Jump to content

JS/TrojanDownloader.Iframe.EY


Recommended Posts

4 hours ago, NOD said:

I use a user script called AdsBypasser.
However, using this script will detect 'JS/TrojanDownloader.Iframe.EY'.
Is the malware correct?

 

I can confirm this behaviour.

I have sent 2 quarantined files via in-product contact from the quarantine folder to ESET 2 days ago with the same question, but never got a reply.

Link to post
Share on other sites
  • Administrators

The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link.

Link to post
Share on other sites
1 hour ago, Marcos said:

The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link.

The file does not exist in the Quarantine.

https://adsbypasser.github.io/releases/adsbypasser.full.es7.user.js

Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...
26 minutes ago, User said:

This problem still isn't fixed by ESET after more than 2 months.

 

The author of Adsbypasser posted in the github forum that he won't fix this problem in the script, because it is a false positive from ESET:

https://github.com/adsbypasser/adsbypasser/issues/1747

 

On 9/14/2017 at 10:18 AM, Marcos said:

The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link.

One of you users will need to do as Marcos asked and generate a zip archive, upload it to a safe place and send it to him via PM so they can "confirm" if it is a false positive or not. 

Link to post
Share on other sites
  • Administrators

I was able to download adsbypasser.full.es7.user.js without being blocked by ESET. Also comparing the code with what we detect as JS/Iframe.EY didn't yield any similarity.

Could you confirm that it's no longer detected?

Link to post
Share on other sites

It is still detected.

The simple download of Adsbypasser is no problem.

The problem is using Adsbypasser with Tampermonkey in Firefox.

 

Steps to reproduce:

Install Tampermonkey in recent Firefox:

https://addons.mozilla.org/de/firefox/addon/tampermonkey/

Then install Adsbypasser in Tampermonkey:

https://adsbypasser.github.io/

After that you get constant detections of this script when surfing different websites.

Link to post
Share on other sites
On ‎11‎/‎16‎/‎2017 at 9:51 AM, User said:

Then install Adsbypasser in Tampermonkey:

I can see problems here.

Tampermonkey is browser script filter monitoring software. Adsbypasser also is monitoring web page scripts for ads. If you are using Win 10, Eset is using AMSI to filter browser script pre-execution activity. Finally, Eset's Javacript web filter is monitoring the actual script execution. With all this script monitoring activity going on, something is bound to get screwed up.

Link to post
Share on other sites
  • Administrators

I was able to reproduce the detection as per the instructions above and submitted the detected file to ESET's Security Research Lab. The author of the signature (it's from 2011) will look into it on Monday at earliest.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...