NOD 2 Posted September 14, 2017 Share Posted September 14, 2017 I use a user script called AdsBypasser. However, using this script will detect 'JS/TrojanDownloader.Iframe.EY'. Is the malware correct? https://adsbypasser.github.io Link to comment Share on other sites More sharing options...
User 11 Posted September 14, 2017 Share Posted September 14, 2017 4 hours ago, NOD said: I use a user script called AdsBypasser. However, using this script will detect 'JS/TrojanDownloader.Iframe.EY'. Is the malware correct? I can confirm this behaviour. I have sent 2 quarantined files via in-product contact from the quarantine folder to ESET 2 days ago with the same question, but never got a reply. Link to comment Share on other sites More sharing options...
User 11 Posted September 14, 2017 Share Posted September 14, 2017 JS/TrojanDownloader.Iframe.EY #1679 Problem is also reported on Github. The problem exists if Adsbypasser is used together with Tampermonkey, Violentmonkey seems to be not affected. Link to comment Share on other sites More sharing options...
User 11 Posted September 14, 2017 Share Posted September 14, 2017 Problem with update #1664 Link to comment Share on other sites More sharing options...
x7007 0 Posted September 14, 2017 Share Posted September 14, 2017 reporting same issue Link to comment Share on other sites More sharing options...
Administrators Marcos 4,712 Posted September 14, 2017 Administrators Share Posted September 14, 2017 The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link. Link to comment Share on other sites More sharing options...
NOD 2 Posted September 14, 2017 Author Share Posted September 14, 2017 2 hours ago, User said: JS/TrojanDownloader.Iframe.EY #1679 Problem is also reported on Github. The problem exists if Adsbypasser is used together with Tampermonkey, Violentmonkey seems to be not affected. Good information, thank you. Link to comment Share on other sites More sharing options...
NOD 2 Posted September 14, 2017 Author Share Posted September 14, 2017 1 hour ago, Marcos said: The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link. The file does not exist in the Quarantine. https://adsbypasser.github.io/releases/adsbypasser.full.es7.user.js Link to comment Share on other sites More sharing options...
x7007 0 Posted September 27, 2017 Share Posted September 27, 2017 Eset , any fix to this issue or just make this error disappear or not blocking it ? Link to comment Share on other sites More sharing options...
User 11 Posted November 16, 2017 Share Posted November 16, 2017 This problem still isn't fixed by ESET after more than 2 months. The author of Adsbypasser posted in the github forum that he won't fix this problem in the script, because it is a false positive from ESET: https://github.com/adsbypasser/adsbypasser/issues/1747 Link to comment Share on other sites More sharing options...
illumination 5 Posted November 16, 2017 Share Posted November 16, 2017 26 minutes ago, User said: This problem still isn't fixed by ESET after more than 2 months. The author of Adsbypasser posted in the github forum that he won't fix this problem in the script, because it is a false positive from ESET: https://github.com/adsbypasser/adsbypasser/issues/1747 On 9/14/2017 at 10:18 AM, Marcos said: The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link. One of you users will need to do as Marcos asked and generate a zip archive, upload it to a safe place and send it to him via PM so they can "confirm" if it is a false positive or not. Link to comment Share on other sites More sharing options...
x7007 0 Posted November 16, 2017 Share Posted November 16, 2017 (edited) yes eset . any fix ? someone do it and send him the file :x Edited November 16, 2017 by x7007 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,712 Posted November 16, 2017 Administrators Share Posted November 16, 2017 I was able to download adsbypasser.full.es7.user.js without being blocked by ESET. Also comparing the code with what we detect as JS/Iframe.EY didn't yield any similarity. Could you confirm that it's no longer detected? Link to comment Share on other sites More sharing options...
User 11 Posted November 16, 2017 Share Posted November 16, 2017 It is still detected. The simple download of Adsbypasser is no problem. The problem is using Adsbypasser with Tampermonkey in Firefox. Steps to reproduce: Install Tampermonkey in recent Firefox: https://addons.mozilla.org/de/firefox/addon/tampermonkey/ Then install Adsbypasser in Tampermonkey: https://adsbypasser.github.io/ After that you get constant detections of this script when surfing different websites. Link to comment Share on other sites More sharing options...
User 11 Posted November 18, 2017 Share Posted November 18, 2017 Will this detection now be fixed by ESET? Link to comment Share on other sites More sharing options...
x7007 0 Posted November 18, 2017 Share Posted November 18, 2017 comon eset please fix the issue. Link to comment Share on other sites More sharing options...
itman 1,541 Posted November 18, 2017 Share Posted November 18, 2017 On 11/16/2017 at 9:51 AM, User said: Then install Adsbypasser in Tampermonkey: I can see problems here. Tampermonkey is browser script filter monitoring software. Adsbypasser also is monitoring web page scripts for ads. If you are using Win 10, Eset is using AMSI to filter browser script pre-execution activity. Finally, Eset's Javacript web filter is monitoring the actual script execution. With all this script monitoring activity going on, something is bound to get screwed up. Link to comment Share on other sites More sharing options...
x7007 0 Posted November 18, 2017 Share Posted November 18, 2017 so use violence monkey? or someone will fix this Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 362 Posted November 18, 2017 Most Valued Members Share Posted November 18, 2017 9 minutes ago, x7007 said: so use violence monkey? or someone will fix this You me need to open a support ticket Link to comment Share on other sites More sharing options...
Administrators Marcos 4,712 Posted November 18, 2017 Administrators Share Posted November 18, 2017 I was able to reproduce the detection as per the instructions above and submitted the detected file to ESET's Security Research Lab. The author of the signature (it's from 2011) will look into it on Monday at earliest. Link to comment Share on other sites More sharing options...
User 11 Posted November 26, 2017 Share Posted November 26, 2017 I tried it again today and it seems that it is working now. Link to comment Share on other sites More sharing options...
Recommended Posts