Jump to content

Search the Community

Showing results for 'firefox'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET Enterprise Inspector (EDR)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné


  • Files
    • Early Access
    • EES / EEA 9 BETA
    • Miscellaneous

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. My computer is infected with something that ESET calls "HTML/Fraud.EK trojan". ESET sends me a "Threat removed" message when I send an email with a message longer than a sentence. The message says "A threat (HTML/Fraud.EK) was found in a file that Microsoft Outlook tried to access. The file has been cleaned." ESET stops the file from going out. If I send a very short e-mail, with a sentence or less in the text, the email will go out with no problem. I have run a full scan of my computer using ESET I have used the restore functions to move my system settings back to where they were on 10/13/2021 (earliest date available to me). I have emptied the trash in my mail. I have deleted the contents of the "detetcted items" folder in my email, I have deleted the contents of my "Junk E-mail" folder, I have deleted the contents of the "ESET Antispam" folder, I have deleted the contents of the "Infected Items" folder", I went to the "Sent" folder and I deleted the emails there that triggered the error message, and I emptied the trash in my email again. My computer is still infected. I tried searching for "HTML/Fraud.EK trojan" at ESET, on Google, and at Major Geeks. I have not been able to find anything that will tell me about the nature of the threat or how to remove it. My computer is Windows 10, and I am running ESET System Security. Here is a log for one of the e-mails that triggered a threat alert Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 10/15/2021 9:56:31 PM;Email filter - Outlook;email message;to: dxxxxxxxxxxe@gmail.com with subject Half paragraph test ;HTML/Fraud.EK trojan;contained infected files;DESKTOP-MV2C1N8\donal;Event occurred upon receiving an email by the application: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.;; Here is a log of another threat alert that I received a while earlier, perhaps it is related: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 9/30/2021 7:20:12 PM;HTTP filter;file;https://www.themakogroup.com/pub/static/version1559625351/frontend/Solwin/freego_child/en_US/jquery/patches/jquery-ui.js;JS/Spy.Banker.FX trojan;connection terminated;DESKTOP-MV2C1N8\donal;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (9D90FAA8197CACBBC70621FC6DD235043ECC3F43).;36BA708F2A129DC3B9FE3E2D074072E3BDC72868; Has anyone else encountered this threat before? Does anyone have ideas on how to remove it? I have tried signing in, but I received an incorrect password or user ID message. I tried using the "forgot password" option, but I still have not received an e-mail with password reset instructions. I have set up a password before, and my subscription is valid through April of 2022.
  2. Received the notification above, however, after have had a quick research in the net it seams that is more related to Google Chrome browser which I do not have installed. I actually use the Firefox. Moreover I could not find any file with that name in my computer to clean it. Look forward to your clarification. Thanks
  3. In Version DEV 22471.1000 there is no browser (Edge, Chrome, Firefox) starting anymore as long Eset is installed. After deinstallation everything is fine again.
  4. We have the same problem in many Wordpress website . Domain : https://zalidairy.ir Detection : Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2021/10/03 11:51:22 ب.ظ;HTTP filter;file;https://zalidairy.ir/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.7.0;JS/Agent.OZD trojan;connection terminated;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (9D90FAA8197CACBBC70621FC6DD235043ECC3F43).;885A97E67D7D5911221C513DBB47352D3729A7C0; It seems that is false positive . if not how can we find the malicious js ?
