js/scrinject.b

[Thisara 0]

Dear All,

 

When each and every time I opened Google Chrome and its pages it appears and its blocked lot of page including google pay in Google settings.

I uninstalled and reinstall both chrome and ESET. But it doesn't work.

Please help me on this since its very hassle to work with continuous notifications.

 

Best Regards,

Thisara

[Marcos 5,070]

Please provide logs collected with ESET Log Collector but with also "quarantined files" selected in ELC.

[Thisara 0]

13 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector but with also "quarantined files" selected in ESET Log Collector.

Dear Marcos,

 

Please find the Logs with "quarantined files"..

Please help me on this.. Need solve this as soon as possible.

Once again thank you very much.eis_logs.zip

 

Best Regards,

Thisara

[Nightowl 202]

 

1 hour ago, Thisara said:

Dear Marcos,

 

Please find the Logs with "quarantined files"..

Please help me on this.. Need solve this as soon as possible.

Once again thank you very much.eis_logs.zip

 

Best Regards,

Thisara

Maybe it's one of your extensions in the browser or the browser is hijacked somehow?

[itman 1,659]

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

[Thisara 0]

1 hour ago, Nightowl said:

 

Maybe it's one of your extensions in the browser or the browser is hijacked somehow?

Dear Nightowl,

 

Then how can I get rid from that.. I herewith attached the my extention page.

Plesae review that.. If someone hacked, how can i get rid from that..?

Please help me.

 

Thank you,

Best Regards,

Thisara

Edited March 25, 2020 by Thisara

[Thisara 0]

1 hour ago, itman said:

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

Dear Itman,

What you mean by " false positive detection" ? I can't understand..

Yes, We will wait till Marcos's reply..

 

Thank you,

Best Regards,

Thisara

 

[Nightowl 202]

9 minutes ago, Thisara said:

Dear Nightowl,

 

Then how can I get rid from that.. I herewith attached the my extention page.

Plesae review that.. If someone hacked, how can i get rid from that..?

Please help me.

 

Thank you,

Best Regards,

Thisara

Try to shut them down all and try one by one enabling and see if the message will disappear

Also try to clean your cache.

[Marcos 5,070]

The detection is correct. A malicious javascript (JS/Adware.Revizer-related) was detected when injected into a legitimate js file:

Is the threat detected in any browser? Only on this device or also on other devices in your LAN? Is it detected if you run a browser without extensions?

[Marcos 5,070]

2 hours ago, itman said:

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

I don't think it's a common FP. The thing is people tend to think our detections are FPs because no other AVs trigger detection but as you can see above, even in this case the detection was correct.

Without analyzing a particular case it's impossible to make any conclusions regarding FPs.

[itman 1,659]

25 minutes ago, Marcos said:

Without analyzing a particular case it's impossible to make any conclusions regarding FPs.

Agreed.

26 minutes ago, Marcos said:

I don't think it's a common FP.

I was referring to past forum postings where the issue was traced back to a recent signature update.

[itman 1,659]

7 hours ago, Thisara said:

I uninstalled and reinstall both chrome

I don't use Chrome, But I suspect it works similar to FireFox in regards to the user's profile. That is it is not deleted and when Chrome is reinstalled existing settings, extensions, and the like are retained and reestablished.

It might come down to you having to manually delete this profile along with all traces of Chrome on your device. Then if the malware alerts cease upon reinstall, one by one reinstall your prior extensions. If Eset starts alerting after an extension installation, that is your culprit.

An alternative to the above is to go to the malware support sections of either malwaretips.com or bleepingcomputer.com and have one of their malware remediation experts assist. They will instruct you to download and run a number of specialized tools for malware diagnostics along with other tools that specialize in removing browser based malware.

Edited March 25, 2020 by itman

[itman 1,659]

As far as JS/Adware.Revizer malware is concerned, this FireFox posting might be informative: https://support.mozilla.org/en-US/questions/1228037 . It is definitely extension related. Also appears MalwareBytes might be able to get rid of it; at least in FireFox.

[Thisara 0]

1 hour ago, Marcos said:

The detection is correct. A malicious javascript (JS/Adware.Revizer-related) was detected when injected into a legitimate js file:

Is the threat detected in any browser? Only on this device or also on other devices in your LAN? Is it detected if you run a browser without extensions?

