Jump to content

Ran into a serious malware issue


Recommended Posts

I looked at my computer this morning and saw the green light camera on.  I almost never use it.  It turns out on my administer account, a facetime was running.  I don't remember starting it.  I check my eset logs, and yesterday it showed 

a JS/ExoClick.A was run as root with a red text and red background.  the Action/Information columns are blank.  caught by http filter.  I can visit the sight in question in my browser, but it immediately does get quarantined as user = my user (not root) action = "connection terminated", information is still blank.  It looks to me like it did not run in this case.  

Need advice.  Did some arbitrary code get run as root?  Should i reinstall my OS from scratch?  Right now the machine is completely off the internet but does otherwise appear to be functioning correctly.

 

HASH = 2C2A997217F780F9866B8D21E1D9F5F1CEA25114

Edited by cornyfred
Link to post
Share on other sites
  • Administrators

JS/ExoClick.A is not malware but a PUA detection (potentially unwanted application). It detects a specific ad provider which has been seen to deliver malware, PUAs, etc. through ads. It was detected and blocked by ESET, ie. the script wasn't executed at all.

Link to post
Share on other sites

Hi Marcos, thanks for the very quick reply!  Is Exoclick.a a binary executable or a javascript program?   Just to be clear, what does the log line with user root in red mean?  Is it safe for me to put my machine back on the net?

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...