PDA

View Full Version : AntiVir PE Classic, PayPal trojan?

[DSLR]poppster
December 13th, 2006, 06:05 PM
I've been having problems with Firefox 2.0 here lately with a possible Paypal Fraud, or at least AntiVir seems to think so.

When browsing yahoo answers, I get a virus alert labled,
PHISH/Paypalfaud.T, from the following URL.

hxxp://answers.yahoo.com/question/index?qid=20061213103424AAu6b6W&r=w&pa=
FZptHWf.BGRX3OFMhzJVU8vJxamKYfoJV19P7e5iWDmRvBVq1sg88ZsSb8Gqf_RDm5.sWQnKMTap0CGoiA--&paid=
answered#RZJ8UmG8Bzd90bovAi9OLxs7wpU4z.ffWNEJUBp_Y0VJmcqYFSbE

It's telling me that the infected file is in C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\5pvh3wre.de\338cbf8ed01

The folder 5pvh3wre (which looks like spyware misspelled) is there, but not 338cdf8ed01

hxxp://www.dslreports.com/r0/download/1098957~63f52a6bdc5c7293e1ad65c0360c4d15/untitled.JPG

Here is another link.
http://www.dslreports.com/speak/slideshow/17451769?c=1098958&ret=L2ZvcnVtL3JlbWFyaywxNzM0NTk4OQ%3D%3D


I'm running windows xp sp2 fully patched
AntiVir PE
Comodo Firewall
Adaware Se on Demand

Is this a fasle positive? I ONLY get this warning in FireFox, which I recently un-installed. Do you think my system is infected, or something was just wanting in?

Thanks in advance!
shek
December 13th, 2006, 06:13 PM
there is no alert under ie7 or opera 9.10. Maybe you could clear the firefox cache and try it again.

winxp pro sp2 fully patched
antivir7 personal classic(vdf 6.37.00.12, engine 7.03.00.15, phishing protection enabled)
Tommy
December 13th, 2006, 06:14 PM
Tried both url's with Opera. Nothing, no alert, everything fine. Clean the FF Cash
[DSLR]poppster
December 13th, 2006, 06:19 PM
Thanks for the superfast replies, but how would the browsers cache play a role in this?
Alphalutra1
December 13th, 2006, 07:37 PM
-{ Quote: "poppster']Thanks for the superfast replies, but how would the browsers cache play a role in this?" }-
One of the websites that you visited may have been or used a well known phishing website or technique. This was stored onto your hard-drive in the browser cache, as are all webpages you visit. Antivir is just detecting what was downloaded into your cache. Delete all of the cache's of your webbrowsers, then everything will be okay. If antivir interrupts during the deletion of the cache, just tell it to delete the file.

Cheers,

Alphalutra1