Jump to content

Recommended Posts

Posted

Hi,

one of my customers suddenly had an eset warning when trying to browse her own wordpress-powered website.

If I test the website on virustotal, there is no detection. But I inspected the source for the home page, and found a series of suspicious urls to a remote js file:

workdevapp.com/1deb3dd710d8d90c20.js

This url do trigger eset on virustotal. But only eset, all other antivirus are green...

How do I know if it's really a virus ?

Thanks,

--

Rémi

Posted

I did some more testing, so I have to add that the entire workdevapp.com domain seems blacklisted by eset.

https://www.virustotal.com/fr/url/cd5a6ae2fa40f7a16aa606e828db50446ded4e333ae09b2480cda80491bc2e31/analysis/

But that the js file itself does not trigger eset. But it does trigger zonealarm and Kaspersky as an adware.

https://www.virustotal.com/fr/file/cec906f1fc42b843aaa4aaa12db15767882547e5e247b4e0489f76313b14da45/analysis/1539006038/

  • Administrators
Posted

There is a malicious js that ESET detects as JS/Agent.NYX and which caused blocking of the domain.

  • 1 month later...
Posted

I have same problem I don't know how but eset endpoint antivirus started to popping up a workdevapp.com  and it's saying that adress has been blocked but when I tried to exit the window. I can't it's still popping up can someone help me please.

workdevapp.png

  • Administrators
Posted

Please gather logs with ESET Log Collector and upload the generated archive here. Attachments in our forum can be accessed only by moderators and ESET staff.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...