Jump to content

kryptik.bjg trojen infection


Recommended Posts

I am using eset endpoint protection. Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection.

Please note that it is happening only for http sites not for https sites. I have already talked to the ISP, they told me they will give feedback. Need help to resolve this problem. 

Link to comment
Share on other sites

  • Administrators

Please try resetting your router to factory settings and rebooting the system. Should the problem persist, provide a new set of logs with "Quarantined files" selected in the ELC menu before you start gathering the stuff.

 

Link to comment
Share on other sites

  • Administrators

Quarantined files were missing. Please make sure to select the appropriate entry in the list prior to gathering the stuff:

image.png

Link to comment
Share on other sites

4 hours ago, Shamsulalamrony said:

Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection.

I am trying to understand what you posted here. Are you stating that Eset is alerting only when a browser is being used but all other app Internet based connections do not alert?

Also since Eset mods are the only ones that access any forum attachments, the rest of us can't offer any assistance unless you post a screen shot of the Eset log entry, most likely Detections, of the malware detection. 

Link to comment
Share on other sites

  • Administrators

A couple of records from the Detections log:

10. 4. 2019 10:42:04    HTTP filter    file   http://www.google-analytics.com/collect  JS/Kryptik.BJG trojan    connection terminated    NT AUTHORITY\SYSTEM    Threat was detected upon access to web by the application: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (C7FF3E06D2739699A9827B9580E860F7A4C4E87E).    D853D0585365C721B934F471C01F85C0F16601B2        
10. 4. 2019 10:31:12    HTTP filter    file   http://forum.eset.com  JS/Kryptik.BJG trojan    connection terminated    RELIANCE-BD\rony    Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985).    C6CB3A0364044C7D737211EE8B772B8443D4468E        
10. 4. 2019 10:29:18    HTTP filter    file   http://cdp.thawte.com/ThawteEVRSACA2018.crl  JS/Kryptik.BJG trojan    connection terminated    RELIANCE-BD\rony    Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985).    1E6D339150A58FAD79449D8370A81B02BE34ED0B        

 

Link to comment
Share on other sites

Hum ……….. Since Eset is detecting oversee.exe connection to Google Analytics as Kryptik, a very nasty Trojan, and it appears the source of oversee.exe is CCleaner, are we possibly looking at another CCleaner supply chain server attack?

Link to comment
Share on other sites

  • Administrators

Something intercepts the communication since the malware was detected also at thawte.com and this forum too. Normally the communication is secure but in OP's case it's an http communication.

Link to comment
Share on other sites

  • Administrators

Obviously Avast is installed there and many of its drivers are running. Make sure it's completely uninstalled prior to installing ESET:

image.png

Link to comment
Share on other sites

2 hours ago, Marcos said:

Obviously Avast is installed there and many of its drivers are running.

I assumed as much. OP probably forgot to uncheck the free version PUP of it when installing CCleaner. In any case, uninstalling Avast free will not remove oversee.exe. It has to be manually removed per the link I posted previously.

Also Eset should be flagging the CCleaner installer as a PUA. 

Link to comment
Share on other sites

I deleted oversee.exe manually as per the documentation of “itman” but the problem was same.

The problem is solved after disabling some service ports and controlling access by adding IP blocks to useful service ports to the router.  ESET worked fine as it was able to block the flooding of Trojan.

Thanks a lot everyone for giving your valuable time.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...