Actually can someone check GMAIL. This is a consistent warning when I navigate to https://mail.google.com/ and Iv either been personally infected, walking past Avast to insert the file, but Avast stops its initiation or GMail is being attacked.
It is unique to the Internet Explorer 10 browser and does not occur on Chrome.
No alert for me on chrome.
Twin has arrived. Please listen to him.
Message deletred by OP
Gi UserA789
Trojan-Spy.HTML.BankFraud.dq is usually installed on the victims system after clicking on fake banking e-mail links, freeware, file-sharing p2p and pornographic related sites. After infecting the system Trojan-Spy.HTML.BankFraud.dq creates random malvare files in windows system32 registry. BankFraud.dq trojan will collect credit card, passwords and other confidential information and infect your computer with additional viruses.This is a detection for HTML format e-mail messages that contain phishing-related content. Manual removal is not recommended for this threat. You have to do the removal under guidance of a qualified malware removal specialist, we have several here on the forum. Do as alan1998 has advised and wait for the qualified malware removal expert on duty,
polonus
Hi,
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
Then…
Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:
Gmer download link
Note: file will be random named
Double-clicking to run GMER.
[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );
Attach here Gmer logreports.
Then…
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Okay… I will research and follow TwinEagles information. so far he is suggesting WELL KNOWN documented softwares (by users who have made no effort to conceal their real identities) to get this done so Im comfortable enough with this.
Otherwise; unless they completely faked an email header from someone Im already in contact with; I have not opened any banking sites (don’t have a bank to use) nor have I clicked on any links in those emails. I already understood this is not something that just happens and usually requires the user to iniaite via clicking on an illicit link (unknowingly). As well, this began occurring right after posting on the DNS stuff and I had already been in my GMail before that today with no problems.
I got over downloading/viewing porn whenI first upgraded to fiber… I downloaqed al of it in two nights and erased my HDD seven times just to make room for new clips, when I ahdnt even watched the ones I was deleting. This was over five years ago. ;D
We should all know my feelings on filesharing at this point… its not that Im against the sharing but logic says since so many are freely trading it; ilicit users would be using it to spread their virus. And don’t most packages tell you to disable your AV to use the CodeGenerator or Key Cracker?
I will begin immediate clearing of this Trojan type exploit/malware but can it install without user interaction (IE: click links, etc.)?
On Farbar… I got the warning that the file is rarely downladed by other users (which makes sense) but shouldn’t someone have reported this files safety to MSFT, being its legitimacy?
All the tools used here are perfectly legitimate, so you can be sure when using them…
Hi UserA789,
Nothing to do with you opening or using banking sites etc, the malcode came via the postman, it came by mail.
Did this pass your ISP’s virus and spam mail detection.?
Did you have the avast mail detection active at the time you received this?
Did it go passed this as well?
Were you socially engineered into opening it?.
I still use the old webwasher free version with all the nice spam detection lists hammered in there myself .
I won’t shout on the Interwebs, because that is not polite.
So please think of the next sentence in italics as written in big capitals. I trust nobody!
polonus
Hi UserA789,
You are not the only one with this malware, so change your adaptations accordingly, see: http://forum.avast.com/index.php?topic=137700.0
polonus
Here are the log files. I will ask that this thread later be deleted or my log files removed from view. There is a lot one can do simply with the directory structure or computer name. However, I will participate on this one.
That thread is referred back to this one. I believe this thread is the superseding documentation(s).
Thanks for seeing that though. I noticed as well.
Other than Im just patiently waiting.
Oh yea, I used the tools without my internet connection active but it looks like something was uncovered. Let me know my next steps when you are ready.
Havent opened any unknown webmails, that Im aware of. Im pretty good at investigating the FULL header information as well. The other user on the machine had a scare with ID fraud two years ago (Iv posted about it) and she has stepped up her efforts as high as mine. There is another machine on the network (laptop) coming up with the infection just today as well. Do I need to run the same logs or can we assume that we can deal with it along with the main device here?
The other user does not do ANY social web interfacing. She thinks its all a waste of breathe and is right.
EDIT: If this is a new variant; I would like to submit ‘The HyJax Variant’ for its name.
I am also interested in the answer to this thread. I am in the process of setting up a brand new PC and I am getting this same error message when trying to navigate to Gmail through IE. If needed, I can also post my log files as I have going through twins recommended steps as well.
Best,
TheChad
Hello. This is also started happening to me every time I load the gmail login page since this evening, whenever I’m using Firefox (version 24.0). It doesn’t happen with Safari. I have a Mac OS 10.7.5.
Today was also the first time for me of the new gmail login interface, and I didn’t click on any suspect e-mails recently, so it seems that it may be a problem with this new gmail interface on some browsers. ???
Saavik may be on to something… in Chrome and Firefox I am directed to Gmail’s new sign-in page and get no error, however, in IE, I am directed to the old sign-in page and get the error every time…
Weird
TheChad
What tools should I use with MAC OSX 10.6? The CCleaner I have, but all the other tools are for windows, which tools should I use? I’m using safari, and I also get the pop while in chrome. I downloaded the TOR browser last night could this have been the problem?
Oops, sorry I posted the same issue in the other thread, which referred back to this thread.
I’m using Internet Explorer 10, btw. I tried Firefox and there seems to be no issues. But I’m paranoid to use Firefox now. If one browser isn’t right, I don’t trust any of them.
I was trying to research this topic, and actually stumbled upon an old thread about a similar “Bankfraud-BBE”, which was a false positive which was corrected when Avast! provided an update? Is this “Bankfraud-BYL” just a similar thing? Or if not, I’m no computer expert. I really need someone’s guidance if my PC is being attacked. I already logged into an e-mail account, my FB, and my bank account yesterday. Now I’m extremely paranoid and on the edge, I can’t even attend to my studies. I didn’t start getting this alert until literally few hours ago. I had no issues with Gmail this MORNING. Strange that it appears 5 hours later, when NO ONE was on my laptop.
Could a moderator mege the two threads? Im changing my topic heading to include the name of this Trojan… even if it is just a good trace mark for the developer. Its a little late now for bug fixes 
t this new little variant.
Here are some similar incidents in the past:
And here is someone who is experiencing the same thing, so I guess this is occurring for a lot more people than expected. So either we’re all screwed, or hopefully there is just a glitch in the virus definitions, etc.