Jump to content

Archived

This topic is now archived and is closed to further replies.

Mekail wardak

9anime blocked bcz of HTML/scrlnjet.B trojan

Recommended Posts

Hello there,

I have been using the site 9anime.to for a while and i am pretty sure that it is clean but recently sometimes ESET blocks it, saying that it detected and blocked a Trojan. If there is anyway of solving  this issue of mine plz reply to this post. I have been using ESET for a while and plan on using it for a it if there are no other problems. 

Capture.JPG

Share this post


Link to post
Share on other sites

Try to use uBlock Origin it might help remove the ad that brings this trojan , so you will be able to access the website normally.

uMatrix will stop all scripts in the website unless you instruct it to allow , it also can help but might break the websites you enter unless you tweak it to them.

You can allow the website in uMatrix so it can load it's scripts , but keep defpush one blocked , I think then you will be able to access because uMatrix prevented Defpush to load , so there is no trojan anymore for ESET to detect.

Share this post


Link to post
Share on other sites

First of all, thanks alot for replying so fast. I appreciate it. but i still had problems with it.

On 12/31/2019 at 2:18 AM, Marcos said:

It is because of loading a script from defpush.com which doesn't seem to be good: https://malwaretips.com/blogs/remove-defpush-com/

I followed all the steps but it was still not working.

On 12/31/2019 at 8:31 AM, Rami said:

Try to use uBlock Origin it might help remove the ad that brings this trojan , so you will be able to access the website normally.

uMatrix will stop all scripts in the website unless you instruct it to allow , it also can help but might break the websites you enter unless you tweak it to them.

You can allow the website in uMatrix so it can load it's scripts , but keep defpush one blocked , I think then you will be able to access because uMatrix prevented Defpush to load , so there is no trojan anymore for ESET to detect.

i also used the uBlock and uMatrix to the best of my capability and tried making it work but it didn't seem to work. (for umatrix i paused the  internet security functiom of ESET and blocked defpush access). if i did anything wrong or if there are any extra steps involved, it will be well received.

Capture1.JPG

Share this post


Link to post
Share on other sites

Doubt uBlock, uMatrix, or any other browser based extension will work here. Eset is detecting the malware prior to the web page even rendering.

Share this post


Link to post
Share on other sites

since its not working can i just turn off internet security and visit the site? will it in any way harm my pc?

Share this post


Link to post
Share on other sites
9 minutes ago, Mekail wardak said:

since its not working can i just turn off internet security and visit the site? will it in any way harm my pc?

You can add * 9anime.to* to "List of addresses excluded from context scan" in Web Access protection section: https://help.eset.com/eis/13/en-US/idh_config_epfw_url_set_manager.html .

Since the above obviously will ignore all malware detected on the web site, your PC could be infected by anything malicious on that web site.

Share this post


Link to post
Share on other sites
10 minutes ago, itman said:

Since the above obviously will ignore all malware detected on the web site, your PC could be infected by anything malicious on that web site.

i don't know much about all the viruses and malwares and stuff, so i would really like to ask if i should do it or not?

Share this post


Link to post
Share on other sites
Just now, Mekail wardak said:

so i would really like to ask if i should do it or not?

You shouldn't do it since the site is being detected as hosting malware.

Share this post


Link to post
Share on other sites
1 hour ago, Mekail wardak said:

i don't know much about all the viruses and malwares and stuff, so i would really like to ask if i should do it or not?

No. If a site is hosting malware then it is a dangerous site and really should be avoided. As Itman had said allowing the site access can and probably will put you at risk. 

Share this post


Link to post
Share on other sites

On "Virus Total" , 9anime.to   has 2(two) hits from 72 engines.  The 2 engine detecting the site as "malicious" are Quttera and CRDF  (practically unknown players)

I would say that is safe to access 9anime.to in proportion of 99.9%

Share this post


Link to post
Share on other sites
1 hour ago, local said:

On "Virus Total" , 9anime.to   has 2(two) hits from 72 engines.  The 2 engine detecting the site as "malicious" are Quttera and CRDF  (practically unknown players)

I would say that is safe to access 9anime.to in proportion of 99.9%

A mod had said it is trying to load a script from a malicious site. Users can choose to allow this site but it's at their own risk. If its blocking it there generally is a reason and I'd be concerned

Share this post


Link to post
Share on other sites
1 hour ago, peteyt said:

If its blocking it there generally is a reason and I'd be concerned

"a reason" could be a FP

1 hour ago, peteyt said:

A mod had said it is trying to load a script from a malicious site

and 70 other antiviruses said  the other way;

Share this post


Link to post
Share on other sites
2 hours ago, peteyt said:

A mod had said it is trying to load a script from a malicious site.

So noted here: https://forum.eset.com/topic/22049-9anime-blocked-bcz-of-htmlscrlnjetb-trojan/?do=findComment&comment=106655 .

A naive user might just mouse click on the "Allow" prompt from the offending web page ad resulting with them being hit by pop-up malware.

Share this post


Link to post
Share on other sites
2 hours ago, local said:

"a reason" could be a FP

and 70 other antiviruses said  the other way;

As itman has linked above Marcos has stated the reason as it is trying to load a script from a malicious site. If someone who works for Eset is saying it is suspicious then to me it is suspicious and I wouldn't recommend using it. The fact it is trying to load this script is bad enough.

Share this post


Link to post
Share on other sites

As far as defpush.com being a malicious domain, refer to this: https://hybrid-analysis.com/sample/cafa07a79320db1a395469f27b70dadecb033efa9eb608d6314d69db6cc859be?environmentId=100

The solution to this is simple. Inform 9anime.to that they have a malicious ad on their web site and remove it. I somewhat suspect that they are aware of this situation.

Note that Virus Total is not a place to verify if a domain is malicious or not. It just runs hosted product's real-time engine and an in depth scan of domain behavior is not being performed.

Of note is defpush.com is blacklisted at Quttera: https://quttera.com/detailed_report/defpush.com

I also went through uBlock Origin's default filter lists. No where was defpush.com listed. So a browser ad blocker extension would not protect you on this puppy.

Share this post


Link to post
Share on other sites

Went to "9anime.to" on my Win10 PC (Defender)

Clicked everything and everywhere.. nothing happened.

Share this post


Link to post
Share on other sites
1 hour ago, local said:

Went to "9anime.to" on my Win10 PC (Defender)

Clicked everything and everywhere.. nothing happened.

Have you enabled PUA checking in WD? It is not enabled by default: https://www.windowscentral.com/how-block-potentially-unwanted-programs-using-windows-defender-antivirus .

Also did you use IE11 or Edge that enable browser based SmartScreen? The detection within the browser would be by SmartScreen. Since defpush.com is classified as phishing malware, pretty sure SmartScreen will flag it. -EDIT- Possibly not since the web site is https; SmartScreen is IP address/domain based only; and does not have SSL/TLS protocol scanning ability.

Finally, just opening the 9anime.to site home page might not be enough to trigger the redirect to defpush.com.

Also reboot your PC and let us know if the popups start.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...