Jump to content

HTML/Fraud.EK Trojan

Recommended Posts

My computer is infected with something that ESET calls "HTML/Fraud.EK trojan".  ESET sends me a "Threat removed" message when I send an email with a message longer than a sentence.  The message says "A threat (HTML/Fraud.EK) was found in a file that Microsoft Outlook tried to access.  The file has been cleaned."  ESET stops the file from going out.

If I send a very short e-mail, with a sentence or less in the text, the email will go out with no problem.

I have run a full scan of my computer using ESET

I have used the restore functions to move my system settings back to where they were on 10/13/2021 (earliest date available to me).

I have emptied the trash in my mail.  I have deleted the contents of the "detetcted items" folder in my email, I have deleted the contents of my "Junk E-mail" folder, I have deleted the contents of the "ESET Antispam" folder, I have deleted the contents of the "Infected Items" folder", I went to the "Sent" folder and I deleted the emails there that triggered the error message, and I emptied the trash in my email again.

My computer is still infected.

I tried searching for "HTML/Fraud.EK trojan" at ESET, on Google, and at Major Geeks.  I have not been able to find anything that will tell me about the nature of the threat or how to remove it.


My computer is Windows 10, and I am running ESET System Security.

Here is a log for one of the e-mails that triggered a threat alert

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/15/2021 9:56:31 PM;Email filter - Outlook;email message;to: dxxxxxxxxxxe@gmail.com with subject Half paragraph test ;HTML/Fraud.EK trojan;contained infected files;DESKTOP-MV2C1N8\donal;Event occurred upon receiving an email by the application: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.;;


Here is a log of another threat alert that I received a while earlier, perhaps it is related:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
9/30/2021 7:20:12 PM;HTTP filter;file;https://www.themakogroup.com/pub/static/version1559625351/frontend/Solwin/freego_child/en_US/jquery/patches/jquery-ui.js;JS/Spy.Banker.FX trojan;connection terminated;DESKTOP-MV2C1N8\donal;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (9D90FAA8197CACBBC70621FC6DD235043ECC3F43).;36BA708F2A129DC3B9FE3E2D074072E3BDC72868;

Has anyone else encountered this threat before?  Does anyone have ideas on how to remove it?


I have tried signing in, but I received an incorrect password or user ID message.   I tried using the "forgot password" option, but I still have not received an e-mail with password reset instructions.  I have set up a password before, and my subscription is valid through April of 2022.



Link to comment
Share on other sites

  • Administrators

HTML/Fraud.EK is a detection of fraud emails like


Please provide me the email that you attempt to send and which is detected as HTML/Fraud.EK trojan.

Link to comment
Share on other sites

The email that I was attempting to send contains confidential financial information which I do not want to post here.  I tried sending another email of similar length, and it did not trigger a reaction.  It appears that the infection is targeting financial information.   Is there a less public way to share that email with you?

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...