ArielA 0 Posted May 12, 2020 Share Posted May 12, 2020 I am getting Address blocked messages every two or three seconds from the same site. I tried closing the browser, deleting extensions, restarting my computer, and don't know what else to try. I've attached a picture. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted May 12, 2020 Administrators Share Posted May 12, 2020 This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
ArielA 0 Posted May 12, 2020 Author Share Posted May 12, 2020 17 minutes ago, Marcos said: This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector. Even if my browser isn't open, I still get the same message. As soon as I turn on my computer, the message starts appearing. Could you tell me how to send you the logs please? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted May 12, 2020 Administrators Share Posted May 12, 2020 For instructions how to collect logs with ELC, read How do I use ESET Log Collector? You can upload the generated archive here. JamesR 1 Link to comment Share on other sites More sharing options...
ArielA 0 Posted May 12, 2020 Author Share Posted May 12, 2020 25 minutes ago, Marcos said: For instructions how to collect logs with ESET Log Collector, read How do I use ESET Log Collector? You can upload the generated archive here. Thank you so much for your help! I've attached the logs. eav_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted May 12, 2020 Administrators Share Posted May 12, 2020 You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reproduce the detection - stop logging - collect logs with ELC and upload the generated archive here. Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners. Link to comment Share on other sites More sharing options...
itman 1,630 Posted May 12, 2020 Share Posted May 12, 2020 (edited) Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review. Edited May 12, 2020 by itman Link to comment Share on other sites More sharing options...
ArielA 0 Posted May 12, 2020 Author Share Posted May 12, 2020 19 minutes ago, Marcos said: You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reproduce the detection - stop logging - collect logs with ESET Log Collector and upload the generated archive here. Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners. If I uninstall it now, will whatever is on that address try to break into my computer? Or should I not worry about that? Thanks again. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted May 12, 2020 Administrators Share Posted May 12, 2020 You can also change the product here: But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default. Link to comment Share on other sites More sharing options...
ArielA 0 Posted May 12, 2020 Author Share Posted May 12, 2020 2 hours ago, Marcos said: You can also change the product here: But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default. It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Cause I am so impressed by the response times and awesome overall service. Link to comment Share on other sites More sharing options...
ArielA 0 Posted May 12, 2020 Author Share Posted May 12, 2020 4 hours ago, itman said: Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review. Hey! I am sorry I missed your post, I was able to fix the problem Anyways, thank you so so much. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted May 13, 2020 Administrators Share Posted May 13, 2020 5 hours ago, ArielA said: It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues. Nightowl 1 Link to comment Share on other sites More sharing options...
Recommended Posts