Jump to content

HTML/Fraud.EK Trojan


Recommended Posts

My computer is infected with something that ESET calls "HTML/Fraud.EK trojan".  ESET sends me a "Threat removed" message when I send an email with a message longer than a sentence.  The message says "A threat (HTML/Fraud.EK) was found in a file that Microsoft Outlook tried to access.  The file has been cleaned."  ESET stops the file from going out.

If I send a very short e-mail, with a sentence or less in the text, the email will go out with no problem.

I have run a full scan of my computer using ESET

I have used the restore functions to move my system settings back to where they were on 10/13/2021 (earliest date available to me).

I have emptied the trash in my mail.  I have deleted the contents of the "detetcted items" folder in my email, I have deleted the contents of my "Junk E-mail" folder, I have deleted the contents of the "ESET Antispam" folder, I have deleted the contents of the "Infected Items" folder", I went to the "Sent" folder and I deleted the emails there that triggered the error message, and I emptied the trash in my email again.

My computer is still infected.

I tried searching for "HTML/Fraud.EK trojan" at ESET, on Google, and at Major Geeks.  I have not been able to find anything that will tell me about the nature of the threat or how to remove it.

 

My computer is Windows 10, and I am running ESET System Security.

Here is a log for one of the e-mails that triggered a threat alert

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/15/2021 9:56:31 PM;Email filter - Outlook;email message;to: dxxxxxxxxxxe@gmail.com with subject Half paragraph test ;HTML/Fraud.EK trojan;contained infected files;DESKTOP-MV2C1N8\donal;Event occurred upon receiving an email by the application: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.;;

 

Here is a log of another threat alert that I received a while earlier, perhaps it is related:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
9/30/2021 7:20:12 PM;HTTP filter;file;https://www.themakogroup.com/pub/static/version1559625351/frontend/Solwin/freego_child/en_US/jquery/patches/jquery-ui.js;JS/Spy.Banker.FX trojan;connection terminated;DESKTOP-MV2C1N8\donal;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (9D90FAA8197CACBBC70621FC6DD235043ECC3F43).;36BA708F2A129DC3B9FE3E2D074072E3BDC72868;

Has anyone else encountered this threat before?  Does anyone have ideas on how to remove it?

 

I have tried signing in, but I received an incorrect password or user ID message.   I tried using the "forgot password" option, but I still have not received an e-mail with password reset instructions.  I have set up a password before, and my subscription is valid through April of 2022.

 

 

Link to comment
Share on other sites

  • Administrators

HTML/Fraud.EK is a detection of fraud emails like

image.png

Please provide me the email that you attempt to send and which is detected as HTML/Fraud.EK trojan.

Link to comment
Share on other sites

The email that I was attempting to send contains confidential financial information which I do not want to post here.  I tried sending another email of similar length, and it did not trigger a reaction.  It appears that the infection is targeting financial information.   Is there a less public way to share that email with you?

Link to comment
Share on other sites

I tried a few variations of my e-mail, and I found that versions of the email that had a number with a dollar sign in front and ones that contained the word "money" resulted in a threat alert.

Link to comment
Share on other sites

  • Administrators

We have tweaked the detection so that this particular email is not detected as a fraud/scam email.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...