EBay virus (Removal Instructions) - Apr 2018 update

eBay virus Removal Guide

What is eBay virus?

eBay virus is a malicious program that targes unsispecting online shoppers

eBay virus variants

eBay virus is a range of online cyberthreats that are related to eBay online shopping site. Ebay is one of the most popular shopping sites online, so it is npot surprising that cybercrooks try to use it for illict purposes. Typically, hackers use social engineering skills to convince users into downloading and installing malicious software.

Name eBay virus
Type Adware or malware
Main dangers Disclosure of personal information, stolen money, malware infections, etc.
  • eBay “You are lucky” pop-up virus
  • eBay adware
  • eBay-themed phishing
  • eBayWall ransomware
Symptoms Various eBay pop-ups with fake deals, slowdown of the machine, crashing software, etc.
Distribution Software bundling, third-party app stores, malicious sites, etc.
Elimination Download and install FortectIntego or Malwarebytes

The term “eBay malware” can be divided into several parts:

  • eBay Trojan (used to steal private user's information);
  • Adware that displays pop-up and banner ads leading to or appearing on eBay's website;
  • eBay-themed phishing emails delivering ransomware or other malicious viruses.

The online shopping site is very popular – as of end of March 2018, it scored a whopping 168 million active users with 25 25 million sellers and 1.1 billion listings. There is no surprise why cybercriminals are turning to users of this online shopping platform. While some of eBay-themed programs are simple adware that are more annoying than dangerous, there are viruses that exploit vulnerabilities in the website and use them to serve severe malware to unsuspecting victims.

Such viruses can silently steal information about users, grab their login information and credit card details and use them for illegal purposes. Below, you can find in-detail descriptions of known eBay viruses.

Different eBay virus variations

eBay “You are lucky” pop-up virus

One of the most severe ones describes a malicious code that the hackers insert into fake eBay stores with product listings[1]. The attackers then send out the malicious link to potential victims via Facebook Messenger, Whatsapp, Viber, email or other online communication means, suggesting to check out the products on that store.

After clicking on the malicious link, the victim gets redirected to the compromised store. At first, everything seems legit, and nothing raises any suspicions. However, after browsing the products from that particular store for a while, the user might attempt to explore an item's description.

This is where the attackers place a malicious code. They use a technique called JSF**k that allows creating a code that loads an extra JavaScript code from the attacker's server. This gives the hacker a possibility to insert a remotely controllable script that can be altered at any time. Therefore, once the victim opens the Item Description, an eBay popup appears, saying:

You are lucky!

Get 25% off today on all eBay purchases by installing our new Ebay Discount App for mobile.

The popup contains two buttons – “Close” and “Download.”

This virus can successfully infect both iOS and Android operating systems. The only difference is that Android users will be asked to disclose eBay's login details before getting access to the malicious download. The purpose of the scam and the eBay virus that users install thinking it is some discount app is to steal private user's information, download more malware into the compromised device and initiate more illegal activities unnoticeably.

If you were tricked into installing the malicious app, we strongly suggest that you remove eBay virus as soon as you can and change all your passwords as soon as you can!

eBay virus pictures

eBay adware

eBay adware is a term used to describe various potentially unwanted programs (PUPs) that display eBay ads on user's computer screen. Usually, such programs use victim's Internet connection to address ad networks and load ads in a form of pop-ups, banners or in-text ads. Such adware programs do not belong to malware category, but they are classified as spyware, however.

The functionality of such adware programs is pretty basic. They insert tracking cookies into victim's web browser and even add browser extensions to dig information about victim's browsing patterns. These potentially unwanted programs can silently collect data such as victim's search terms, list of visited websites, clicks, downloads, IP address and geolocation and so on. While none of such data is considered personally identifiable, search queries might contain some sensitive details. Collected data can be shared between the adware developer and different ad networks in order to present interest-based ads.

Once the pop-up ads start appearing, the victim might see various eBay offers and deals on the computer screen. In most cases, these deals appear when visiting online shopping sites (not necessarily eBay). Oftentimes, the adware suggest exploring “SimilarDeals” or “Similar Products” from other shopping site, for instance, the one we discuss in this post. However, clicking on these ads can take you to insecure websites that might not be related to the deal the ad provided.

