Rémi 0 Posted October 8, 2018 Posted October 8, 2018 Hi, one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website. If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file: workdevapp.com/1deb3dd710d8d90c20.js This url do trigger eset on virustotal. But only eset, all other antivirus are green... How do I know if it's really a virus ? Thanks, -- Rémi
Rémi 0 Posted October 8, 2018 Author Posted October 8, 2018 I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset. https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/ But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware. https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/
Administrators Marcos 5,469 Posted October 8, 2018 Administrators Posted October 8, 2018 There is a malicious js that ESET detects as JS/Agent.NYX and which caused blocking of the domain.
MichalKacer 0 Posted November 11, 2018 Posted November 11, 2018 I have same problem I don't know how but eset endpoint antivirus started to popping up a workdevapp.com and it's saying that adress has been blocked but when I tried to exit the window. I can't it's still popping up can someone help me please.
Administrators Marcos 5,469 Posted November 12, 2018 Administrators Posted November 12, 2018 Please gather logs with ESET Log Collector and upload the generated archive here. Attachments in our forum can be accessed only by moderators and ESET staff.
Recommended Posts