Jump to content

Raindex

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Kudos

  1. Upvote
    User21000
    Raindex received kudos from User21000 in ESET IS Blocking Chrome Installer and Google Chrome   
    Yeah just created an account to post, just started seeing the same thing out of nowhere, using EIS 13.0.24.0 with up to date modules it is still blocking certain links with the "URL/Urlik.AAO" detection, thought I had been infected on multiple machines with something and was going potty, below is the first 2 links that are being blocked:
     
    hxxp://r4---sn-aigl6ney.gvt1.com/edgedl/release2/chrome/AP1Corz6AzpUR-p1uwpDWl0_80.0.3987.132/80.0.3987.132_80.0.3987.122_chrome_updater.exe?mip=77.100.17.60&mvi=3&pl=24&shardbypass=yes&redirect_counter=1&rm=sn-8pgbpohxqp5-aigd7d&req_id=574377b647eefd0b&cms_redirect=yes&mm=42&mn=sn-aigl6ney&ms=onc&mt=1583279316&mv=u

    hxxp://r8---sn-8pgbpohxqp5-aig6.gvt1.com/edgedl/release2/chrome/Sg5vtxmsQ3DVgkY4fTNppQ_80.0.3987.122/80.0.3987.122_chrome_installer.exe?cms_redirect=yes&mip=77.100.17.60&mm=28&mn=sn-8pgbpohxqp5-aig6&ms=nvh&mt=1583279638&mv=u&mvi=7&pl=24&shardbypass=yes
     
    First detection contents(I had Chrome open in a Windows VM hence the "vmnat.exe":
    <?xml version="1.0" encoding="utf-8" ?>
    <ESET>
      <LOG>
        <RECORD>
          <COLUMN NAME="Time">03/03/2020 23:51:12</COLUMN>
          <COLUMN NAME="Scanner">HTTP filter</COLUMN>
          <COLUMN NAME="Object type">file</COLUMN>
          <COLUMN NAME="Object">hxxp://r4---sn-aigl6ney.gvt1.com/edgedl/release2/chrome/AP1Corz6AzpUR-p1uwpDWl0_80.0.3987.132/80.0.3987.132_80.0.3987.122_chrome_updater.exe?mip=77.100.17.60&amp;mvi=3&amp;pl=24&amp;shardbypass=yes&amp;redirect_counter=1&amp;rm=sn-8pgbpohxqp5-aigd7d&amp;req_id=d96ccf2aa9017d43&amp;cms_redirect=yes&amp;mm=42&amp;mn=sn-aigl6ney&amp;ms=onc&amp;mt=1583279316&amp;mv=u</COLUMN>
          <COLUMN NAME="Detection">URL/Urlik.AAO Object</COLUMN>
          <COLUMN NAME="Action">connection terminated</COLUMN>
          <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
          <COLUMN NAME="Information">Event occurred during an attempt to access the web by the application: C:\Windows\SysWOW64\vmnat.exe (98A83D9FFB3B89749C7C6D91BFD61FEF6884DB86).</COLUMN>
          <COLUMN NAME="Hash">FB2EAA0695D89AA968B8C22531CDC96087FC31AD</COLUMN>
          <COLUMN NAME="First seen here">03/03/2020 23:51:12</COLUMN>
        </RECORD>
     </LOG>
    </ESET>
×
×
  • Create New...