  5. A few interesting Eset Filtered web sites log entries below in regards to posted AMTSO cloudcar test behavior. Appears from these entries, Eset "bows out" of the monitoring picture if the download is allowed via Firefox override: Time;URL;Status;Detection;Application;User;IP address;Hash 8/26/2021 3:21:01 PM;https://mozilla.cloudflare-dns.com/dns-query;Allowed;;C:\Program Files\Mozilla Firefox\firefox.exe;xxx-PC\xxx;2606:4700::6810:f8f9;6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF Time;URL;Status;Detection;Application;User;IP address;Hash 8/26/2021 3:21:02 PM;https://amtso.eicar.org/cloudcar.exe;Allowed;;C:\Program Files\Mozilla Firefox\firefox.exe;xx-PC\xxx;;6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF Time;URL;Status;Detection;Application;User;IP address;Hash 8/26/2021 3:21:04 PM;http://amtso.eicar.org;Allowed;;C:\Program Files\Mozilla Firefox\firefox.exe;xxx-PC\xxx;;6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF
  6. Receiving the following on many sites: "An Issue Has Occured Please check the following: Browser Issue Some computers can see this page if there are setting issues on their browser, if another browser is installed please try it ( e.g. Chrome, Firefox, Internet Explorer). Alternatively use another device such as a phone, tablet or computer. Config Change If you have recently made a change to your routers config this requires you to reboot the device. Please turn off the DWA0120, then turn it back on again." What settings do I need to change?
  7. I tried Chrome then Firefox, which would not even let me go online before showing the same screen.
  8. To begin, AMTSO Desktop Anti-phishing test works as expected. When accessing an actual phishing web site per below posted event log entry, Eset logs that it blocked access. However, no Eset alert is generated and access to web site is allowed. Time;URL;Status;Detection;Application;User;IP address;Hash 9/3/2021 2:39:12 PM;https://www.fixwindowserrors.biz;Blocked;Anti-Phishing blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;XXX-PC\XXX;2606:4700:3036::ac43:8793;6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF
  9. As I previously posted, I tried Edge and it properly alerted on this phishing web site. See the below screen shot for the reason why: First note that the later versions of Edge will try to activate HTTPS-over-DNS by default. As the screen shot shows, not only did Edge not activate HTTPS-over-DNS but it locked access to the setting preventing it to be forced enabled. It also should be noted that upon my reset of Firefox, HTTPS-over-DNS was not enabled. Again, current versions of Firefox will enable HTTPS-over-DNS by default if possible. The difference here is Firefox will allow you to manually enable HTTPS-over-DNS. What Mozilla doesn't warn is you do so at your own peril. My best guess is why it was not auto disabled in existing Firefox version updates when DNS resolution problems exist is some issue with older profile settings overriding new default/auto created profile settings.
  10. As far as I am concerned, there's an issue with Firefox's SecureDNS; i.e. DNS-over-HTTPS. Remember I previously reset Firefox. Then Eset was detecting this web site OK. Today, I noticed that DNS-over-HTTPS was not enabled in Firefox, so I enabled it. When I subsequently accessed this phishing web site, Eset didn't alert. Then I disabled DNS-over-HTTPS and Eset alerted. Also as far as Firefox's SecureDNS, weird things are going on. When I enable it and test on Cloudflare's test web site, https://www.cloudflare.com/ssl/encrypted-sni/ , strange things happen. First, it doesn't detect SecureDNS. Then on retest, it does detect it.
  11. Today is Sunday and I can finally state I have Eset Networking finally setting up a stable and correct networking configuration. Additional things I had to do to accomplish this is: 1. Configure my network adapter IPv4 connection DNS settings to use Cloudflare IPv4 DNS servers. Again, amazed AT&T allows this. 2. Ensuring all Eset network settings where "use Windows settings" are applicable are enabled. Since the Windows firewall defaults to Public profile use and this is what I want my system to use, this suits me just fine. 3. Using the latest network connection Eset establishes and deleting any others that might exist. At this point, I have in effect bypassed any networking auto configuration activities my router was performing and Eset's resulting bork network configuation of those auto configuration activities. The interesting part now is I observe ekrn.exe performing UDP and UDPv6 local proxy monitoring activities but Eset Network Connections tool no longer shows local host and addresses. My final comment is Eset needs to immediately address this Push Notifications issue with DNS64 use. When I was using Cloulfare's IPv6 DNS64 servers, I performed the AMTSO Cloudcar test. Immediately Eset detected and blocked the connection prior to any attempted file download activities which is the correct result for this test. Such is not the case when the Clouldflare's non-DNS64 IPv6 DNS servers are used. As shown below, Eset is detecting a "stub" download of the clouldcar.exe file: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 9/18/2021 2:35:18 PM;Real-time file system protection;file;C:\Users\xxxxxx\AppData\Local\Temp\Z76h0z2s.exe.part;Suspicious Object;cleaned by deleting;xxx-xx\xxx;Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe (C4BD2C3764935F306A02DF54090F9435EB922780).;F4053231135502B4E8EA2B4D2E32ABEFE3A08765;9/18/2021 2:16:02 PM -EDIT- I guess I should clarify what I posted above. There is noting wrong with Eset's detection in the Cloudcar test. Rather, it is the speed difference the detection took when using Cloudflare IPv6 DNS64 servers. The connection to Eset cloud servers and resultant detection was almost instantaneous versus a 2 - 4 sec. delay when not using those servers. This translates to a dramatic increase in browsing speed if I can use those servers. Something I can't presently do because of the Eset Push Notification issue with DNS server based DNS64 processing.
