ArielA 0 Posted May 12, 2020 Posted May 12, 2020 I am getting Address blocked messages every two or three seconds from the same site. I tried closing the browser, deleting extensions, restarting my computer, and don't know what else to try. I've attached a picture.
Administrators Marcos 5,446 Posted May 12, 2020 Administrators Posted May 12, 2020 This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.
ArielA 0 Posted May 12, 2020 Author Posted May 12, 2020 17 minutes ago, Marcos said: This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector. Even if my browser isn't open, I still get the same message. As soon as I turn on my computer, the message starts appearing. Could you tell me how to send you the logs please?
Administrators Marcos 5,446 Posted May 12, 2020 Administrators Posted May 12, 2020 For instructions how to collect logs with ELC, read How do I use ESET Log Collector? You can upload the generated archive here. JamesR 1
ArielA 0 Posted May 12, 2020 Author Posted May 12, 2020 25 minutes ago, Marcos said: For instructions how to collect logs with ESET Log Collector, read How do I use ESET Log Collector? You can upload the generated archive here. Thank you so much for your help! I've attached the logs. eav_logs.zip
Administrators Marcos 5,446 Posted May 12, 2020 Administrators Posted May 12, 2020 You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reproduce the detection - stop logging - collect logs with ELC and upload the generated archive here. Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.
itman 1,800 Posted May 12, 2020 Posted May 12, 2020 (edited) Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review. Edited May 12, 2020 by itman
ArielA 0 Posted May 12, 2020 Author Posted May 12, 2020 19 minutes ago, Marcos said: You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reproduce the detection - stop logging - collect logs with ESET Log Collector and upload the generated archive here. Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners. If I uninstall it now, will whatever is on that address try to break into my computer? Or should I not worry about that? Thanks again.
Administrators Marcos 5,446 Posted May 12, 2020 Administrators Posted May 12, 2020 You can also change the product here: But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.
ArielA 0 Posted May 12, 2020 Author Posted May 12, 2020 2 hours ago, Marcos said: You can also change the product here: But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default. It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Cause I am so impressed by the response times and awesome overall service.
ArielA 0 Posted May 12, 2020 Author Posted May 12, 2020 4 hours ago, itman said: Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review. Hey! I am sorry I missed your post, I was able to fix the problem Anyways, thank you so so much.
Administrators Marcos 5,446 Posted May 13, 2020 Administrators Posted May 13, 2020 5 hours ago, ArielA said: It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues. Nightowl 1
Recommended Posts