Jump to content

Getting address blocked messages too frequently from the same site


Recommended Posts

I am getting Address blocked messages every two or three seconds from the same site. 

I tried closing the browser, deleting extensions, restarting my computer, and don't know what else to try. 

I've attached a picture.

image.thumb.png.78e996e62984461399ad8975d438aad2.png

Link to post
Share on other sites
  • Administrators

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Link to post
Share on other sites
17 minutes ago, Marcos said:

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Even if my browser isn't open, I still get the same message. 

As soon as I turn on my computer, the message starts appearing.

 

Could you tell me how to send you the logs please?

Link to post
Share on other sites
  • Administrators

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ELC and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

Link to post
Share on other sites
Posted (edited)

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Edited by itman
Link to post
Share on other sites
19 minutes ago, Marcos said:

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

If I uninstall it now, will whatever is on that address try to break into my computer? Or should I not worry about that?

Thanks again.

Link to post
Share on other sites
  • Administrators

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

Link to post
Share on other sites
2 hours ago, Marcos said:

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Cause I am so impressed by the response times and awesome overall service.

Link to post
Share on other sites
4 hours ago, itman said:

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Hey! I am sorry I missed your post, I was able to fix the problem :)
Anyways, thank you so so much.

Link to post
Share on other sites
  • Administrators
5 hours ago, ArielA said:

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset??

Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...