Jump to content

Raindex

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Kudos

1 Novice Reputation badge

See kudos

About Raindex

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    U.K.
  1.    User21000 reacted to a post in a topic: ESET IS Blocking Chrome Installer and Google Chrome
  2. Raindex
    Yeah just created an account to post, just started seeing the same thing out of nowhere, using EIS 13.0.24.0 with up to date modules it is still blocking certain links with the "URL/Urlik.AAO" detection, thought I had been infected on multiple machines with something and was going potty, below is the first 2 links that are being blocked: hxxp://r4---sn-aigl6ney.gvt1.com/edgedl/release2/chrome/AP1Corz6AzpUR-p1uwpDWl0_80.0.3987.132/80.0.3987.132_80.0.3987.122_chrome_updater.exe?mip=77.100.17.60&mvi=3&pl=24&shardbypass=yes&redirect_counter=1&rm=sn-8pgbpohxqp5-aigd7d&req_id=574377b647eefd0b&cms_redirect=yes&mm=42&mn=sn-aigl6ney&ms=onc&mt=1583279316&mv=u hxxp://r8---sn-8pgbpohxqp5-aig6.gvt1.com/edgedl/release2/chrome/Sg5vtxmsQ3DVgkY4fTNppQ_80.0.3987.122/80.0.3987.122_chrome_installer.exe?cms_redirect=yes&mip=77.100.17.60&mm=28&mn=sn-8pgbpohxqp5-aig6&ms=nvh&mt=1583279638&mv=u&mvi=7&pl=24&shardbypass=yes First detection contents(I had Chrome open in a Windows VM hence the "vmnat.exe": <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">03/03/2020 23:51:12</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">hxxp://r4---sn-aigl6ney.gvt1.com/edgedl/release2/chrome/AP1Corz6AzpUR-p1uwpDWl0_80.0.3987.132/80.0.3987.132_80.0.3987.122_chrome_updater.exe?mip=77.100.17.60&amp;mvi=3&amp;pl=24&amp;shardbypass=yes&amp;redirect_counter=1&amp;rm=sn-8pgbpohxqp5-aigd7d&amp;req_id=d96ccf2aa9017d43&amp;cms_redirect=yes&amp;mm=42&amp;mn=sn-aigl6ney&amp;ms=onc&amp;mt=1583279316&amp;mv=u</COLUMN> <COLUMN NAME="Detection">URL/Urlik.AAO Object</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the web by the application: C:\Windows\SysWOW64\vmnat.exe (98A83D9FFB3B89749C7C6D91BFD61FEF6884DB86).</COLUMN> <COLUMN NAME="Hash">FB2EAA0695D89AA968B8C22531CDC96087FC31AD</COLUMN> <COLUMN NAME="First seen here">03/03/2020 23:51:12</COLUMN> </RECORD> </LOG> </ESET>
×
×
  • Create New...