Shamsulalamrony 0 Posted April 10, 2019 Share Posted April 10, 2019 I am using eset endpoint protection. Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection. Please note that it is happening only for http sites not for https sites. I have already talked to the ISP, they told me they will give feedback. Need help to resolve this problem. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 Please provide ELC logs gathered from the machine with also quarantined files included. Kim chu 1 Link to comment Share on other sites More sharing options...
Shamsulalamrony 0 Posted April 10, 2019 Author Share Posted April 10, 2019 Please check the attached file to get logs. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 Please try resetting your router to factory settings and rebooting the system. Should the problem persist, provide a new set of logs with "Quarantined files" selected in the ELC menu before you start gathering the stuff. Link to comment Share on other sites More sharing options...
Shamsulalamrony 0 Posted April 10, 2019 Author Share Posted April 10, 2019 Still the problem is same. eea_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 Quarantined files were missing. Please make sure to select the appropriate entry in the list prior to gathering the stuff: Link to comment Share on other sites More sharing options...
Shamsulalamrony 0 Posted April 10, 2019 Author Share Posted April 10, 2019 Please check. eea_logs.zip Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 10, 2019 Share Posted April 10, 2019 4 hours ago, Shamsulalamrony said: Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection. I am trying to understand what you posted here. Are you stating that Eset is alerting only when a browser is being used but all other app Internet based connections do not alert? Also since Eset mods are the only ones that access any forum attachments, the rest of us can't offer any assistance unless you post a screen shot of the Eset log entry, most likely Detections, of the malware detection. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 A couple of records from the Detections log: 10. 4. 2019 10:42:04 HTTP filter file http://www.google-analytics.com/collect JS/Kryptik.BJG trojan connection terminated NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (C7FF3E06D2739699A9827B9580E860F7A4C4E87E). D853D0585365C721B934F471C01F85C0F16601B2 10. 4. 2019 10:31:12 HTTP filter file http://forum.eset.com JS/Kryptik.BJG trojan connection terminated RELIANCE-BD\rony Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985). C6CB3A0364044C7D737211EE8B772B8443D4468E 10. 4. 2019 10:29:18 HTTP filter file http://cdp.thawte.com/ThawteEVRSACA2018.crl JS/Kryptik.BJG trojan connection terminated RELIANCE-BD\rony Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985). 1E6D339150A58FAD79449D8370A81B02BE34ED0B Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 10, 2019 Share Posted April 10, 2019 Suspect this might be related to oversee.exe. How to get rid off it is given in this article: https://askleo.com/how-do-i-get-rid-of-overseer-exe/ Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 10, 2019 Share Posted April 10, 2019 Hum ……….. Since Eset is detecting oversee.exe connection to Google Analytics as Kryptik, a very nasty Trojan, and it appears the source of oversee.exe is CCleaner, are we possibly looking at another CCleaner supply chain server attack? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 Something intercepts the communication since the malware was detected also at thawte.com and this forum too. Normally the communication is secure but in OP's case it's an http communication. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted April 10, 2019 Administrators Share Posted April 10, 2019 Obviously Avast is installed there and many of its drivers are running. Make sure it's completely uninstalled prior to installing ESET: Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 10, 2019 Share Posted April 10, 2019 2 hours ago, Marcos said: Obviously Avast is installed there and many of its drivers are running. I assumed as much. OP probably forgot to uncheck the free version PUP of it when installing CCleaner. In any case, uninstalling Avast free will not remove oversee.exe. It has to be manually removed per the link I posted previously. Also Eset should be flagging the CCleaner installer as a PUA. Link to comment Share on other sites More sharing options...
Shamsulalamrony 0 Posted April 11, 2019 Author Share Posted April 11, 2019 I deleted oversee.exe manually as per the documentation of “itman” but the problem was same. The problem is solved after disabling some service ports and controlling access by adding IP blocks to useful service ports to the router. ESET worked fine as it was able to block the flooding of Trojan. Thanks a lot everyone for giving your valuable time. Link to comment Share on other sites More sharing options...
Recommended Posts