  12. Another concerning observation. A Firefox reset has no effect whatsoever on the profile being used by Eset B&PP. If you have disabled DoH in your main Firefox settings, you need to do likewise in Eset B&PP browser session assuming Firefox is your Windows default browser.
  13. every approx. two weeks i cannot login on the on premiss eset protect webconsole. Messing with cookies, cache, or rebooting the server doesn't help. Setting the server as trusted website doesn't help. Suddenly i can login again for one or two weeks, and everything starts all over again. In the meantime i can login with MS Edge (Version 91.0.864.41) On an other computer but http only (not https)
  14. A few additional comments here. Eset had no issue detecting a phishing site using Firefox and alerting other than this web site in question based on my testing. As such, it can't be pointed to Firefox profile corruption as the source of non-alerting. If this was the case, Eset phishing alerting would not work on any blacklisted web site. It appears this web site somehow interacted with Firefox profile settings initially to partially defeat Eset phishing alert processing. As such, I stick with my recommendation that Eset phishing detection be modified to show desktop popup alert upon creation of Filtered website event log entry.
  15. I could reproduce on Firefox using EIS 14.2.24:
  16. I'm going to type this post again. I have the worst luck with this forum! I hit backspace to correct a typo in my post and Firefox went to the previous page I had visited, and I lost my entire post!!!! This has happened so many times on this forum! I have over 5000 post on Wilders and it has never happened on Wilders. The most annoying thing! I think i'm jinxed on this forum. The user should be given the option to opt out of auto-renewal when they purchase a license and it should be easy to see. Also, it is confusing on where to go to opt out of auto-renewal once you have been enrolled. I thought myeset.com would be the place to opt out since that is the site for managing License and Devices. I wasted a lot of time looking for an option to opt out of auto-renewal on myeset.com. I finally found the option to opt out of auto-renewal on store.eset.com. It only gave me the option to opt out for the license I had just purchased. My old license still reported that it was set up for auto-renewal within the Eset Application. I never was able to find any option on either website to disable auto-renewal for my old license. Please read my last response to itman above for more information and one possible solution for this problem. That will save me from having to type everything again.
  17. To satisfy my concern in regards to Eset cloud protection functionality, I uploaded the cloudcar.exe file to a file share. Upon attempted download, Eset detected it properly. Since it was prior established that Eset doesn't detect this file by signature, this test technically satisfies the requirement for cloud protection: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 8/27/2021 2:40:27 PM;HTTP filter;file;https://www49.zippyshare.com/d/bJ6FwqEe/49497/cloudcar.exe;Suspicious Object;connection terminated;xxxxPC\xxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF).;F4053231135502B4E8EA2B4D2E32ABEFE3A08765;8/27/2021 9:26:31 AM The question now is how is AMTSO performing this like testing? Appears however they are serving up the file to Firefox, it is first being detected by Chrome Safe Browser which is built-in. After overriding the Safe Browser detection, Eset just allows the file to download without inspecting its contents.
