skuri 0 Posted August 3, 2020 Posted August 3, 2020 I keep getting this warning informing me that the threat (in title) was found when I try to visit a specific forum. This however, only happens on my laptop. Visiting the forum using my desktop (running the same ESET product) doesn't ring any alert. Also, yesterday a friend shared a link: airline-empires.com and I get the same threat on this website as well. The odd thing again is, I don't get any detection on my desktop. The common trait of the two sites are, they use HTTP. Curious, I've been trying different HTTP only sites and most of them, give me this threat, irrespective of the browser I'm using. It gets really annoying when browsing through the forum. Is there anything I can do fix this? I've run a full scan on my laptop and it came clean with 0 detection. Thanks!
Administrators Marcos 5,462 Posted August 3, 2020 Administrators Posted August 3, 2020 Please provide logs collected with ESET Log Collector. Prior to collecting logs, select also "quarantined files" in ELC.
skuri 0 Posted August 3, 2020 Author Posted August 3, 2020 I have collected the log. Can I send it to you over DM?
Administrators Marcos 5,462 Posted August 3, 2020 Administrators Posted August 3, 2020 You can upload the generated archive here. Only ESET staff has access to attachments.
skuri 0 Posted August 3, 2020 Author Posted August 3, 2020 Okay. Please find it attached. eis_logs.zip
Administrators Marcos 5,462 Posted August 3, 2020 Administrators Posted August 3, 2020 Do you get the detection as soon as you open in.forum.ivao.aero or site.aace.org in Firefox? Does it make a difference if you open it in Chrome or Edge? If you have more computers in the network connected via the same router, are you able to reproduce it on every machine? Please check DNS settings of your router if it's not configured to use a malicious DNS server.
skuri 0 Posted August 3, 2020 Author Posted August 3, 2020 (edited) Yes, I get it as soon as I open it. I have two browsers installed, Firefox and Edge. I can reproduce on both. It only happens on this computer. Another computer, also running ESET Internet Security, on the same network does not detect anything. Edited August 3, 2020 by skuri
Administrators Marcos 5,462 Posted August 3, 2020 Administrators Posted August 3, 2020 Unfortunately I have no clue where the problem lies. Edge has only an uBlock Origin extension installed which is fine. There are quite many applications installed, hard to say if any of them could modify http communication. The logs didn't reveal anything suspicious. I can only suggest to try replacing DNS servers 202.88.152.8 and 202.88.152.10 with Google's DNS 8.8.8.8 and 8.8.4.4. Is the malware detected even in safe mode with networking?
skuri 0 Posted August 4, 2020 Author Posted August 4, 2020 The desktop I mentioned earlier (with no detection), is running W8.1 while the laptop is on W10. I tried it on a family member's laptop running W10, also using ESET, and it reported a detection. I also tried a different ISP, by tethering my phone and I no longer have a detection on my laptop. Modifying the DNS didn't help, the threat is still being reported. So, after all, looks like something to do with my ISP?
skuri 0 Posted August 4, 2020 Author Posted August 4, 2020 Any guess as to why the detection doesn't happen on W8.1 but on W10?
Recommended Posts