SimonG
-
Posts
2 -
Joined
-
Last visited
Posts posted by SimonG
-
-
Hi,
I tried to access www.touchtec.biz, a photocopier and printer support company, but ESET reports it:
Threat found
Access to the web page was blocked.
hxxp:// www.touchtec.bizThreat: JS/TrojanDownloader.FakejQuery.B trojan
The company hasn't had any warnings from their webhost or webmaster, although they are obviously following up on this, so I wondered how you tell if a warning like this is based on a detection or because some sort of block/blacklist activity. Any advice available?
Obviously if this is just a malicious report that's got them blacklisted they can follow the KB141 advice (thus proving I have read through the other forum posts!).
Thanks
From the log:
<?xml version="1.0" encoding="UTF-8"?>-<ESET>-<LOG>-<RECORD><COLUMN NAME="Time">17/10/2016 12:05:26</COLUMN><COLUMN NAME="Scanner">HTTP filter</COLUMN><COLUMN NAME="Object type">file</COLUMN><COLUMN NAME="Object">hxxp://www.touchtec.biz</COLUMN><COLUMN NAME="Threat">JS/TrojanDownloader.FakejQuery.B trojan</COLUMN><COLUMN NAME="Action">connection terminated</COLUMN><COLUMN NAME="User">DESKTOP-J7NFCSF\Simon Goodair</COLUMN><COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (8B808E34CABE32C18D7B1FFD110614DA92404EF2).</COLUMN><COLUMN NAME="Hash">7FBEBF4C3F36C6277E6EF1B4B2067599874B5786</COLUMN><COLUMN NAME="First seen here"/></RECORD></LOG></ESET>
How do I tell if a site is blocked by ESET or the warning is based on detection?
in Malware Finding and Cleaning
Posted
Thanks for the response, much appreciated.
(Apologies for the delayed thanks, afraid I was unwell yesterday - all better now)