mashaaa 0 Posted January 26, 2020 Share Posted January 26, 2020 (edited) hi! i use a piece of music software called vocaloid and a few minutes ago, i went to download a vsqx (essentially a vocaloid project file) (hxxp://www.mediafire.com/file/zl6y1de5q22t2vt/Once_Upon_a_December.rar/file) from mediafire, and the website was blocked because ESET 13.0.24.0 detected a trojan called ScrInject.B. i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean. i am very confused, could this mean it was a false positive? i am using an expired trial version, and have since swapped antiviruses, so maybe it could be a conflict? i have no idea. Edited January 26, 2020 by mashaaa changed https:// on mediafire link to hxxps://, not taking chances Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted January 26, 2020 Administrators Share Posted January 26, 2020 I was unable to reproduce it. Please provide logs collected with ESET Log Collector and quarantined files included to ESET as per https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted January 26, 2020 Most Valued Members Share Posted January 26, 2020 3 hours ago, mashaaa said: hi! i use a piece of music software called vocaloid and a few minutes ago, i went to download a vsqx (essentially a vocaloid project file) (hxxp://www.mediafire.com/file/zl6y1de5q22t2vt/Once_Upon_a_December.rar/file) from mediafire, and the website was blocked because ESET 13.0.24.0 detected a trojan called ScrInject.B. i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean. i am very confused, could this mean it was a false positive? i am using an expired trial version, and have since swapped antiviruses, so maybe it could be a conflict? i have no idea. It can probably be infected or not , like one redirect was infected the other wasn't if you didn't get a detection triggered the second time , the file itself isn't infected , what is infected the page that sends you to another malicious JS script Running an expired AV is dangerous , if you are not going to renew ESET or buy a license , you better be running Windows Defender because having an out-of-date AV is bad. Link to comment Share on other sites More sharing options...
mashaaa 0 Posted January 26, 2020 Author Share Posted January 26, 2020 (edited) 10 hours ago, Rami said: It can probably be infected or not , like one redirect was infected the other wasn't if you didn't get a detection triggered the second time , the file itself isn't infected , what is infected the page that sends you to another malicious JS script Running an expired AV is dangerous , if you are not going to renew ESET or buy a license , you better be running Windows Defender because having an out-of-date AV is bad. no worries! i swapped to a new AV when the trial licence expired, also thank you for the response. i was just really confused and you helped me out a lot Edited January 26, 2020 by mashaaa Link to comment Share on other sites More sharing options...
itman 1,628 Posted January 26, 2020 Share Posted January 26, 2020 14 hours ago, mashaaa said: i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean. You can't rely of Virus Total detection because not all Eset security detection components are installed there. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted January 26, 2020 Administrators Share Posted January 26, 2020 Moreover, url scan and website content scan are two completely different things. Nightowl 1 Link to comment Share on other sites More sharing options...
Recommended Posts