Jump to content

Archived

This topic is now archived and is closed to further replies.

CMS

JS/Mindspark.E

Recommended Posts

Hi All,

Had many alerts from 4 clients (out of 500) this morning. Seems to be an unwanted application, rather than a virus, but I'm guessing something new in the definitions means it's finding it.

Spotted someone else who had this also https://www.bleepingcomputer.com/forums/t/656585/eset-on-all-clients-suddenly-finding-mindspark-today/

Just checking if anyone else has this, should we be concerned?

Thanks

Share this post


Link to post
Share on other sites

Having the same alert on at least one machine today...no idea what it is, cant find anything else on the net other than bleepingcomputer.com post 

Untitled.jpg.fd56388be508b7097359590be4b91e39.jpg

Share this post


Link to post
Share on other sites

Just had the same issue. However, I do not know if it is a genuine cause for concern or not.

Share this post


Link to post
Share on other sites

I spoke to ESET support, and they say it's either a new threat or a change in classification that's now flagging it up. Not a virus though, just an unwanted app.

Share this post


Link to post
Share on other sites

Wikipedia: Mindspark is an adaptive-learning program (ITS) built by Educational Initiatives (EI). It is a cloud-based application that can run on computers, tablets, mobile phones and allows users to connect to Mindspark servers via a web browser.

Looks to me like it's a java based program for students taking E-Learning courses. The only users w/ these alerts that I have seen - just so happen to be interns in school still.

https://mindspark.in/

Not to be confused with PUP.Optional.Mindspark - an annoying adware system.

Might want to check with the clients before you rip out the PUP.

Share this post


Link to post
Share on other sites

I received a prompt from Eset last night telling me there was a file that was a possible threat (JS/Mindspark.E) it gave the option to clean but each time I would select "Clean" the message would reappear.  After selecting clean several times it requested a reboot which I did but when my computer came back up the message would appear again and would not move from my screen until I got to the reboot message. I downloaded two files yesterday that I purchased from a photography company and presumed that whatever this is,  possibly come from there but now that so many people are receiving this prompt I presume those files are safe.  It does not appear that Eset is clearing the malware if that is what it is since I continue to get the prompt.  So what do we do now?

Share this post


Link to post
Share on other sites

I have about 8 clients out of 200 with this.  I think it is a chrome extension but not a threat

Craig

Share this post


Link to post
Share on other sites

I have also reported two computers today with JS / Mindspark.E
Although this is "only" an application and not a virus,  is there a danger and what is its level of it?

JS_Mindspark.E.jpg

Share this post


Link to post
Share on other sites

It's a potentially unwanted application. A detection for the first variant (JS/Mindspark.A) was added in 2015 so the last one seems to be more popular than the previous ones.

If there's a problem cleaning it even with strict cleaning set, provide me with ELC logs from the particular computer. You can also choose to keep the extension and not to detect this particular PUA anymore. This is possible either via the advanced options in the yellow alert window (Exclude from detection), or via an ERA policy (Exlusions).

Share this post


Link to post
Share on other sites

Thanks Marcos. I originally posted in Bleeping computers as well. Put a link to here.

I didn't think it was anything big, just surprised by how many calls within 20 minutes we got. Still running in-depth virus scans on each of those computers just in case!

Thanks!

Share this post


Link to post
Share on other sites

Getting the same.

Everytime i clean it, just pops back up in "%LocalAppData%\Temp\...\CRX_INSTALL\" folder for multiple users on a server.

Quote

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
2017-09-09 12:36:38 PM;Real-time file system protection;file;C:\Users\<user>\AppData\Local\Temp\149\scoped_dir30020_28323\CRX_INSTALL\js\scriptInjector.js;JS/Mindspark.E potentially unwanted application;cleaned by deleting;<user>;Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (7394E09C7018A4E09A85D41C7589B42E95B43C9B).;0E8609F3C660D184BA23ABADD6826C9035B1BB5F;2017-09-09 12:36:07 PM

Was originally found in an extension folder which relates to this extension on chrome 

Share this post


Link to post
Share on other sites

One of my users is getting this each time chrome is opened. I tried deleteing the folder ESET mentioned, disabling all the extension,  and deleting the history and cache. None of these fixed the issue.

