Hi,
I tried to access www.touchtec.biz, a photocopier and printer support company, but ESET reports it:
Threat found
Access to the web page was blocked. hxxp:// www.touchtec.biz
Threat: JS/TrojanDownloader.FakejQuery.B trojan
The company hasn't had any warnings from their webhost or webmaster, although they are obviously following up on this, so I wondered how you tell if a warning like this is based on a detection or because some sort of block/blacklist activity. Any advice available?
Obviously if this is just a malicious report that's got them blacklisted they can follow the KB141 advice (thus proving I have read through the other forum posts!).
Thanks
From the log:
<?xml version="1.0" encoding="UTF-8"?>
-<ESET>
-<LOG>
-<RECORD>
<COLUMN NAME="Time">17/10/2016 12:05:26</COLUMN>
<COLUMN NAME="Scanner">HTTP filter</COLUMN>
<COLUMN NAME="Object type">file</COLUMN>
<COLUMN NAME="Object">hxxp://www.touchtec.biz</COLUMN>
<COLUMN NAME="Threat">JS/TrojanDownloader.FakejQuery.B trojan</COLUMN>
<COLUMN NAME="Action">connection terminated</COLUMN>
<COLUMN NAME="User">DESKTOP-J7NFCSF\Simon Goodair</COLUMN>
<COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (8B808E34CABE32C18D7B1FFD110614DA92404EF2).</COLUMN>
<COLUMN NAME="Hash">7FBEBF4C3F36C6277E6EF1B4B2067599874B5786</COLUMN>
<COLUMN NAME="First seen here"/>
</RECORD>
</LOG>
</ESET>
