[addthis_widget.js alert spam]

Well actually I just got another alert from a more recent updated machine.   

 

Updated with ESET info on that machine.  

ESET Remote Administrator Agent 6.3.136.0

ESET Endpoint Antivirus 6.4.2014.0

• THREAT NAME

  JS/TrojanDownloader.Pegel.BH
   
   
• THREAT TYPE

  trojan
   
   
• SEVERITY

  Warning
   
   
• OCCURRED

  2017 Sep 26 12:18:44
   
   
• THREAT HANDLED

  Yes
   
   
• RESTART NEEDED

  No
   
   
• ACTION TAKEN

  connection terminated
   
   
• ACTION ERROR

   
   
   
• OBJECT TYPE

  file
   
   
• OBJECT URI

  hxxp://s7.addthis.com/js/300/addthis_widget.js
   
   
• CIRCUMSTANCES

   
   
   
• SCANNER

  HTTP filter
   
   
• ENGINE VERSION

  13535 (20160524)
   
   
• PROCESS NAME

  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   
   
•  

[addthis_widget.js alert spam]

We do have some machines still getting the alerts but I am assuming that is because we have a few machines that have not been upgraded yet and are still using eset V5 endpoint protection.  Or should the fix cover those aswell?

 

[addthis_widget.js alert spam]

Marcos do you know if a hotfix or something is being worked on?

[addthis_widget.js alert spam]

All the sudden our ERA is spamming alerts for addthis_widget.js  and flagging it as JS/TrojanDownloader.Pegel.BH.  literally 20-30 different computers at the same time.  Not sure if this is legit or if another bad push of definitions went out and its false positives. Anyone else all the sudden getting these alerts?

 

AppData/Local/Microsoft/Windows/INetCache/Low/IE/EZ3ZKCGG/addthis_widget[1].js

er/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/W5TI9TST/addthis_widget[3].js

 

[JS/Mindspark.E]

The issue is the malware is not actually malware from what I have been reading and seeing  like Chrome being launched to auto go to the extensions page is nothing nefarious.  That string after chrome.exe should not be flagged.  ESET recommending other products....lol..  ESET presents itself as the total solution for protection.  It is almost embarrassing if they truly are saying use another product.

[JS/Mindspark.E]

i also have a user with a Chrome Apps launcher shortcut using this string.  ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-app-list"    and the second its clicked on ESET flags it but doesn't actually stop it from opening up chrome and such.  still wish ESET would actually push a REAL fix to this.

[JS/Mindspark.E]

Still getting alerts in our system for the exact same thing. typical that Eset would try and blame virus radar.  in the end its ESET vault.  They are the vendor and need to resolve it regardless of what other 3rd party vendors have a hand in it.  Sadly When you have 1300 machines the above method is not a solution. ESET will be losing a fairly large customer when our contract comes back around if this isn't resolved quickly. 

[JS/Mindspark.E]

We have been getting the same thing have around 600 machines currently about 5-6 have been spamming this.  I guess I am blind as I do not see anything in the alert section in regards to "advanced options to whitelist this or ignore it ect.  Sadly Eset has one of the worst GUIs in the history anything.

• file:///C:/Users/Benjamin.Beegle/AppData/Local/Google/Chrome/User Data/Default/Extensions/lgfehfbnofiffladdncogfobimealokp/1.300.11.57732_0/components/api/background/widget-api-impl.js
   
   
•  

 

 

• THREAT NAME

  JS/Mindspark.E
   
   
• THREAT TYPE

  potentially unwanted application
   
   
• SEVERITY

  Critical
   
   
• OCCURRED

  2017 Sep 10 16:13:39
   
   
• THREAT HANDLED

  No
   
   
• RESTART NEEDED

  No
   
   
• ACTION TAKEN

   
   
   
• ACTION ERROR

  unable to clean
   
   
• OBJECT TYPE

  file
   
   
• OBJECT URI

  file:///Startup
   
   
• CIRCUMSTANCES

   
   
   
• SCANNER

  Startup scanner
   
   
• ENGINE VERSION

  16061 (20170910)
   
   
•