Jump to content

Recommended Posts

Posted

I am getting Address blocked messages every two or three seconds from the same site. 

I tried closing the browser, deleting extensions, restarting my computer, and don't know what else to try. 

I've attached a picture.

image.thumb.png.78e996e62984461399ad8975d438aad2.png

  • Administrators
Posted

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Posted
17 minutes ago, Marcos said:

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Even if my browser isn't open, I still get the same message. 

As soon as I turn on my computer, the message starts appearing.

 

Could you tell me how to send you the logs please?

  • Administrators
Posted

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ELC and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

Posted (edited)

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Edited by itman
Posted
19 minutes ago, Marcos said:

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

If I uninstall it now, will whatever is on that address try to break into my computer? Or should I not worry about that?

Thanks again.

  • Administrators
Posted

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

Posted
2 hours ago, Marcos said:

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Cause I am so impressed by the response times and awesome overall service.

Posted
4 hours ago, itman said:

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Hey! I am sorry I missed your post, I was able to fix the problem :)
Anyways, thank you so so much.

  • Administrators
Posted
5 hours ago, ArielA said:

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset??

Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...