Jump to content
Sign in to follow this  
steveshank

finds non-existent unwanted application

Recommended Posts

When client goes to ESPN.com in Chrome nod32 pops up with this:

?Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
8/11/2018 2:27:33 PM;Real-time file system protection;file;C:\Users\tgera\AppData\Local\Temp\scoped_dir3176_28404\CRX_INSTALL\contentscript.js;JS/Spigot.B potentially unwanted application;;;Event occurred on a newly created file.;D20F48CCD77BF42AB6E8FA3532DDF7F70951275C;8/11/2018 2:27:15 PM

When I look in the temp folder with all files and system files showing, the offending file and folder is not there. Closing rebooting etc. does nothing. Cleaning does nothing. The pop repeats 3 times. The issue does not occur with Edge, or Cliqz (a Firefox derivative).  We have removed all but the simplest Chrome extensions (google docs and sheets). We have rebooted.

Client is retrieving his key, so we can uninstall and re-install. Is that the answer? It seems to me that when Chrome hits that site it triggers something that didn't get turned off, so after the first protection, it continues despite having removed the threat.

 

Share this post


Link to post
Share on other sites
22 minutes ago, steveshank said:

When I look in the temp folder with all files and system files showing, the offending file and folder is not there.

NOD32 deleted the file in transit before it hit the HDD.

23 minutes ago, steveshank said:

When client goes to ESPN.com in Chrome

There is a lot of garbage on the home page. My tracking protection lists blocked 15 services in IE11. From the Eset log entry posted, appears it was attempting to download and run the script locally which is a big no-no. Edge most likely prevented it via being in AppContainer mode; I also run IE11 the same way.

Sounds to me your client doesn't have Chrome's sandboxing options properly configured.

Share this post


Link to post
Share on other sites

Thanks. I'll pursue that. It actually makes the most sense, better than anything I thought of.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×