Severity scale:  
  (90/100)

EBay virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Malware
12

eBay virus targets inattentive online shopping enthusiasts

eBay virus variants

eBay virus (also found as eBay pop-up virus) is a malicious computer program that targets lovers of this online shopping site. Hackers are using several tricks to force victims install malicious software into their computers without realizing it. Most of the time, attackers use social engineering tricks to deceive bargain hunters.

The term “eBay malware” can be divided into several parts:

  • eBay Trojan (used to steal private user's information);
  • Adware that displays pop-up and banner ads leading to or appearing on eBay's website;
  • eBay-themed phishing emails delivering ransomware or other malicious viruses.

The online shopping site is very popular – in the second quarter of 2017, it scored a whopping 171 million active users. There is no surprise why cybercriminals are turning to users of this online shopping platform. While some of eBay-themed programs are simple adware that are more annoying than dangerous, there are viruses that exploit vulnerabilities in the website and use them to serve severe malware to unsuspecting victims.

Such viruses can silently steal information about users, grab their login information and credit card details and use them for illegal purposes. Below, you can find in-detail descriptions of known eBay viruses.

Versions of eBay virus

eBay “You are lucky” pop-up virus

One of the most severe ones describes a malicious code that the hackers insert into fake eBay stores with product listings[1]. The attackers then send out the malicious link to potential victims via Facebook Messenger, Whatsapp, Viber, email or other online communication means, suggesting to check out the products on that store.

After clicking on the malicious link, the victim gets redirected to the compromised store. At first, everything seems legit, and nothing raises any suspicions. However, after browsing the products from that particular store for a while, the user might attempt to explore an item's description.

This is where the attackers place a malicious code. They use a technique called JSF**k that allows creating a code that loads an extra JavaScript code from the attacker's server. This gives the hacker a possibility to insert a remotely controllable script that can be altered at any time. Therefore, once the victim opens the Item Description, an eBay popup appears, saying:

You are lucky!

Get 25% off today on all eBay purchases by installing our new Ebay Discount App for mobile.

The popup contains two buttons – “Close” and “Download.”

This virus can successfully infect both iOS and Android operating systems. The only difference is that Android users will be asked to disclose eBay's login details before getting access to the malicious download. The purpose of the scam and the eBay virus that users install thinking it is some discount app is to steal private user's information, download more malware into the compromised device and initiate more illegal activities unnoticeably.

If you were tricked into installing the malicious app, we strongly suggest that you remove eBay virus as soon as you can and change all your passwords as soon as you can!

eBay adware

eBay adware is a term used to describe various potentially unwanted programs (PUPs) that display eBay ads on user's computer screen. Usually, such programs use victim's Internet connection to address ad networks and load ads in a form of pop-ups, banners or in-text ads. Such adware programs do not belong to malware category, but they are classified as spyware, however.

The functionality of such adware programs is pretty basic. They insert tracking cookies into victim's web browser and even add browser extensions to dig information about victim's browsing patterns. These potentially unwanted programs can silently collect data such as victim's search terms, list of visited websites, clicks, downloads, IP address and geolocation and so on. While none of such data is considered personally identifiable, search queries might contain some sensitive details. Collected data can be shared between the adware developer and different ad networks in order to present interest-based ads.

Once the pop-up ads start appearing, the victim might see various eBay offers and deals on the computer screen. In most cases, these deals appear when visiting online shopping sites (not necessarily eBay). Oftentimes, the adware suggest exploring “SimilarDeals” or “Similar Products” from other shopping site, for instance, the one we discuss in this post. However, clicking on these ads can take you to insecure websites that might not be related to the deal the ad provided.

You should remember that such ads are extremely untrustworthy and you shouldn't rely on them when looking for a bargain online. If these pop-ups started bothering you, run a system check using anti-spyware or anti-malware type program to detect the culprit and initiate eBay virus removal. You might want to use Reimage for that if you are a Windows user. If you're using Mac OS, consider using Malwarebytes Anti Malware.

eBay-themed phishing

You should be aware of eBay themed phishing emails[2] that deliver malicious links or attachments. For example, one of such spam campaigns delivered fraudulent emails from someone posing as an employee of the reputable shopping site and asking the victim to reset eBay password.

