Jump to content

JS/TrojanDownloader.Agent.THG


skuri
 Share

Recommended Posts

I keep getting this warning informing me that the threat (in title) was found when I try to visit a specific forum. This however, only happens on my laptop. Visiting the forum using my desktop (running the same ESET product) doesn't ring any alert.

Also, yesterday a friend shared a link: airline-empires.com and I get the same threat on this website as well. The odd thing again is, I don't get any detection on my desktop.

The common trait of the two sites are, they use HTTP. Curious, I've been trying different HTTP only sites and most of them, give me this threat, irrespective of the browser I'm using.

It gets really annoying when browsing through the forum. Is there anything I can do fix this? I've run a full scan on my laptop and it came clean with 0 detection.

Thanks!

unknown.png

Link to comment
Share on other sites

  • Administrators

Please provide logs collected with ESET Log Collector. Prior to collecting logs, select also "quarantined files" in ELC.

Link to comment
Share on other sites

  • Administrators

Do you get the detection as soon as you open in.forum.ivao.aero or site.aace.org in Firefox? Does it make a difference if you open it in Chrome or Edge? If you have more computers in the network connected via the same router, are you able to reproduce it on every machine? Please check DNS settings of your router if it's not configured to use a malicious DNS server.

Link to comment
Share on other sites

Yes, I get it as soon as I open it. I have two browsers installed, Firefox and Edge. I can reproduce on both. It only happens on this computer. Another computer, also running ESET Internet Security, on the same network does not detect anything.

Edited by skuri
Link to comment
Share on other sites

  • Administrators

Unfortunately I have no clue where the problem lies. Edge has only an uBlock Origin extension installed which is fine. There are quite many applications installed, hard to say if any of them could modify http communication. The logs didn't reveal anything suspicious.  I can only suggest to try replacing DNS servers 202.88.152.8 and 202.88.152.10 with Google's DNS 8.8.8.8 and 8.8.4.4.

Is the malware detected even in safe mode with networking?

Link to comment
Share on other sites

The desktop I mentioned earlier (with no detection), is running W8.1 while the laptop is on W10. I tried it on a family member's laptop running W10, also using ESET, and it reported a detection.

I also tried a different ISP, by tethering my phone and I no longer have a detection on my laptop.

Modifying the DNS didn't help, the threat is still being reported. So, after all, looks like something to do with my ISP?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...