Okay… who wants to explain this now?

I uninstalled Chrome. Cleaned my reg and junk files. Restarted. Did not do a scan… sorry, Ill get to that next.

After all that, I open Chrome. It goes to the Chrome GMail start Screen as usual. So I open a new tab and try the exact thing mentioned above… I typed in the address window "google.com’ and hit enter. I click on the top right GMail link as mentioned above; I get sent to the OLD log in screen with the Trojan message again. THIS WAS IN CHROME FROM THE ADMIN PROFILE.

Plus Avast reports the site as UNKNOWN ???

So I log out of the profile. I log into the normal user profile and once again Chrome reports 'Your preferences cannot be read…" dialog box.

However, IE goes to the OLD page once… I close and repeat the procedure and Im back to the NEW log in.

So, maybe this thread is back to its original title…

Re: Attack On GMAIL or My PC? HTML:Bankfraud-BYL Trojan

Hypothesis: Illicit ‘something’ is occurring on Google right now. TwinHeadedEagle reports no malware on my machine… I’ll buy that for more than a dollar. Everything else is back to normal; including FB. I will be removing Chrome again; since it’s apparently its choking on something right now.

I will be happy to try and reinstall Chrome for testing… but you all now have all the clear details I have.

…any other thoughts would be appreciated.

I am having the same problem, it occurred after looking up banking information on Mint.com. I have gone through the whole removal protocal that TWIN mentioned and am now ready to attach info so that someone can check if the problem has been resolved. Thank you for your time.

Justin

Found the intiating link for the stranger problems. A friend with the following link to one of my posts on another social site:

http://sitecheck.sucuri.net/results/teenink.com/mobile/213135/ -this may be due to it requiring a subscription though. Im unsure if the site does require subscription for viewing.

EDIT: (mainly to remove creepiness) …just to clarify; my friends daughter sent him the link attached to a video of Jimmy Kimmel interviewing people on the street, asking which act they supported more: The Obama Care Act or The Affordable Health Care Act. Now Im not getting political here because those are the EXACT same thing… it was just funny to watch how many people knew so much about two different things that were not two different things.

This is the check on the site; which reports warnings but not blacklisted. Since cleaning things a bit better; I’ll check GMail issues (if still being sent to the older login screen that gives the warning) and the Chrome issues now.

Hello,
I believe someone else has already said it, but I checked on Avast Facebook page and they have replied to some questions regarding this issue as being a false positive. After the last update, I’m able to login to gmail without any warnings. :slight_smile:

From https://www.facebook.com/avast?filter=2 :

Thank you for reporting this. Trojan Horse" HTML:Bankfraud-BYL [Trj] was a false positive, and the detection is already disabled (should be OK in the next VPS). It was falsely detecting Gmail login page in specific circumstances.

As for the new/old gmail layout, it seems to come and go, sometimes I get the new one and sometimes the old and this was already happening for a couple days, but this didn’t seem to make any difference when avast reported the Trojan.

Hope this helps.

Im down it was a false positive. Most likely from some Gmail servers having the new log in so when you’d end up on a server not yet updated; it would give the UNKNOWN info to Avast (as far as webrep) and set off an alarm because Avast knew the screen didn’t match current Google server records (that were updated BEFORE the servers).

Regardless, Im having issues that I cant explain. I can only get Chrome to run on one profile, the others give the error in the screenshot below. As well, my Avast Miniport NDIS driver reports it cannot run (I have a thread on that one). Il take the Chrome issue to Chrome support.

Im not fanning this subject; If Avast is comfortable enough to say it was ONLY a FP and could not have been anything else, then this thread can be locked from further commenting but I still have a pile of inconsistencies that started AFTER the Avast False Positive warning of a Trojan.

Okay…

Im not trying to beat this dead horse, I am putting this for disclaimer:

The solutions to what is happening in my Chrome, via Chrome support, do not match what is going on inside my Chrome (IE. files, directories, shares, etc.) This al began when this alert started going off. Iv tried both stanaldone installers for Chrome and I can get them to work on every profile on my PC but one. Of course Im not getting the error now as Avast as made it so it wont.

That’s all.

Can anyone (with a longer history on this site then just a few posts. No offense.) confirm that this is actually a false positive. I’ve followed the Facebook links and can’t find the Topic nor a reply from an avast rep saying It’s a False Positive.

Hello !

I’m sorry to post my own issue as my very first message on Avast forum, but this is bugging me since three days.

I’ve read TwinHeadedEagle’s post on page 2 stating I have to :

  1. download AdwCleaner and install
  2. launch a scan, reboot then open the log file
  3. post here that log file
  4. download GMER and install
  5. launch a scan, and post log file (same as above)
  6. … same with Farbar Recovery Scan Tool

^^ then some of you said this threat could be a false positive.

Now, I don’t know what to think, since this is my parent’s computer, Win8 home (so I’m unsure the above applications will work fine, and how to remove them after all this - not my computer as I said)
Thanks in advance for giving some lights about this issue.

No alerts for me on Firefox. I have the gmail notifier so I’m always logged in.

I’m not sure what to think either since I’ve followed the links to Facebook that others in this very topic have posted. None of them on avast’s Facebook page have anyone from avast saying that it was a false positive.

I finally found one by searching this topic on Google. It was only visible by viewing the cached version. Why would Avast delete or remove this topic and their response from their Facebook page? Because of this and the fact that those who posted on this forum that this was a false positive have low (1-4) post counts I’m skeptical.

I’ve found other posts with the same scenario to what has been posted here on other websites forums / discussion boards. One was a Google discussion board topic about this very subject. Then in the topic Someone with only one post to their history pops up and says avast posted on their Facebook page that it’s a false positive. Yet I spent over an hour going over avast’s Facebook page and nothing.