esset 2 Posted October 4, 2018 Posted October 4, 2018 Apologies, I haven´t been infected for many years. And maybe there is a different procedure for questions like this. Just today I happened to click on ´tools´, ´more tools´, log files. I see three infections, two on 26/1 and one on 31/3. The first one is a trojan and since i typed an incorrect URl I can imagine Eset detected something. I just don´t recall it. A ´redirecter trojan´, detected by http filter. Action connection terminated The last one by the real time file system protection. HTML/ScrInject.B trojan;deleted;;PC name deleted<Event occurred on a new file created by the application: /Palemoon browser/ (deleted) Again, I don´t recall it andIi just stumbled on this when i happened to browse through the ´more tools´ menu. Should I have seen that report in real time when the infection occurred ?
Administrators Marcos 5,458 Posted October 4, 2018 Administrators Posted October 4, 2018 If egui.exe was running and you were logged in at that time, you should have received a warning. If you would like more info on the detection, supply me with ELC logs that also include quarantined files (can be selected in the ELC list of artifacts to gather).
itman 1,804 Posted October 4, 2018 Posted October 4, 2018 1 hour ago, esset said: Again, I don´t recall it andIi just stumbled on this when i happened to browse through the ´more tools´ menu. Should I have seen that report in real time when the infection occurred ? Check date and time shown in the log entries. Were you in the proximity of your PC when the attack occurred? Note that Eset alerts do not remain permanently displayed on the desktop but will disappear after so many seconds.
esset 2 Posted October 5, 2018 Author Posted October 5, 2018 @Marcos , @itman Thanks, it seems all right. The 'redirect trojan' seems more than it was, most likely it was at least mostly safe. ' Were you in the proximity of your PC when the attack occurred? Note that Eset alerts do not remain permanently displayed on the desktop but will disappear after so many seconds ' I did not know that. I may very well not have ben looking, Without nagging, I once got the reply that version 12 would be distributed in October. I just seem to recall that once the US version came first, and I got the local one only in November. I guess it's being beta tested at the moment ...
TomFace 540 Posted October 5, 2018 Posted October 5, 2018 (edited) Hello esset. You might want to take a look at this KB article. It might help. https://help.eset.com/essp/11.1/en-US/idh_config_alert.html I try to make it a habit to review my log files once in a while to look for anything unusual. One more thought, you might also want to check your "cleaning levels" (in all scans) to be sure you have them set the way you want to. https://help.eset.com/essp/11.1/en-US/work_avas_realtime_cleaning.html Edited October 6, 2018 by TomFace added cleaning levels link
Akshara 0 Posted October 8, 2018 Posted October 8, 2018 hi, Can u help me . this web page contains potentially dangerous content how to solve the html/scrinject.b trojan
Administrators Marcos 5,458 Posted October 8, 2018 Administrators Posted October 8, 2018 58 minutes ago, Akshara said: Can u help me . this web page contains potentially dangerous content how to solve the html/scrinject.b trojan First of all, we kindly ask you to not steal someone else's topic but instead create a new one next time. The Malware Finding and Cleaning forum is intended for queries like yours. To answer your question, the website appears to have been compromised. An administrator should clean it and take measures to prevent further re-infection.
Recommended Posts