Share this post


Link to post
Share on other sites

We have been getting the same thing have around 600 machines currently about 5-6 have been spamming this.  I guess I am blind as I do not see anything in the alert section in regards to "advanced options to whitelist this or ignore it ect.  Sadly Eset has one of the worst GUIs in the history anything.

  • file:///C:/Users/Benjamin.Beegle/AppData/Local/Google/Chrome/User Data/Default/Extensions/lgfehfbnofiffladdncogfobimealokp/1.300.11.57732_0/components/api/background/widget-api-impl.js
     
     
  •  

 

 

  • THREAT NAME
    JS/Mindspark.E
     
     
  • THREAT TYPE
    potentially unwanted application
     
     
  • SEVERITY
    Critical
     
     
  • OCCURRED
    2017 Sep 10 16:13:39
     
     
  • THREAT HANDLED
    No
     
     
  • RESTART NEEDED
    No
     
     
  • ACTION TAKEN
     
     
     
  • ACTION ERROR
    unable to clean
     
     
  • OBJECT TYPE
    file
     
     
  • OBJECT URI
    file:///Startup
     
     
  • CIRCUMSTANCES
     
     
     
  • SCANNER
    Startup scanner
     
     
  • ENGINE VERSION
    16061 (20170910)
     
     
  •  

Share this post


Link to post
Share on other sites

I spoke to support again yesterday, and after a long time looking at a PC that was generating the errors it was said that Virusradar essentially showed it as being recorded as a false positive over the weekend, and this was corrected on Sunday. I don't see this item listed at all on Virusradar though, so not sure if ESET support get a more detailed version.

Share this post


Link to post
Share on other sites

I spoke to support again yesterday, and after a long time looking at a PC that was generating the errors it was said that Virusradar essentially showed it as being recorded as a false positive over the weekend, and this was corrected on Sunday. I don't see this item listed at all on Virusradar though, so not sure if ESET support get a more detailed version.

I've not had any more virus alerts since yesterday.

Share this post


Link to post
Share on other sites

The solution I found for this exact message was to open Chrome prompting the JS/Mindspark message leaving it open
Then drag this to the corner of your screen out of sight,
 
Now....

1)Chrome>More Tools>Removing all extensions except for Google related ones.
2)Clear cookies & cache under advanced settings
3)Drag the prompt back on screen and select "Clean" for all prompts..

You'll then be notified to restart the computer, select yes..

When the computers back up and running open Chrome and these messages will be gone.

If you then choose to do so, you can re-add the extensions later. 

Share this post


Link to post
Share on other sites

Still getting alerts in our system for the exact same thing. typical that Eset would try and blame virus radar.  in the end its ESET vault.  They are the vendor and need to resolve it regardless of what other 3rd party vendors have a hand in it.  Sadly When you have 1300 machines the above method is not a solution. ESET will be losing a fairly large customer when our contract comes back around if this isn't resolved quickly. 

Share this post


Link to post
Share on other sites
7 hours ago, Edmund129 said:

OK, so what is the Fix?

Hey Edmund129,

Follow my above steps clearly, it's guaranteed to work. So far I've resolved at least 20 computers with this issue. 

Share this post


Link to post
Share on other sites

Thanks Cp3p0

Worked for me also

I didn't get the notifications on the client but disabling extensions, clearing cache/cookies and then running a scan from the ERA worked.

Share this post


Link to post
Share on other sites

I tried Cp3p0's fix yesterday and it worked.  This morning when I started up my system, it is back and fix does not work now.  Anyone have js/mindspark.e return after using Cp3p0's fix?

Share this post


Link to post
Share on other sites

i also have a user with a Chrome Apps launcher shortcut using this string.  ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-app-list"    and the second its clicked on ESET flags it but doesn't actually stop it from opening up chrome and such.  still wish ESET would actually push a REAL fix to this.

Share this post


Link to post
Share on other sites

I just tried Cp3po's solution and it has worked so far. I did not get prompted for a restart, so I restarted manually. The system is running Windows 7 so perhaps that made the difference. Thank you!

 

Share this post


Link to post
Share on other sites

Actually I spoke too soon. 24 hours later, the alerts have returned.

Full details;

JS/Mindspark.E

Event occurred during an attempt to access the file.

Threat Handled - No

Location - %username%AppData/Local/Temp/scoped_dir7224_24928/CRX_INSTALL/js/scriptInjector.js

I navigated to that path and cannot find the file in question.

ESET What do you advise?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...