2 new viruses

Chris · Sep 6, 2005

Hi Kaspersky has found two viruses on my pc called
"trojan-spy.html.paylap.et" and
"trojan-spy.html.bayfraud.ew". I can find no information on what these two
viruses actually do! They surposedly came from a very well known source
back in April. Does anyone know what these two viruses can do? Is it
possible that someone else sent me the viruses and they have been clever
enough to make these viruses look as if they have came from a well know
source, in other words to disguice where they really came from? I have not
deleted these viruses from my machine yet because i would like to find out
more about them before i take any action.

Any feedback will be much appreciated.

Thank you,

Chris

Roger Wilco · Sep 6, 2005

"trojan-spy.html.paylap.et" and
"trojan-spy.html.bayfraud.ew".

Does anyone know what these two viruses can do?

These non-viruses attempt to trick the user into divulging their
"PayPal" and "eBay" account information to untrusted website forms by
appearing as trusted webforms. They send them out like spam and wait for
someone to 'bite' like they are fishing or trawling - the term for these
are "phishing" attempts and should be reported to the affected
companies.

I have not
deleted these viruses from my machine yet because i would like to find out
more about them before i take any action.

Commendable, but I believe they can be safely deleted.

Art · Sep 6, 2005

Hi Kaspersky has found two viruses on my pc called
"trojan-spy.html.paylap.et" and
"trojan-spy.html.bayfraud.ew". I can find no information on what these two
viruses actually do! They surposedly came from a very well known source
back in April. Does anyone know what these two viruses can do? Is it
possible that someone else sent me the viruses and they have been clever
enough to make these viruses look as if they have came from a well know
source, in other words to disguice where they really came from? I have not
deleted these viruses from my machine yet because i would like to find out
more about them before i take any action.

Any feedback will be much appreciated.

You can get an idea of what the paylap one is probably about here:

http://www.f-secure.com/v-descs/phishb.shtml

and perhaps here:

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

I suspect bayfraud is associated with the bogus ebay web site:

http://www.millersmiles.co.uk/identitytheft/030304-ebay-2.php

I'm only familiar with the email spreading form of this where users
are enticed to Run a email attackment because the message says
to "read it" (run it) for details of why your ebay account is
cancelled.

Hope this sleuth work helps a little. If you're wondering if KAV is
false alarming, I rather doubt it. It's possible that other av are
detecting what you have, so out of curiosity you could upload
suspect files to Virus Total:

http://www.virustotal.com/flash/index_en.html

If you're extremely lucky you might find a av there that detects
and provides you with a malware name for which you can Google
a description.

It's also possible that some spyware scanner will not only detect
but clean. Does KAV offer to clean or just delete files or what?

Maybe the files are just in some temp folder and you're not
infested?

Art

http://home.epix.net/~artnpeg

Chris · Sep 6, 2005

Thankyou for the reply .. it was actually "paypal" or supposedly paypal who
was the well known source. I am surprised that only Kasperskey was able to
detect them after I had performed a very in depth scan. It appears that
they have been on my system since 9th April. If I just delete the email I
assume this will get rid of it.

Thanx again for the info.

Shane · Sep 6, 2005

IE 7.0 (beta) - which only runs on XP or the Vista beta - exposes these urls
as phishing sites (instead of opening the site, it goes to a warning page).
Seems a pretty-good step forward security-wise.

Shane

Buffalo · Sep 7, 2005

Shane said:
IE 7.0 (beta) - which only runs on XP or the Vista beta - exposes these urls
as phishing sites (instead of opening the site, it goes to a warning page).
Seems a pretty-good step forward security-wise.

Shane

Damn it Shane, we're here to DISCREDIT ms, not credit it.

Watch your mouth.

Shane · Sep 7, 2005

Buffalo said:
Damn it Shane, we're here to DISCREDIT ms, not credit it.
Watch your mouth.

Sorry! Consider me suitably chastised <g>

I'll try not to do it again!

Shane

Marie Brown · Sep 10, 2005

Shane said:
IE 7.0 (beta) - which only runs on XP or the Vista beta - exposes these
urls as phishing sites (instead of opening the site, it goes to a warning
page). Seems a pretty-good step forward security-wise.

==========================
Do you have the URL where I can get the IE7.0 Beta?

Thanks

Marie...

Shane · Sep 10, 2005

Sorry Marie,
IE 7 Beta 1 is not available except to developers, MSDN subscribers and a
few pre-registered beta testers.

http://www.microsoft.com/windows/IE/ie7/default.mspx

Shane

I got a virus!	5	Feb 28, 2007
Would you continue using a HD you disinfected--or do a cleanreinstall or Ghost an older HD image?	26	Aug 18, 2011
Anti-Virus interference	9	Oct 27, 2017
Does \MsMpEng.exe(1360):\memory_07d80000 mean malware?	7	Oct 16, 2010
MSN My Photos virus	6	Jul 3, 2007
Five specific threats	17	Sep 12, 2010
AOL's Active Virus Shield. Is it safe?	5	Sep 5, 2006
Strange new trojan -> TR/Patched.O.2	1	Jan 10, 2008

2 new viruses

Chris

Roger Wilco

Art

Chris

Shane

Buffalo

Shane

Marie Brown

Shane

Ask a Question

Similar Threads