Jump to content

Archived

This topic is now archived and is closed to further replies.

Rémi

how to identify a web virus if only eset is triggered ?

Recommended Posts

Hi,

one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website.

If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file:

workdevapp.com/1deb3dd710d8d90c20.js

This url do trigger eset on virustotal. But only eset, all other antivirus are green...

How do I know if it's really a virus ?

Thanks,

--

Rémi

Share this post


Link to post
Share on other sites

I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset.

https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/

But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware.

https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/

Share this post


Link to post
Share on other sites

There is a malicious js that ESET detects as JS/Agent.NYX and which caused blocking of the domain.

Share this post


Link to post
Share on other sites

I have same problem I don't know how but eset endpoint antivirus started to popping up a workdevapp.com  and it's saying that adress has been blocked but when I tried to exit the window. I can't it's still popping up can someone help me please.

workdevapp.png

Share this post


Link to post
Share on other sites

Please gather logs with ESET Log Collector and upload the generated archive here. Attachments in our forum can be accessed only by moderators and ESET staff.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...