HPPI 0 Posted April 11, 2019 Share Posted April 11, 2019 Hello. Upon starting my computer today it did the "configuring Windows" three times before completing, then an ESET window came up with this message: A threat (HTML/ScrInject.B) was found in a file that Microsoft Windows Search Protocol Host tried to access. It can only be removed by deleting the file which can cause problems if the file belongs to the operating system. So I'm not sure what to do at this point. Please advise. Thank you! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted April 11, 2019 Administrators Share Posted April 11, 2019 Please carry on as follows: - download and launch ESET Log Collector - also select "Quarantined files" in the list - gather logs and other files - post the generated archive here. Link to comment Share on other sites More sharing options...
HPPI 0 Posted April 11, 2019 Author Share Posted April 11, 2019 Thank you so much for responding. I believe this is the information you're requesting. I copied it from the box titles "Operation Log". If this isn't correct, please tell me where to find the correct logs. [15:42:58 PM] ESET Log Collector v3.2.0.1 (9/11/2018) - 64 bit [15:42:58 PM] Copyright (c) 1992-2018 ESET, spol. s r.o. All rights reserved. Link to comment Share on other sites More sharing options...
HPPI 0 Posted April 11, 2019 Author Share Posted April 11, 2019 Sorry Marcos, I just realized I didn't copy the whole list. Here it is: Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted April 11, 2019 Administrators Share Posted April 11, 2019 I don't need the operation log generated by ELC but the whole archive that was generated. Link to comment Share on other sites More sharing options...
HPPI 0 Posted April 11, 2019 Author Share Posted April 11, 2019 Sorry about that, obviously I'm not very well versed in these things. It archived a zip file, and I've attached it here. Is this what you need? eav_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted April 12, 2019 Administrators Share Posted April 12, 2019 Quote A threat (HTML/ScrInject.B) was found in a file that Microsoft Windows Search Protocol Host tried to access. There's nothing like that in the logs you provided. The only detections were: Win32/Bundled.Toolbar.Ask.G pot. unsafe app. HTML/Refresh.BC Link to comment Share on other sites More sharing options...
HPPI 0 Posted April 15, 2019 Author Share Posted April 15, 2019 Ok, thank you for looking into it. At this point, I guess I just need to know which button to click - delete or ignore threat? I'm concerned about deleting because of the warning about the operating system. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted April 15, 2019 Administrators Share Posted April 15, 2019 Select Delete. It should be basically only temporary html files on a disk when an interaction is required. If you open a website where this detection is triggered, access is blocked automatically. Link to comment Share on other sites More sharing options...
HPPI 0 Posted April 15, 2019 Author Share Posted April 15, 2019 Ok, thank you so much for all of your help! Have a wonderful day! Link to comment Share on other sites More sharing options...
Recommended Posts