Jump to content

Recommended Posts

Dear All,

 

When each and every time I opened Google Chrome and its pages it appears and its blocked lot of page including google pay in Google settings.

I uninstalled and reinstall both chrome and ESET. But it doesn't work.

Please help me on this since its very hassle to work with continuous notifications.

 

Best Regards,

Thisara2020-03-25.thumb.png.e3b63e58b52034994054a89920b6be63.png

2020-03-25 (1).png

Share this post


Link to post
Share on other sites

Please provide logs collected with ESET Log Collector but with also "quarantined files" selected in ELC.

Share this post


Link to post
Share on other sites
13 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector but with also "quarantined files" selected in ESET Log Collector.

Dear Marcos,

 

Please find the Logs with "quarantined files"..

Please help me on this.. Need solve this as soon as possible.

Once again thank you very much.eis_logs.zip

 

Best Regards,

Thisara

Share this post


Link to post
Share on other sites

 

1 hour ago, Thisara said:

Dear Marcos,

 

Please find the Logs with "quarantined files"..

Please help me on this.. Need solve this as soon as possible.

Once again thank you very much.eis_logs.zip

 

Best Regards,

Thisara

Maybe it's one of your extensions in the browser or the browser is hijacked somehow?

Share this post


Link to post
Share on other sites

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

Share this post


Link to post
Share on other sites
1 hour ago, Nightowl said:

 

Maybe it's one of your extensions in the browser or the browser is hijacked somehow?

Dear Nightowl,

 

Then how can I get rid from that.. I herewith attached the my extention page.

Plesae review that.. If someone hacked, how can i get rid from that..?

254022730_2020-03-25(2).thumb.png.2ab908403eaa60ed2d47407a14ba1578.png

Please help me.

 

Thank you,

Best Regards,

Thisara

Edited by Thisara

Share this post


Link to post
Share on other sites
1 hour ago, itman said:

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

Dear Itman,

What you mean by " false positive detection" ? I can't understand..

Yes, We will wait till Marcos's reply..

 

Thank you,

Best Regards,

Thisara

 

Share this post


Link to post
Share on other sites
9 minutes ago, Thisara said:

Dear Nightowl,

 

Then how can I get rid from that.. I herewith attached the my extention page.

Plesae review that.. If someone hacked, how can i get rid from that..?

254022730_2020-03-25(2).thumb.png.2ab908403eaa60ed2d47407a14ba1578.png

Please help me.

 

Thank you,

Best Regards,

Thisara

Try to shut them down all and try one by one enabling and see if the message will disappear

Also try to clean your cache.

Share this post


Link to post
Share on other sites

The detection is correct. A malicious javascript (JS/Adware.Revizer-related) was detected when injected into a legitimate js file:

image.png

Is the threat detected in any browser? Only on this device or also on other devices in your LAN? Is it detected if you run a browser without extensions?

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.

I don't think it's a common FP. The thing is people tend to think our detections are FPs because no other AVs trigger detection but as you can see above, even in this case the detection was correct.

Without analyzing a particular case it's impossible to make any conclusions regarding FPs.

Share this post


Link to post
Share on other sites
25 minutes ago, Marcos said:

Without analyzing a particular case it's impossible to make any conclusions regarding FPs.

Agreed.

26 minutes ago, Marcos said:

I don't think it's a common FP.

I was referring to past forum postings where the issue was traced back to a recent signature update.

Share this post


Link to post
Share on other sites
7 hours ago, Thisara said:

I uninstalled and reinstall both chrome

I don't use Chrome, But I suspect it works similar to FireFox in regards to the user's profile. That is it is not deleted and when Chrome is reinstalled existing settings, extensions, and the like are retained and reestablished.

It might come down to you having to manually delete this profile along with all traces of Chrome on your device. Then if the malware alerts cease upon reinstall, one by one reinstall your prior extensions. If Eset starts alerting after an extension installation, that is your culprit.

An alternative to the above is to go to the malware support sections of either malwaretips.com or bleepingcomputer.com and have one of their malware remediation experts assist. They will instruct you to download and run a number of specialized tools for malware diagnostics along with other tools that specialize in removing browser based malware.

Edited by itman

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

The detection is correct. A malicious javascript (JS/Adware.Revizer-related) was detected when injected into a legitimate js file:

image.png

Is the threat detected in any browser? Only on this device or also on other devices in your LAN? Is it detected if you run a browser without extensions?

Dear Marcos,

 

Thank you very much.

Yes.. It is detecting on all browsers..But only  on this device.. Yes, I tryd even disabling all extentions. But its there.

how can I detect that infected file, to delete.?

Please help me on that.

 

Thank you.

Best Regards,

Thisara

Share this post


Link to post
Share on other sites

Another FYI observation in regards to the above posted script code.

Of note is the amptylogick.com domain reference. Both Eset and Fortinet detect this domain as malicious on Virus Total; the only two listed solutions to do so. So I assume Eset's detection in this regard is by blacklist.

Share this post


Link to post
Share on other sites
8 minutes ago, itman said:

Another FYI observation in regards to the above posted script code.

Of note is the amptylogick.com domain reference. Both Eset and Fortinet detect this domain as malicious on Virus Total; the only two listed solutions to do so. So I assume Eset's detection in this regard is by blacklist.

Dear Itman,

 

Can't I find that infected file.? Then I can delet that file/files..

 

If not, how can I blacklist this notification on eset.?

 

Thank you.

Best Regards,

Thisara

Share this post


Link to post
Share on other sites
1 hour ago, Thisara said:

Yes.. It is detecting on all browsers.

Are you stating you are getting the same alert in Edge and that you have no extensions installed in it?

Share this post


Link to post
Share on other sites
3 minutes ago, itman said:

Are you stating you are getting the same alert in Edge and that you have no extensions installed in it?

Dear Itman,

 

Yes.. I don't have any extention on the edge. But when we try to serach somthing, it wil appeare.

 

Best Regards,

Thisara

Share this post


Link to post
Share on other sites

My suggestion again is to go to the malware removal sites I posted previously for assistance. Or, contact your in-country Eset support representative for assistance as long as you are using a paid licensed version of Eset.

-EDIT- As far as malwaretips.com and also possibly bleepingcomputer.com, note the following restriction:

Quote

We will not assist users that are using illegal/pirated software.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares. All P2P software has to be uninstalled or at least fully disabled before proceeding!

https://malwaretips.com/threads/piracy.38446/

Edited by itman

Share this post


Link to post
Share on other sites

I'd also try resetting your router to factory settings, disabling remote administration over WAN, installing the latest version of firmware and setting a more complex password for access to the webadmin console.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...