Adware Agent alert readcomiconline

[Vitaliy 1]

Dear Eset,

I am able to visit readcomiconline.to without any troubles or alerts - but each time I try to open the page of any actual comic book the "JS/Adware.Agent.AA warning pops up and does not let me read any comics. Now I know you would tell me it means that the site has malware, but I am pretty sure it is unlikely. I contacted the site owner and he checked it out with his instance of Eset Nod32 and did not find anything unusual, there were no warnings. I checked the site with virustotal and none of the engines found anything, including the ESET engine of virustotal.

Windows 7 (64), Mozilla 63.0.3.

I heard that it is only the issue with your antivirus, but I am reluctant to change my antivirus because I only recently bought the license, it is valid until July 2019. I did not check if the site loads without antivirus - I am a noob in most pc-related stuff and would be pretty helpless if the malware alert is genuine.

Please help me, superhero comics is my hobby and readcomiconline is the only site which has almost all of them, including old and obscure ones. Without it I feel deprived and pretty much lose the joy of life. This warning only started to pop up in October, it was absolutely fine before, the ad blocker (uBlock origin) used to block most of the ads. Again, now I can visit the site without any troubles, visit the comics list - but not the pages with actual comics.

[Marcos 5,070]

The detection is related to dubious ad providers. I'd suggest avoiding websites where the detection is triggered.

[Vitaliy 1]

1 minute ago, Marcos said:

The detection is related to dubious ad providers. I'd suggest avoiding websites where the detection is triggered.

The site always had many ads and there were no troubles before. Also, Virustotal does not find anything. Including its Eset engine.

[Nightowl 202]

23 minutes ago, Vitaliy said:

The site always had many ads and there were no troubles before. Also, Virustotal does not find anything. Including its Eset engine.

It might have included some kind of ads that will provide you Adware.Agent.AA that's why your entry is being denied by ESET

It could be that your ESET engine from your machine is more up-to-date than the website even though that none of the websites detect anything in virustotal so there could be the possibility of a false positive , but from where it is coming what is the file..

[Marcos 5,070]

Although

1 hour ago, Vitaliy said:

Also, Virustotal does not find anything. Including its Eset engine.

That's because you were mixing apples with oranges. URL blocking is a different thing than scanning the website's html content.

[Vitaliy 1]

1 minute ago, Marcos said:

Although

That's because you were mixing apples with oranges. URL blocking is a different thing than scanning the website's html content.

Like I said, I'm a noob. I just want to read comics. And readcomiconline is - or was - the only site for me.

[Hpoonis 7]

Would installing an ad blocker free up the URL? If not then applying an exception to the URL would seem the logical choice.

[Marcos 5,070]

Of course, it's possible to exclude the url at the cost of a risk of getting infected. I would recommend to avoid visiting websites where ESET detects a threat until an administrator of the website resolves the issue.

[razorfancy 9]

10 minutes ago, Vitaliy said:

Like I said, I'm a noob. I just want to read comics. And readcomiconline is - or was - the only site for me.

I recommend you to read this topic:

 

Edited December 3, 2018 by razorfancy

[Vitaliy 1]

42 minutes ago, Hpoonis said:

Would installing an ad blocker free up the URL? If not then applying an exception to the URL would seem the logical choice.

Already have one (uBlock Origin), it blocks some ads, not all of them.

[Nightowl 202]

13 minutes ago, Vitaliy said:

Already have one (uBlock Origin), it blocks some ads, not all of them.

Try to use uMatrix , It's an addon which prevents Javascript to be loaded while leaving the Javascript that the website depends on running

Try to find the source of the ad URL , then add it to uBlock block list so it won't prompt you again and then remove uMatrix or keep using it , it's useful when you want to monitor ads and Java , you could just deny them from loading in the beginning

But beware sometimes things get blocked in uMatrix which causes the website to stop loading or working, you just need to know what you need to allow for the website to work properly and then all other can be configured as blocked.

