jtown82

Well actually I just got another alert from a more recent updated machine. Updated with ESET info on that machine. ESET Remote Administrator Agent 6.3.136.0ESET Endpoint Antivirus 6.4.2014.0 THREAT NAME JS/TrojanDownloader.Pegel.BH THREAT TYPE trojan SEVERITY Warning OCCURRED 2017 Sep 26 12:18:44 THREAT HANDLED Yes RESTART NEEDED No ACTION TAKEN connection terminated ACTION ERROR OBJECT TYPE file OBJECT URI hxxp://s7.addthis.com/js/300/addthis_widget.js CIRCUMSTANCES SCANNER HTTP filter ENGINE VERSION 13535 (20160524) PROCESS NAME C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

We do have some machines still getting the alerts but I am assuming that is because we have a few machines that have not been upgraded yet and are still using eset V5 endpoint protection. Or should the fix cover those aswell?

Marcos do you know if a hotfix or something is being worked on?

All the sudden our ERA is spamming alerts for addthis_widget.js and flagging it as JS/TrojanDownloader.Pegel.BH. literally 20-30 different computers at the same time. Not sure if this is legit or if another bad push of definitions went out and its false positives. Anyone else all the sudden getting these alerts? AppData/Local/Microsoft/Windows/INetCache/Low/IE/EZ3ZKCGG/addthis_widget[1].js er/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/W5TI9TST/addthis_widget[3].js

The issue is the malware is not actually malware from what I have been reading and seeing like Chrome being launched to auto go to the extensions page is nothing nefarious. That string after chrome.exe should not be flagged. ESET recommending other products....lol.. ESET presents itself as the total solution for protection. It is almost embarrassing if they truly are saying use another product.

i also have a user with a Chrome Apps launcher shortcut using this string. ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-app-list" and the second its clicked on ESET flags it but doesn't actually stop it from opening up chrome and such. still wish ESET would actually push a REAL fix to this.

Still getting alerts in our system for the exact same thing. typical that Eset would try and blame virus radar. in the end its ESET vault. They are the vendor and need to resolve it regardless of what other 3rd party vendors have a hand in it. Sadly When you have 1300 machines the above method is not a solution. ESET will be losing a fairly large customer when our contract comes back around if this isn't resolved quickly.

We have been getting the same thing have around 600 machines currently about 5-6 have been spamming this. I guess I am blind as I do not see anything in the alert section in regards to "advanced options to whitelist this or ignore it ect. Sadly Eset has one of the worst GUIs in the history anything. file:///C:/Users/Benjamin.Beegle/AppData/Local/Google/Chrome/User Data/Default/Extensions/lgfehfbnofiffladdncogfobimealokp/1.300.11.57732_0/components/api/background/widget-api-impl.js THREAT NAME JS/Mindspark.E THREAT TYPE potentially unwanted application SEVERITY Critical OCCURRED 2017 Sep 10 16:13:39 THREAT HANDLED No RESTART NEEDED No ACTION TAKEN ACTION ERROR unable to clean OBJECT TYPE file OBJECT URI file:///Startup CIRCUMSTANCES SCANNER Startup scanner ENGINE VERSION 16061 (20170910)