  18. Hello I observe a lot of crashes due to NOD 32 in Firefox when I watch streaming videos or during speedtests. Firefox crash reports still point to NOD 32 as the source of the problems. Indeed, if I deactivate the antivirus, all is well. Windows 10 2004 32-bi Best regards
  19. Hi. As title say i have problem lately with Firefox and ESET. When i try to load website or log in and get 2FA nothing happend. I can only solve this problem when i disable SSL/TLS protocol filtering. So, I checked certificates and in Windows Trusted root i have ESET SSL Filter CA. I also check thumprint and its same registered in ESET root certificate. Also i check in Firefox and i dont have ESET SSL Filter CA registered there but in Firefox, but it think is ok because i have there two options set on true. security.certerrors.mitm.auto_enable_enterprise_roots - true security.enterprise_roots.enabled - true Any idea what else can i check and try?
  20. Pondering a bit, I've pretty much figured out what the issue is with Firefox. Overall, Eset is not at fault here, but will have to address this situation. Also, this non-alerting phishing incident is turning out to be a "blessing in disguise." So let's get into the nitty gritty. To begin, there is most definitely an IPv6 element involved. It will manifest if your ISP is using 4-to-6-to-4 tunneling; i.e. 464XLAT or one of its variants, to send IPv4 network traffic over its IPv6 network. This type of tunneling is dependent upon NAT64/DNS64 activity being performed on the router. Use of DNS64 is a known DNSSEC "buster" if not done properly. My own opinion is most ISP's are doing so intentionally since DNSSEC bypasses their DNS servers. The bottom line is if your afflicted by this, the only solution is to disable HTTPS-over-DNS option in Firefox. One way to determine if your ISP is using 4-to-6-to-4 tunneling is to open a command prompt window and perform; ipconfig /displaydns Scroll through the resolved DNS entries for "ipv4only.arpa." If it exists, then your ISP is employing this type of tunneling activity. Finally on my network and most prominent after a system restart, router to ISP initialization of 464XLAT components takes a while. This process is further aggravated by Win 10's Smart Multi-homed Name Resolution feature that: https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/ Again, the bottom line is Eset appears not to recognize that an IPv6 connection exists until initialization of 464XLAT completes. And this is a "hit-or-miss" scernerio.
  21. I don't think it's related to IPv version, seems it's something Firefox is doing. Disabling SSL scanning allows the site to be shown but still showing a warning that it was supposedly blocked in Firefox. In my other browsers it's still blocked with SSL scanning on or off.
  22. @Marcos tested with Firefox 92 (64-bit), normal installation made via group policy. Downloaded cloudcar.com from https://amtso.eicar.org/cloudcar.exe Furthermore, the downloaded file was intact. It was when I right-clicked on it and selected to demand-scan it that it got detected and quarantined: However, right now it works just fine (crazy)! That is, I immediately got a "suspicious" window and the download of eicar.com ended up with a zero-length file! This lack of consistent defense does scare me. But the fact that I can not reproduce the issue is problematic. Would current logs of the pc in question have any decent information that would help, or should extended logging have been enabled beforehand?
  23. The password manager is not recognizing my username and or password every time I install it and try to use it with Firefox. I know my info is correct. I've logged in to the website and checked and made sure I have all options for the ESET program activated. I created a password store for my email. when I install the add-on it will not let me log in to set it up or even use it. PLEASE HELP.
  24. No problem here for either HTTP or HTTPS cloudcar.exe attempted download and Eset detection when using Firefox.
  25. Renewed my license, updated everything on ESET, and now I can't access website on Firefox. gmail, facebook, some local sites are all not working on Firefox, they are however working just fine on Edge. I get these errors: Error code: SEC_ERROR_BAD_SIGNATURE The site at https://mail.google.com/mail/u/0/#inbox has experienced a network protocol violation that cannot be repaired. Any hint on how to solve this would be much appreciated. Nauris
  • Create New...