been in browsers, even though you can't watch it fighting it (in the lower left hand corner of said browser of your choice).
I've been sitting and starring and working and learning and trying and fighting this thing for 3 days now, and I feel I "know it" pretty well, getting used to how it has changed the behavior and timings of all the internet related things... lol
(**bleep**!)
Or, I might be way off, but I'm still havin the same issues with no change since it first "happened".
Cheers
06-12-2018 10:12 PM