AntiVir PE Classic, PayPal trojan?

Discussion in 'other anti-virus software' started by [DSLR]poppster, Dec 13, 2006.

Thread Status:
Not open for further replies.
  1. [DSLR]poppster

    [DSLR]poppster Registered Member

    Joined:
    Dec 13, 2006
    Posts:
    11
    Location:
    The Midwest
    I've been having problems with Firefox 2.0 here lately with a possible Paypal Fraud, or at least AntiVir seems to think so.

    When browsing yahoo answers, I get a virus alert labled,
    PHISH/Paypalfaud.T, from the following URL.

    hxxp://answers.yahoo.com/question/index?qid=20061213103424AAu6b6W&r=w&pa=
    FZptHWf.BGRX3OFMhzJVU8vJxamKYfoJV19P7e5iWDmRvBVq1sg88ZsSb8Gqf_RDm5.sWQnKMTap0CGoiA--&paid=
    answered#RZJ8UmG8Bzd90bovAi9OLxs7wpU4z.ffWNEJUBp_Y0VJmcqYFSbE

    It's telling me that the infected file is in C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\5pvh3wre.de\338cbf8ed01

    The folder 5pvh3wre (which looks like spyware misspelled) is there, but not 338cdf8ed01

    hxxp://www.dslreports.com/r0/download/1098957~63f52a6bdc5c7293e1ad65c0360c4d15/untitled.JPG

    Here is another link.
    http://www.dslreports.com/speak/slideshow/17451769?c=1098958&ret=L2ZvcnVtL3JlbWFyaywxNzM0NTk4OQ%3D%3D


    I'm running windows xp sp2 fully patched
    AntiVir PE
    Comodo Firewall
    Adaware Se on Demand

    Is this a fasle positive? I ONLY get this warning in FireFox, which I recently un-installed. Do you think my system is infected, or something was just wanting in?

    Thanks in advance!
     

    Attached Files:

    Last edited by a moderator: Dec 13, 2006
  2. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    there is no alert under ie7 or opera 9.10. Maybe you could clear the firefox cache and try it again.

    winxp pro sp2 fully patched
    antivir7 personal classic(vdf 6.37.00.12, engine 7.03.00.15, phishing protection enabled)
     
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Tried both url's with Opera. Nothing, no alert, everything fine. Clean the FF Cash
     
  4. [DSLR]poppster

    [DSLR]poppster Registered Member

    Joined:
    Dec 13, 2006
    Posts:
    11
    Location:
    The Midwest
    Thanks for the superfast replies, but how would the browsers cache play a role in this?
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    One of the websites that you visited may have been or used a well known phishing website or technique. This was stored onto your hard-drive in the browser cache, as are all webpages you visit. Antivir is just detecting what was downloaded into your cache. Delete all of the cache's of your webbrowsers, then everything will be okay. If antivir interrupts during the deletion of the cache, just tell it to delete the file.

    Cheers,

    Alphalutra1
     
Loading...
Thread Status:
Not open for further replies.