Jump to content

JS/Adware.Agent.AA Application


Recommended Posts

I have a site network that I watch tv shows from for almost 2 years, but this morning I tried going to https://watchdoctorwhoonline.com , which is one of the sites that the network owns, and it had always worked in the past with no issues, and I got this problem.

I don't think it's the site's problem, as it never had any issues. Should I turn off eset to use the site or did the site probably get hacked or something similar...?

 

2156c2b415971218f3dde451d4046a54.png

Link to comment
Share on other sites

  • Administrators

The detection is correct and it's not new. The detection is related to aggressive ads which I started getting after opening the website with ESET disabled.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

The detection is correct and it's not new. The detection is related to aggressive ads which I started getting after opening the website with ESET disabled.

Then if I have Ublock, is it fine to disable eset just when using the site?

Link to comment
Share on other sites

25 minutes ago, doxiMAN_MAN said:

Then if I have Ublock, is it fine to disable eset just when using the site?

UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.

Edited by itman
Link to comment
Share on other sites

9 minutes ago, itman said:

UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.

But as I said I don't believe the site itself actually has any malware, can the ads alone give me malware?

Link to comment
Share on other sites

52 minutes ago, doxiMAN_MAN said:

can the ads alone give me malware?

Yes if they were not previously blocked by an ad blocker.

In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing.

If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.

Link to comment
Share on other sites

5 minutes ago, itman said:

Yes if they were not previously blocked by an ad blocker.

In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing.

If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.

Then can I not use the site anymore? It has never been like that, I've been using this site for over a year. How can I add the site to the allowed list? I've tried adding it to the setup -> internet protection -> web access protection -> URL address management -> edit -> list of allowed addresses -> edit -> and I added the site: "https://watchdoctorwhoonline.com", but it's still blocked, I've restarted the tab, chrome, even the PC but it's still blocked. do I have to disable eset via the "pause protection" feature? 

Edited by doxiMAN_MAN
Link to comment
Share on other sites

Do the following at your own peril. If you later get infected, do not expect forum help.

1. In the Eset GUI, select Advanced Setup.

2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes.

At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps.

3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit.

4. Click on the Add tab.

5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields.

6. Change Scan action selection to Ignore.  Click on OK tab on that and any subsequent displayed screen to save your changes.

Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.

Link to comment
Share on other sites

7 minutes ago, itman said:

Do the following at your own peril. If you later get infected, do not expect forum help.

1. In the Eset GUI, select Advanced Setup.

2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes.

At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps.

3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit.

4. Click on the Add tab.

5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields.

6. Change Scan action selection to Ignore.  Click on OK tab on that and any subsequent displayed screen to save your changes.

Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.

(excluding the IP addresses didn't work) On step 5, what URL am I supposed to put in the "URL Address"? I tried the website's address (https://watchdoc....) and clicked ok, but it turned red with the message "Failed to download certificate from given URL".

Link to comment
Share on other sites

Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.

Link to comment
Share on other sites

14 minutes ago, itman said:

Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.

I fixed it by following this tutorial... https://support.eset.com/kb2960/ thanks.

P.S. I tried adding it to the "Allowed" URLs and it didn't work, just now I tried adding it to the excluded from checking list and it worked.

 

Edited by doxiMAN_MAN
Link to comment
Share on other sites

The site is using a Cloudflare; i.e. DNS provider, root cert. with dozens of named urls on it. See no way that Eset will be able to exclude this site.

Edited by itman
Link to comment
Share on other sites

3 minutes ago, doxiMAN_MAN said:

I fixed it by following this tutorial... https://support.eset.com/kb2960/ thanks.

P.S. I tried adding it to the "Allowed" URLs and it didn't work, just now I tried adding it to the excluded from checking list and it worked.

 

Forgot about that one. It's a new option added in ver. 12.2.23 I beleive.

Link to comment
Share on other sites

A very strong warning here.

I just performed a detail scan of this web site using Quttera. It found a whopping 19 malware instances; all Javascript based:

Eset_Quttera.thumb.png.319d5f12fbd0951529227a4748566be6.png

https://quttera.com/detailed_report/watchdoctorwhoonline.com

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...