You can block malware/ads domains through uMatrix and then you will have full control what to allow/disallow from the page you are visiting

Edited December 3, 2018 by Rami

[Vitaliy 1]

5 minutes ago, Rami said:

Try to use uMatrix , It's an addon which prevents Javascript to be loaded while leaving the Javascript that the website depends on running

Try to find the source of the ad URL , then add it to uBlock block list so it won't prompt you again and then remove uMatrix or keep using it , it's useful when you want to monitor ads and Java , you could just deny them from loading in the beginning

But beware sometimes things get blocked in uMatrix which causes the website to stop loading or working, you just need to know what you need to allow for the website to work properly and then all other can be configured as blocked.

I am still a noob. I may be able to find this uMatrix (and thank you for that), but I have no idea where and how to search for the source of url that causes this "Adware Agent" message to pop up.

[Nightowl 202]

24 minutes ago, Vitaliy said:

I am still a noob. I may be able to find this uMatrix (and thank you for that), but I have no idea where and how to search for the source of url that causes this "Adware Agent" message to pop up.

When you install uMatrix from Firefox addons page , You will have an icon next to the uBlock which looks like Green mixed with red , this is the status of the page that you are visiting , when it's green it's allowed and when it's red it's blocked

When you do visit the comics website , all of the Javascript that's being seen by uMatrix that the website doesn't depend on (sometimes it's not accurate) it will be blocked automatically , when it's blocked I think ESET will not block it , because uMatrix did block the load of the Javascript , if the site is working fine without any trouble , then continue using it as it is, if not then you need to allow it , it might take a while to get used it , but once you get used to it then you know how powerful it is ,

You could allow Scripts/Images/Media whatever it is from 1st party only , or from other sites that the main website do use , the ad obviously is coming from another website/server , so most likely it will be blocked by default in uMatrix.

For example , when running uMatrix with this forum , it will prevent the Quote and Quick Reply box , you need to click on the icon and then allow all , so you could see the 'all' bar turning green from half red or full red , then you will notice that it allows some scripts from invisioncic which makes the quick reply and Quote works again , in that example those scripts or whatever they are , are being provided by Invision which is the the forum system

Report back if uMatrix did help you.

Edited December 3, 2018 by Rami

[Vitaliy 1]

41 minutes ago, Rami said:

When you install uMatrix from Firefox addons page , You will have an icon next to the uBlock which looks like Green mixed with red , this is the status of the page that you are visiting , when it's green it's allowed and when it's red it's blocked

When you do visit the comics website , all of the Javascript that's being seen by uMatrix that the website doesn't depend on (sometimes it's not accurate) it will be blocked automatically , when it's blocked I think ESET will not block it , because uMatrix did block the load of the Javascript , if the site is working fine without any trouble , then continue using it as it is, if not then you need to allow it , it might take a while to get used it , but once you get used to it then you know how powerful it is ,

You could allow Scripts/Images/Media whatever it is from 1st party only , or from other sites that the main website do use , the ad obviously is coming from another website/server , so most likely it will be blocked by default in uMatrix.

For example , when running uMatrix with this forum , it will prevent the Quote and Quick Reply box , you need to click on the icon and then allow all , so you could see the 'all' bar turning green from half red or full red , then you will notice that it allows some scripts from invisioncic which makes the quick reply and Quote works again , in that example those scripts or whatever they are , are being provided by Invision which is the the forum system

Report back if uMatrix did help you.

Tinkered with various options in uMatrix, but it didn't change anything, which is weird.

[Nightowl 202]

18 minutes ago, Vitaliy said:

Tinkered with various options in uMatrix, but it didn't change anything, which is weird.

I don't have a machine with V12 installed , I will try few hours later and see how could I block it with uMatrix.

It could be the adware coming from main party servers.

[Vitaliy 1]

Actually, I've contacted the site's owner again and he double-checked and found and fixed the issue. But thank you all for the attention.