Hi, I am getting virus detection’s when making a transaction via paypal and I was wondering if this was a false alarm.
I’ve used the same website for payment a few weeks ago and never got a virus detection until today.
Here is the URL I am getting the infection on : s_www_paypalobjects_com__MERCHANTPAYMENTWEB-640-2014…
Infection : JS:Decode-BUL [Trj]
For reference; the website I was trying to purchase off is eu.wargaming.net.
Web browser : Google Chrome.
I’m getting this on the Wiggio calendar website also; it just started today.
Produces:
TROJAN HORSE BLOCKED
Object: http:/…/wiggio-in.jgz?lastmod=20140429161
Infection: JS:Decode-BUL [Trj]
People here have been using this website for shared calendar activity for weeks. It’s definitely a legitimate website.
I will post this separately as a query on “False Positive on Wiggio Website?”.
Same here - Running Chrome on Windows 7.
Exact same report from Avast as OP. In my case whilst trying to access Paypal via Discogs.com (definitely a legitimate website).
Thanks in advance if anyone can bring some clarity to this.
I am having the same problem too, with Windows 7 on Chrome. I was trying to complete a “Buy it Now” transaction on Ebay.
When linking from ebay to paypal for a buy it now purchase, Avast is blocking the transaction page with a JS:Decode-BUL [Trj] message.
Both ebay and paypal urls appear green and verified.
Same problem as others are reporting.
Same error for me on Windows 8 with Chrome. I was trying to buy from 7dayshop.com - also a very reputable company. Threat detected by Avast “JS:Decode-BUL [Trj]”. Had to change my method of payment to complete the order. Paypal was fine last time I used it, 12 hours ago. There’s nothing on the Paypal forum about this.
Same problem here, working with Windows 7 on Chrome and trying to complete a payment transaction on Ebay.
Is there a solution?
This virus was detected by Avast after testing my own site that uses PayPal for purchases:
s_www_paypalobjects_com__MERCHANTPAYMENTWEB-640-2014
Spamming these threads isn’t needed. I’m sure AVAST! is working on it.
I will do some scanning. What’s the full URL?
I think your site is a FP.
However, check this is on th ASN… http://urlquery.net/report.php?id=1398869423234
THe report on the Download is 13/51 Malicious. https://www.virustotal.com/en/file/77547470097e7d4537eb8adaa06f5c38db81436be96158d5377c09d7f6b24fc9/analysis/1398832706/
No other reports on wiggio.com.
Hello guys,
it has been false positive. Currently we releasing new VPS which should be outside in few minutes.
Best regards,
Filip Ch.
Thank you Flippy
Can you adress the wiggio.com website aswell?
I’m also getting the alert on my test server (asp.net using visual studio 2013)
URL: s_www_paypalobjects_com__MERCHANTPAYMENTWEB-640-2014…
Infection: JS:Decode-BUL [Trj]
What do we need to do, if anything, to get the update once it’s released?
Thanks.
They just said it’s a FP on Paypal.
Are you sure 100%? I have two laptop with avast, and only one get this false positive…
Different VPS versions. Flippy is an Avast! Team Member. I’m pretty sure he knows what he’s talking about :).
Current vps update:
http://www.screencast-o-matic.com/screenshots/u/Lh/1398875117167-22326.png
I just logged into PayPal without any problems or warnings. 
I’m having the same problem too. This is not a minor issue, I use PayPal on a daily basis to pay company bills. I really need this working!! Ever site I try, even sites I fully trust it does it on, and I can’t just ignore it and pay as it disables the form on the PayPal screen. Please help!
It is a false positive, I have reported it. Bob it is when you try to make a payment via a paypal link
Update your VPS! Sheesh. If that doesn’t work. Disable AVAST! for a while.