If the victim clicks on a malicious link added to the message, it redirects him/her to a fraudulent website asking to enter username, old and new password for the online shopping site account. Of course, the website is bogus, and it instantly sends unencrypted login details to cyber criminals who instantly hack the eBay account and steal private victim's data.

Victims had also reported incidents when they received suspicious emails from the shopping site (obviously, not from it, but from scammers) containing a malicious attachment that turned out to be ransomware. The scammers usually state that the victim has to see an invoice, confirm a payment or check the location of the product bought from the online shopping site. The attached file might be a Word, ZIP, RAR or JavaScript file that contains the malicious payload.

We highly recommend that you check out this guide on how to identify an email with a virus to avoid opening malicious emails.

eBayWall ransomware virus.

eBayWall virus is a typical ransomware virus with an uncommon ransom demand. Unlike the majority of ransom-demanding viruses, it doesn't seek to extort computer users – it wants to receive a ransom from eBay, stating that it doesn't care about cybersecurity at all.

During the data encryption process, it appends .ebay extensions to each of the encrypted files. The virus leaves a message to victims and to the e-commerce corporation in an eBay-msg.html file that even contains the list of company's CEOs and their annual incomes. 

The ransomware asks to pay 8791905 USD (200000 XMR), promising to remove the spell and decrypt all victims' files. However, at the moment it is unknown whether the company is going to respond to the extortionist's demand or not. Until then, it is recommended to remove eBayWall ransomware and test available data recovery techniques to restore corrupted data (.ebay file extension files).

Ways to get infected with spyware or malware

As we have already mentioned, eBay virus shows up in the form of misleading e-mail, which has a link inside and redirects people to the website where they are asked to enter their personal information, such as the number of the credit card or login information.

According to our security experts, this e-mail may have a subject “eBay Unpaid Item Dispute for Item #XXXXXX–Response Required” or similar. However, this virus can also show up in the form of pop-up advertisement that covers entire eBay's homepage and asks entering the details of your credit card or eBay's login name and password.

Basically, no matter which version of eBay virus[3] attacks you, you must stay away from its requirement to enter your personal information. Besides, don't forget to check your PC with updated anti-spyware and remove malicious entries from the system.

The shopping website has been compromised several times and, as we already described, scammers used security vulnerabilities to display malicious pop-ups to the victims. If you ever run into a similar pop-up promising hard-to-believe discounts or offers, better step back. It is more than likely that someone is trying to scam you.

Remove eBay virus and protect your computer

It is a must to remove eBay virus without a delay because it is a dangerous executive file that can have various illegal functions meant to steal your private information or infect your device with even more malware.

If your computer was compromised, we strongly suggest rebooting it in Safe Mode with Networking, installing anti-malware software and performing a complete system check to find and eliminate all of the malware components.

eBay virus removal tutorial that we added to this post explains how to complete the virus elimination procedure successfully. Please read the given instructions carefully so that you could delete the malware for good and prevent its comeback.

Do not forget to choose a verified and secure anti-malware software which could remove all spyware/malware threats from the system at once. Please, do not rely on unprofessional tools that could overlook malicious files and leave your system compromised.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove eBay virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall eBay virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual eBay virus Removal Guide:

Remove eBay using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

First step is to prepare your computer for eBay virus removal. To do this, you must put the system into Safe Mode with Networking. The guidelines given below explain how to do it.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove eBay

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete eBay removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove eBay using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

This is the second eBay malware removal method. Use it only if the method 1 did not help you to delete the virus.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of eBay. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that eBay removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from eBay and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References

Removal guides in other languages


  • Vanessa Nattrass

    I received an email from a person calling himself nathan. He was following up on an item I had for sale on ebay. (I have never sold anything on ebay so was immediately suspicious). He asked me to contact him on an email link. I deleted the email and switched off my phone. Hopefully my iphone isnt compromised.