You should remember that such ads are extremely untrustworthy and you shouldn't rely on them when looking for a bargain online. If these pop-ups started bothering you, run a system check using anti-spyware or anti-malware type program to detect the culprit and initiate eBay virus removal. You might want to use FortectIntego for that if you are a Windows user. If you're using Mac OS, consider using Malwarebytes.

eBay-themed phishing

You should be aware of eBay themed phishing emails[2] that deliver malicious links or attachments. For example, one of such spam campaigns delivered fraudulent emails from someone posing as an employee of the reputable shopping site and asking the victim to reset eBay password.

If the victim clicks on a malicious link added to the message, it redirects him/her to a fraudulent website asking to enter username, old and new password for the online shopping site account. Of course, the website is bogus, and it instantly sends unencrypted login details to cyber criminals who instantly hack the eBay account and steal private victim's data.

Victims had also reported incidents when they received suspicious emails from the shopping site (obviously, not from it, but from scammers) containing a malicious attachment that turned out to be ransomware. The scammers usually state that the victim has to see an invoice, confirm a payment or check the location of the product bought from the online shopping site. The attached file might be a Word, ZIP, RAR or JavaScript file that contains the malicious payload.

We highly recommend that you check out this guide on how to identify an email with a virus to avoid opening malicious emails.

eBayWall ransomware virus.

eBayWall virus is a typical ransomware virus with an uncommon ransom demand. Unlike the majority of ransom-demanding viruses, it doesn't seek to extort computer users – it wants to receive a ransom from eBay, stating that it doesn't care about cybersecurity at all.

During the data encryption process, it appends .ebay extensions to each of the encrypted files. The virus leaves a message to victims and to the e-commerce corporation in an eBay-msg.html file that even contains the list of company's CEOs and their annual incomes.

The ransomware asks to pay 8791905 USD (200000 XMR), promising to remove the spell and decrypt all victims' files. However, at the moment it is unknown whether the company is going to respond to the extortionist's demand or not. Until then, it is recommended to remove eBayWall ransomware and test available data recovery techniques to restore corrupted data (.ebay file extension files).

eBay viruseBay virus is a term that covers various spyware and malware programs that target online shoppers.

Cybercrooks use various tricks to insert malware into users' PCs

As we have already mentioned, eBay virus shows up in the form of misleading e-mail, which has a link inside and redirects people to the website where they are asked to enter their personal information, such as the number of the credit card or login information.

According to our security experts, this e-mail may have a subject “eBay Unpaid Item Dispute for Item #XXXXXX–Response Required” or similar. However, this virus can also show up in the form of pop-up advertisement that covers entire eBay's homepage and asks entering the details of your credit card or eBay's login name and password.

Basically, no matter which version of eBay virus[3] attacks you, you must stay away from its requirement to enter your personal information. Besides, don't forget to check your PC with updated anti-spyware and remove malicious entries from the system.

The shopping website has been compromised several times and, as we already described, scammers used security vulnerabilities to display malicious pop-ups to the victims. If you ever run into a similar pop-up promising hard-to-believe discounts or offers, better step back. It is more than likely that someone is trying to scam you.

Continue online shopping without eBay virus

It is a must to remove eBay virus without a delay because it is a dangerous executive file that can have various illegal functions meant to steal your private information or infect your device with additional malware.

If your computer was compromised, we strongly suggest rebooting it in Safe Mode with Networking, installing anti-malware software and performing a complete system check to find and eliminate all of the malware components. We suggest using FortectIntego or Malwarebytes. This software is designed to take care of even the most stubborn viruses.

eBay virus removal tutorial that we added to this post explains how to complete the virus elimination procedure successfully. Please read the given instructions carefully so that you could delete the malware for good and prevent its comeback.

eBay malware

Do not forget to choose a verified and secure anti-malware software which could remove all spyware/malware threats from the system at once. Please, do not rely on unprofessional tools that could overlook malicious files and leave your system compromised.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of eBay virus. Follow these steps

Manual removal using Safe Mode

First step is to prepare your computer for eBay virus removal. To do this, you must put the system into Safe Mode with Networking. The guidelines given below explain how to do it.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove eBay using System Restore

This is the second eBay malware removal method. Use it only if the method 1 did not help you to delete the virus.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of eBay. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that eBay removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from eBay and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting malware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

Removal guides in other languages