HTML/Fraud.EK Trojan

[EAV-0226081880 0]

My computer is infected with something that ESET calls "HTML/Fraud.EK trojan".  ESET sends me a "Threat removed" message when I send an email with a message longer than a sentence.  The message says "A threat (HTML/Fraud.EK) was found in a file that Microsoft Outlook tried to access.  The file has been cleaned."  ESET stops the file from going out.

If I send a very short e-mail, with a sentence or less in the text, the email will go out with no problem.

I have run a full scan of my computer using ESET

I have used the restore functions to move my system settings back to where they were on 10/13/2021 (earliest date available to me).

I have emptied the trash in my mail.  I have deleted the contents of the "detetcted items" folder in my email, I have deleted the contents of my "Junk E-mail" folder, I have deleted the contents of the "ESET Antispam" folder, I have deleted the contents of the "Infected Items" folder", I went to the "Sent" folder and I deleted the emails there that triggered the error message, and I emptied the trash in my email again.

My computer is still infected.

I tried searching for "HTML/Fraud.EK trojan" at ESET, on Google, and at Major Geeks.  I have not been able to find anything that will tell me about the nature of the threat or how to remove it.

 

My computer is Windows 10, and I am running ESET System Security.

Here is a log for one of the e-mails that triggered a threat alert

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/15/2021 9:56:31 PM;Email filter - Outlook;email message;to: dxxxxxxxxxxe@gmail.com with subject Half paragraph test ;HTML/Fraud.EK trojan;contained infected files;DESKTOP-MV2C1N8\donal;Event occurred upon receiving an email by the application: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.;;

 

Here is a log of another threat alert that I received a while earlier, perhaps it is related:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
9/30/2021 7:20:12 PM;HTTP filter;file;https://www.themakogroup.com/pub/static/version1559625351/frontend/Solwin/freego_child/en_US/jquery/patches/jquery-ui.js;JS/Spy.Banker.FX trojan;connection terminated;DESKTOP-MV2C1N8\donal;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (9D90FAA8197CACBBC70621FC6DD235043ECC3F43).;36BA708F2A129DC3B9FE3E2D074072E3BDC72868;

Has anyone else encountered this threat before?  Does anyone have ideas on how to remove it?

 

I have tried signing in, but I received an incorrect password or user ID message.   I tried using the "forgot password" option, but I still have not received an e-mail with password reset instructions.  I have set up a password before, and my subscription is valid through April of 2022.

 

 

[Marcos 4,918]

HTML/Fraud.EK is a detection of fraud emails like

Please provide me the email that you attempt to send and which is detected as HTML/Fraud.EK trojan.

[EAV-0226081880 0]

The email that I was attempting to send contains confidential financial information which I do not want to post here.  I tried sending another email of similar length, and it did not trigger a reaction.  It appears that the infection is targeting financial information.   Is there a less public way to share that email with you?

[Marcos 4,918]

You can drop me a personal message with the text of the email enclosed.

[EAV-0226081880 0]

I tried a few variations of my e-mail, and I found that versions of the email that had a number with a dollar sign in front and ones that contained the word "money" resulted in a threat alert.

[EAV-0226081880 0]

Here is a screen shot of the threat removed message that ESET returns when I try to send emails with financial info.

[Marcos 4,918]

We have tweaked the detection so that this particular email is not detected as a fraud/scam email.