Dear Marcos,

 

Thank you very much.

Yes.. It is detecting on all browsers..But only  on this device.. Yes, I tryd even disabling all extentions. But its there.

how can I detect that infected file, to delete.?

Please help me on that.

 

Thank you.

Best Regards,

Thisara

[itman 1,659]

Another FYI observation in regards to the above posted script code.

Of note is the amptylogick.com domain reference. Both Eset and Fortinet detect this domain as malicious on Virus Total; the only two listed solutions to do so. So I assume Eset's detection in this regard is by blacklist.

[Thisara 0]

8 minutes ago, itman said:

Another FYI observation in regards to the above posted script code.

Of note is the amptylogick.com domain reference. Both Eset and Fortinet detect this domain as malicious on Virus Total; the only two listed solutions to do so. So I assume Eset's detection in this regard is by blacklist.

Dear Itman,

 

Can't I find that infected file.? Then I can delet that file/files..

 

If not, how can I blacklist this notification on eset.?

 

Thank you.

Best Regards,

Thisara

[itman 1,659]

1 hour ago, Thisara said:

Yes.. It is detecting on all browsers.

Are you stating you are getting the same alert in Edge and that you have no extensions installed in it?

[Thisara 0]

3 minutes ago, itman said:

Are you stating you are getting the same alert in Edge and that you have no extensions installed in it?

Dear Itman,

 

Yes.. I don't have any extention on the edge. But when we try to serach somthing, it wil appeare.

 

Best Regards,

Thisara

[itman 1,659]

My suggestion again is to go to the malware removal sites I posted previously for assistance. Or, contact your in-country Eset support representative for assistance as long as you are using a paid licensed version of Eset.

-EDIT- As far as malwaretips.com and also possibly bleepingcomputer.com, note the following restriction:

Quote

We will not assist users that are using illegal/pirated software.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares. All P2P software has to be uninstalled or at least fully disabled before proceeding!

https://malwaretips.com/threads/piracy.38446/

Edited March 25, 2020 by itman

[Marcos 5,070]

I'd also try resetting your router to factory settings, disabling remote administration over WAN, installing the latest version of firmware and setting a more complex password for access to the webadmin console.

[Bala 0]

Hi Thisara,

 

Did you resolve this issue.

I am also facing the same issue. if you found the solution could you please post.

 

Thanks and Regards,

Bala

[Nightowl 202]

3 hours ago, Bala said:

Hi Thisara,

 

Did you resolve this issue.

I am also facing the same issue. if you found the solution could you please post.

 

Thanks and Regards,

Bala

If you have tried all up solutions and still having problems then probably you need to follow the last advice from Marcos which is resetting the router because most probably that the router is redirecting to other places.

[Marcos 5,070]

The question is if you are g

7 hours ago, Bala said:

Did you resolve this issue.
I am also facing the same issue. if you found the solution could you please post.

I would start off by providing ELC logs collected with also "quarantined files" selected. If I'm able to reproduce the detection, the website was either compromised or a particular website has been cleaned from malware and should be removed from blacklist. Otherwise it'd be likely that the injection occurs between your ISP and your machine / browser.

[Thisara 0]

On 4/14/2020 at 1:03 PM, Bala said:

Hi Thisara,

 

Did you resolve this issue.

I am also facing the same issue. if you found the solution could you please post.

 

Thanks and Regards,

Bala

Dear Bala,

What I did is format the machine.. But as I think after that, i could get the solution.

You need access the host file in ( windows, system 32, drivers, etc ) and edit..

remove the www.gstatic.com line..

Then it should be ok..

Try and comment.

Best Regards,

Thisara

[Thisara 0]

On 4/18/2020 at 12:00 AM, Thisara said:

Dear Bala,

What I did is format the machine.. But as I think after that, i could get the solution.

You need access the host file in ( windows, system 32, drivers, etc ) and edit..

remove the www.gstatic.com line..

Then it should be ok..

Try and comment.

Best Regards,

Thisara

 

Dear Bala,

 

Does it work..? Or the issue remains same..?

 

Best Regards,

Thisara