Hello, I apologize in advance if my syntax is incorrect or my information is insufficient but I desperately need help. Earlier tonight I tried to access my bank account via Safari on an Early 2011 macbook pro. I HAD NO OTHER TABS OPEN and all my other browsers were completely quit. Nothing else was running but Safari. Suddenly, the Avast Web Shield gave me an infection warning stating that HTML:Framer-inf [Trj] had been blocked. The apparent URL source was
hxtp://bidr.trellian.com/r2.php?e=YPEC5m4ENXkTeshL2U8CDUqFIH1F6Ew%2Bk1yUQj%2FOSteLh2u8iotro3%2BWoagg%2FzFow9%2BOFMrF6Ic2v63ZNejseFRaUjTXj%2FGmwSdEyd%2F2wWOlbD1NIgudHZyqu2%2B2f%2Bsq0%2FENmMMTERb1g257crDye6dj%2FIydUvkHquQAqbIbQS8CZu1iRk3G8ORm83krAYyWsJerY%2FnR92kAEXPiRdi6qZ%2Bl%2FS7SvWKZ4Heja87MPOJDnB4vk8lydLQzs5uTQrxcWIrBIP%2ByNcH7%2FzuGBGvYI%2BdUeedhlYgqufGMW5rEnS48olKzFRUXQlfP1J2dPrmRt%2FxkTrFRH1pmSg9FJucIYL1eMnuZQvaFvChmJOhqgJHt0f%2B65bRZP5ntS1Wq4Q7mFNwR6kO3qlfidJu4tObjof37RkJp80Rkd1LJdfeCVhY%2FrihOvr%2BeWCwLmDNfJ138kWSHsn6fJCc134Q4lxs5EzujecJdCXKT6mg%2FNMriumydLoTrh2jDpffsd7qiw30TxGwUYHnA6QO6c8BIBKiM%2B76rg5eXbZUH%2Bw0tIORbfd%2BtCUkarka%2B%2Fe3d5PDMLnZ3x7vw30veHxl8AwW1EozM%2B03AwYJyb8l0%2FCEOCAssKgvGB38J%2FfVJcg%3D%3D
^
Wouldn’t click on that if I were you
But like I said I had no other tabs or browsers open. NONE. Additionally I was running private mode as I always do when I access sensitive info. I immediately shut my computer down, went to another, changed my password, then reactivated my mac and ran a Full System Scan via Avast.
0 infected files were found
33 were unable to be scanned
I’m running OSX El Capitan (10.11.6) on an Early 2011 Macbook Pro (13 inch)
I find it terrifying that this happened RIGHT as I logged into my bank account. Could something in my computer have tried to contact this malicious domain while I was doing that in order to get my bank info?? Any help would be appreciated. If you need more info I’ll be more than happy to provide. Just tell me how to get it please. Thank you for reading.
Hello and thank you for the reply. However, while that URL is verifiably malicious, I don’t understand how that could have happened when no other browsers or tabs were open and I was in Bank of America website? Do I have something on my computer or is it the bank’s server? Any idea what I could do if it is my computer? Thanks
Here you see why Webshield blocking is so vital at times where we link to malicious external links.
This especially so where these links do not come blocked by a good script- or adblocker of sorts.
So according to the darkest scenario after visiting that link you could have landed at ransomeware and not longer been able to use your device.
So like Eddy says, break that link or I ask moderation to do that for us.
Alright. I don’t know much about this but I think my browsers have all been hijacked by some spyware. Unless you all think it’s a bad idea I will be wiping my OS and reinstalling later tonight. Thank you all for your responses :).
Well the thing is if no other tabs were open and all other browsers were completely closed while on the https verified Bank of America website something is wrong. My working theory is that something on my computer that the Avast file shield was unable to detect tried to contact this known malware domain to upload key logged credentials of my bank account. It might be an overreach but the fact that the web shield stated “infection detected” as I pressed enter and accessed my bank account indicates to me that something on my computer was acting without my knowledge. I was also able to access my account in that moment without any block from Avast. If the site I was visiting was itself the source of the infection I would have gotten a big red screen saying “Infection detected.” Instead only the pop up to the right of the screen came up and logged the event in the Avast web shield history. But the account itself was totally unblocked and verified via https. The site I was visiting (https://www.bankofamerica.com/) was therefore totally legitimate.
Thanks everyone. I wanted to let everyone know of my experience and see if there were any known reasons for why this might occur to warn future potential victims. But I wiped the OS and reinstalled already so there’s nothing left to check. I was afraid of what might otherwise happen. I wish I could have helped more but I needed my computer working and secure. Thanks for all of your responses! Much appreciated.
Ladies and gentlemen, for everyone who has been dealing with this problem specifically with Safari, I discovered the source. As I stated before I wiped my OS and reinstalled due to a strange web shield warning that popped up unexpectedly and without apparent provocation. But to my horror, shortly after reinstalling, the warning popped up again. This time it occurred many times and randomly as I attempted to use the browser. I wiped out the caches, preferences files, deleted all the configuration files and it still kept popping up. Finally, within the browser itself, I deleted all of my bookmarks on a recommendation by an obscure forum.
The problem was solved.
It turns out an old bookmark (there were hundreds within several folders I never used anymore) was contacting it’s domain for its corresponding metadata (images and basic site info). But the site was probably hacked by a redirect recently. So every time it contacted the domain to perform the update, BAM, webshield detected the attempt and blocked it thus causing all the disconcerting “infection detected” popups. So ultimately it probably wasn’t even dangerous lol. But there you go.