Jump to content

Archived

This topic is now archived and is closed to further replies.

ArielA

Getting address blocked messages too frequently from the same site

Recommended Posts

I am getting Address blocked messages every two or three seconds from the same site. 

I tried closing the browser, deleting extensions, restarting my computer, and don't know what else to try. 

I've attached a picture.

image.thumb.png.78e996e62984461399ad8975d438aad2.png

Share this post


Link to post
Share on other sites

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Share this post


Link to post
Share on other sites
17 minutes ago, Marcos said:

This is related to JS/Agent.AG backdoor. Are you getting the alert in other browsers as well? Please provide logs collected with ESET Log Collector.

Even if my browser isn't open, I still get the same message. 

As soon as I turn on my computer, the message starts appearing.

 

Could you tell me how to send you the logs please?

Share this post


Link to post
Share on other sites
25 minutes ago, Marcos said:

For instructions how to collect logs with ESET Log Collector, read How do I use ESET Log Collector?

You can upload the generated archive here.

Thank you so much for your help! I've attached the logs.

eav_logs.zip

Share this post


Link to post
Share on other sites

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ELC and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

Share this post


Link to post
Share on other sites

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Share this post


Link to post
Share on other sites
19 minutes ago, Marcos said:

You have a license for ESET Internet Security but have ESET NOD32 Antivirus installed. Please uninstall it, install ESET Internet Security which provides better protection and carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- reproduce the detection
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Please use default EIS settings. In EAV you disabled startup scan tasks which also disabled the registry and UEFI scanners.

If I uninstall it now, will whatever is on that address try to break into my computer? Or should I not worry about that?

Thanks again.

Share this post


Link to post
Share on other sites

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

Share this post


Link to post
Share on other sites
2 hours ago, Marcos said:

You can also change the product here:

image.png

But please make sure to enable the two startup scan tasks in Scheduler that are enabled by default.

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset?? Cause I am so impressed by the response times and awesome overall service.

Share this post


Link to post
Share on other sites
4 hours ago, itman said:

Until this is resolved, I recommend creating an Eset firewall rule to block any outbound TCP traffic to remote port 8880. Appears that is the port the backdoor is using. Also set Logging severity to "Warning" for a while. The log events created will point to the process attempting the outbound connection. Post a few of those event log entries for forum review.

Hey! I am sorry I missed your post, I was able to fix the problem :)
Anyways, thank you so so much.

Share this post


Link to post
Share on other sites
5 hours ago, ArielA said:

It worked!!! Thank you so much!! Are you part of the Customer Service for Eset??

Moderators of this forum work either directly at the customer care in ESET HQ in Slovakia or ESET LLC in the US or they are experienced persons such as Aryeh who is a distinguished senior researcher from ESET LLC. Then there are users from the ESET staff group who help in this forum; they are typically developers who chime in to help especially with ESMC-related issues.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...