rawalanche 2 Posted April 19, 2018 Share Posted April 19, 2018 (edited) Hello today I have gotten a notification that a threat was removed from my computer. I am very responsible and careful, so this was a first time in years something like this has happened, and has me worried. It was a .js file with some long, hash-like string that was stored in %username%\AppData\Local\Microsoft\Windows\INetCache\IE\FREZXU48\ folder: Now, apparently this file was created and accessed by SkypeBrowserHost.exe, which is a component of Skype, that seems to share browser cache with Internet Explorer. The file is in a legit folder and it itself results in negative when tested by ESET Internet Security. I believe that SkypeBrowserHost.exe is specifically used to display ads in Skype using the IE framework. I did not do anything questionable from security standpoint in recent days, or even months. I do not use, and have never used Internet Explorer in recent years. I don't think I've launched it once since last clean Windows install. The way I see it there are two possibilities: 1, This is a false positive. 2, The advertising platform Skype uses to display ads has been compromised and SkypeBrowserHost.exe is being taken advantage of to deploy malicious software. The latter option concerns me a bit. If that could be the case, shouldn't this be something that should be reported to Microsoft? UPDATE: I am getting this removed threat warning now every single time I launch Skype (Classic version for Windows desktop). Edited April 19, 2018 by rawalanche Link to comment Share on other sites More sharing options...
retefeler 1 Posted April 19, 2018 Share Posted April 19, 2018 Hello, I am having exact same problem. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted April 19, 2018 Administrators Share Posted April 19, 2018 Appears to be FP. We've stopped offering the latest update for now. Link to comment Share on other sites More sharing options...
rawalanche 2 Posted April 19, 2018 Author Share Posted April 19, 2018 Whew, alright. If it helps, I've managed to restore the file in question from quarantine, and change extension to .txt so it's not harmful. I am attaching it here: index-8ac0c79d03249bddd0ea845e149bc6d0.min[1].zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted April 19, 2018 Administrators Share Posted April 19, 2018 Thanks but it's not needed. We have got some examples from the LiveGrid feedback system. Link to comment Share on other sites More sharing options...
Enriqo 0 Posted April 19, 2018 Share Posted April 19, 2018 (edited) Having the same exact problem starting today - yesterday I had no problem when starting Skype. The file flagged was JS file, located in the same folder as OP stated. Edited April 19, 2018 by Enriqo Link to comment Share on other sites More sharing options...
voLwy 0 Posted April 19, 2018 Share Posted April 19, 2018 Same problem, whats happening to skype? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted April 19, 2018 Administrators Share Posted April 19, 2018 Please see my comment above. Updates were stopped and the detection will be removed momentarily. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted April 19, 2018 Administrators Share Posted April 19, 2018 The FP has been fixed and update resumed. Link to comment Share on other sites More sharing options...
Jko 0 Posted April 19, 2018 Share Posted April 19, 2018 Hello, I have this problem on severals endpoint machines. The file aparently is provided of https://apps.skype.com/home/index-8ac0c79d03249bddd0ea845e149bc6d0.min.js Thanks. Link to comment Share on other sites More sharing options...
Enriqo 0 Posted April 19, 2018 Share Posted April 19, 2018 (edited) It is already flagging some file in Chrome as well, not only in Skype. Edited April 19, 2018 by Enriqo Link to comment Share on other sites More sharing options...
Recommended Posts