Jump to content
Shamsulalamrony

kryptik.bjg trojen infection

Recommended Posts

I am using eset endpoint protection. Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection.

Please note that it is happening only for http sites not for https sites. I have already talked to the ISP, they told me they will give feedback. Need help to resolve this problem. 

Share this post


Link to post
Share on other sites

Please provide ELC logs gathered from the machine with also quarantined files included.

Share this post


Link to post
Share on other sites

Please try resetting your router to factory settings and rebooting the system. Should the problem persist, provide a new set of logs with "Quarantined files" selected in the ELC menu before you start gathering the stuff.

 

Share this post


Link to post
Share on other sites

Quarantined files were missing. Please make sure to select the appropriate entry in the list prior to gathering the stuff:

image.png

Share this post


Link to post
Share on other sites
4 hours ago, Shamsulalamrony said:

Not able to browse Internet using the internet connectivity provided by a ISP, as antivirus blocks connection because of kryptik.bjg trojen infection, showing connection terminated notification. But we are able to use Internet using other ISP’s connection.

I am trying to understand what you posted here. Are you stating that Eset is alerting only when a browser is being used but all other app Internet based connections do not alert?

Also since Eset mods are the only ones that access any forum attachments, the rest of us can't offer any assistance unless you post a screen shot of the Eset log entry, most likely Detections, of the malware detection. 

Share this post


Link to post
Share on other sites

A couple of records from the Detections log:

10. 4. 2019 10:42:04    HTTP filter    file   http://www.google-analytics.com/collect  JS/Kryptik.BJG trojan    connection terminated    NT AUTHORITY\SYSTEM    Threat was detected upon access to web by the application: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (C7FF3E06D2739699A9827B9580E860F7A4C4E87E).    D853D0585365C721B934F471C01F85C0F16601B2        
10. 4. 2019 10:31:12    HTTP filter    file   http://forum.eset.com  JS/Kryptik.BJG trojan    connection terminated    RELIANCE-BD\rony    Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985).    C6CB3A0364044C7D737211EE8B772B8443D4468E        
10. 4. 2019 10:29:18    HTTP filter    file   http://cdp.thawte.com/ThawteEVRSACA2018.crl  JS/Kryptik.BJG trojan    connection terminated    RELIANCE-BD\rony    Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (A58DF340EC9C374165D0DF5020109CB559AB2985).    1E6D339150A58FAD79449D8370A81B02BE34ED0B        

 

Share this post


Link to post
Share on other sites

Hum ……….. Since Eset is detecting oversee.exe connection to Google Analytics as Kryptik, a very nasty Trojan, and it appears the source of oversee.exe is CCleaner, are we possibly looking at another CCleaner supply chain server attack?

Share this post


Link to post
Share on other sites

Something intercepts the communication since the malware was detected also at thawte.com and this forum too. Normally the communication is secure but in OP's case it's an http communication.

Share this post


Link to post
Share on other sites

Obviously Avast is installed there and many of its drivers are running. Make sure it's completely uninstalled prior to installing ESET:

image.png

Share this post


Link to post
Share on other sites
2 hours ago, Marcos said:

Obviously Avast is installed there and many of its drivers are running.

I assumed as much. OP probably forgot to uncheck the free version PUP of it when installing CCleaner. In any case, uninstalling Avast free will not remove oversee.exe. It has to be manually removed per the link I posted previously.

Also Eset should be flagging the CCleaner installer as a PUA. 

Share this post


Link to post
Share on other sites

I deleted oversee.exe manually as per the documentation of “itman” but the problem was same.

The problem is solved after disabling some service ports and controlling access by adding IP blocks to useful service ports to the router.  ESET worked fine as it was able to block the flooding of Trojan.

Thanks a lot everyone for giving your valuable time.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...