I haven’t received an e-mail message and the above URL leads to a Google page with the following message:
Your Google Mail account has been signed out.
Google Mail automatically signs you out of your account when it detects that you’ve logged out from another browser window, or when you sign in to another Google Mail account from another browser window. This is done to protect your Google Mail account, and to ensure the privacy of your information.
Sign in again
My installation is version 4.6 Home Edition, build: Feb 2006 (4.6.763) and I only have Web Shield running
I hope someone can offer an explanation of this “A Virus Was Found!” box message.
If you weren’t retrieving email then the only thing I can think of is you might have Outlook set to automatically check for new mail. Assuming you terminated the connection when you got the warning nothing would not have downloaded so you wouldn’t necessarily be aware you had email. The terminated connection might also explain why you got logged out.
The warning message would suggest that you were scanning GMail via the web interface and that a virus signature was detected in one of the web screens, especially since this is a VBScript virus which may have appeared in clear text rather than in an encoded attachment.
This may possibly have been a false detection, GMail instituted virus scanning of attachments at the end of 2005. Is it possible you were downloading a GMail attachment?
Attemtping to use a URL to go back to a terminated GMail session is likely to give the response you are seeing (ie you are not going to the URL but being refused because the session is no longer active).
It is unlikely that your system has been put at risk (you would need to download the VBScript and execute it for that to happen), but there is the possibility that an infected email is still sitting in your GMail message store - if you encounter it again via the web interface it should be deleted.
Outlook does not access GMail via http - so I think it unlikely in the extreme that a URL would be reported in connection with it.
I didn’t terminate the connection and I wasn’t logged out of the Google e-mail account I had open. Where the URL came from and why is a mystery to me, and to further the mystery, I haven’t got Outlook and don’t use an e-mail client. Nor was I downloading a GMail attachment, or anything else - in fact, at the time the system was only idling with me sitting in front of the monitor talking to a visitor.
Although I didn’t receive an e-mail message - so nothing was downloaded - I have still run full system scans with Avast and ewido; nothing detected.
I think it almost certainly is a false detection, so I suppose it is merely academic, but I would still like an explanation.
I rather suspect that merely accessing a URL related to your GMail account from another browser window is likely to trip Google’s security sensors and terminate your perfectly good session. In other words simply investigating the error report from avast would be enough.
However, that does not answer the more fundamental question, why, if your Gmail session was not being actively used would avast report a problem with a page being accessed? Browsers do perform refreshes but that should just be an update of an existing screen and not bring you a new page with a (possible) virus in it. I admit I do not have an answer - perhaps other minds will.
When I went to the URL from the Avast “A Virus Was Found!” box, I wasn’t logged out, even though the message on the page - see OP - gave such as the reason.
However, be that as it may; I am more interested in that most appropriately stated by you: “However, that does not answer the more fundamental question, why, if your Gmail session was not being actively used would avast report a problem with a page being accessed?”.
glad to hear someone else had a false positive too. a friend, 2 days ago, was awoken @ 5:30 by her laptop screaming “DANGER, DANGER!!” :o
she sent her log to me, only thing in it was under the caution tab:
Sign of “VBS:LoveLetter” has been found in “http://mail.google.com/mail/?&ik=e272776e73&view=tl&search=inbox&start=0&tlt=1099673b4c5&fp=6c14a1cec8ce9123&auto=1&zx=fdcma9-uktd28\unp147331982” file.
had her run a kasperky scan & nortons removal tool, no results. i never asked if she had firefox open, or if she has gmails notifier (atomfeed right?). this will be REALLY annoying if this happens to every client i set up w/ gmail and avast, REEEEEEALLY annoying…
anyone have anything definative? would be much appreciated.
-joe
I have again received an “A Virus Was Found!” box message, for all intents and purposes the same as that reported previously, only a slightly different file name and different VPS version:
All other details are also as reported previously. Whilst I think it extremely unlikely this warning is anything other than a false positive, it is still somewhat disconcerting to receive them.
Possibly something as to the cause of this problem is now known?
Well, I still don’t have a definitive answer but notice you had 7 instances of Internet Explorer open when you got the first alert. Besides the Microsoft page any idea what was on the other 6? Were there multiple browsers open the 2nd time too?
The second time only IE was open, 3 instances - 1 window for a gmail account and 2 windows with pages from a financial news site. These 3 pages plus another couple from the same financial news site and a couple of MS pages would have been the instances of IE open on the first occasion.
I never use IE for general browsing - always use Firefox - and cannot remember when I last had anything, other than the pages mentioned above, opened in IE.
Perhaps this is happening when new email is coming into your gmail account. Most email accounts automatically add new email at certain intervals. For some reason it appears that someone/something is sending you email that is infected. Maybe you do not directly download email to your computer but Avast is seeing something coming from gmail and blocking it from entering your computer.
Actually, I have gotten the same types of warnings a few times while doing searches with Google. I am beginning to wonder if Google is being infected in various of their services from time to time. Google is big and popular … a target likely to be exploited by hackers and malware writers.
My impression is that mail is not being sent. When I’ve received these warnings I haven’t taken any action other than closing the warning box, I certainly haven’t used the “Abort connection” button, yet don’t receive mail.
no response from the Support. But the Problem never happend again.