Jump to content
mashaaa

ScrInject.B trojan detection on MediaFire, is this a false positive?

Recommended Posts

hi! i use a piece of music software called vocaloid and a few minutes ago, i went to download a vsqx (essentially a vocaloid project file) (hxxp://www.mediafire.com/file/zl6y1de5q22t2vt/Once_Upon_a_December.rar/file) from mediafire, and the website was blocked because ESET 13.0.24.0 detected a trojan called ScrInject.B. i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean. i am very confused, could this mean it was a false positive? i am using an expired trial version, and have since swapped antiviruses, so maybe it could be a conflict? i have no idea.

Untitle.png

Edited by mashaaa
changed https:// on mediafire link to hxxps://, not taking chances

Share this post


Link to post
Share on other sites
3 hours ago, mashaaa said:

hi! i use a piece of music software called vocaloid and a few minutes ago, i went to download a vsqx (essentially a vocaloid project file) (hxxp://www.mediafire.com/file/zl6y1de5q22t2vt/Once_Upon_a_December.rar/file) from mediafire, and the website was blocked because ESET 13.0.24.0 detected a trojan called ScrInject.B. i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean. i am very confused, could this mean it was a false positive? i am using an expired trial version, and have since swapped antiviruses, so maybe it could be a conflict? i have no idea.

Untitle.png

It can probably be infected or not , like one redirect was infected the other wasn't if you didn't get a detection triggered the second time , the file itself isn't infected , what is infected the page that sends you to another malicious JS script

Running an expired AV is dangerous , if you are not going to renew ESET or buy a license , you better be running Windows Defender because having an out-of-date AV is bad.

Share this post


Link to post
Share on other sites
10 hours ago, Rami said:

It can probably be infected or not , like one redirect was infected the other wasn't if you didn't get a detection triggered the second time , the file itself isn't infected , what is infected the page that sends you to another malicious JS script

Running an expired AV is dangerous , if you are not going to renew ESET or buy a license , you better be running Windows Defender because having an out-of-date AV is bad.

no worries! i swapped to a new AV when the trial licence expired, also thank you for the response. i was just really confused and you helped me out a lot :)

Edited by mashaaa

Share this post


Link to post
Share on other sites
14 hours ago, mashaaa said:

i ran it through virustotal (hxxps://www.virustotal.com/gui/url/0b19ab859aaf70e1293eca6f93c89d23c4b9ba09d89a96e61bc8294e4ce12dba/detection) and everything, including ESET, came back clean.

You can't rely of Virus Total detection because not all Eset security detection components are installed there.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...