Jump to content

Recommended Posts

Posted

I keep getting this warning informing me that the threat (in title) was found when I try to visit a specific forum. This however, only happens on my laptop. Visiting the forum using my desktop (running the same ESET product) doesn't ring any alert.

Also, yesterday a friend shared a link: airline-empires.com and I get the same threat on this website as well. The odd thing again is, I don't get any detection on my desktop.

The common trait of the two sites are, they use HTTP. Curious, I've been trying different HTTP only sites and most of them, give me this threat, irrespective of the browser I'm using.

It gets really annoying when browsing through the forum. Is there anything I can do fix this? I've run a full scan on my laptop and it came clean with 0 detection.

Thanks!

unknown.png

  • Administrators
Posted

Please provide logs collected with ESET Log Collector. Prior to collecting logs, select also "quarantined files" in ELC.

Posted

I have collected the log. Can I send it to you over DM?

  • Administrators
Posted

You can upload the generated archive here. Only ESET staff has access to attachments.

  • Administrators
Posted

Do you get the detection as soon as you open in.forum.ivao.aero or site.aace.org in Firefox? Does it make a difference if you open it in Chrome or Edge? If you have more computers in the network connected via the same router, are you able to reproduce it on every machine? Please check DNS settings of your router if it's not configured to use a malicious DNS server.

Posted (edited)

Yes, I get it as soon as I open it. I have two browsers installed, Firefox and Edge. I can reproduce on both. It only happens on this computer. Another computer, also running ESET Internet Security, on the same network does not detect anything.

Edited by skuri
  • Administrators
Posted

Unfortunately I have no clue where the problem lies. Edge has only an uBlock Origin extension installed which is fine. There are quite many applications installed, hard to say if any of them could modify http communication. The logs didn't reveal anything suspicious.  I can only suggest to try replacing DNS servers 202.88.152.8 and 202.88.152.10 with Google's DNS 8.8.8.8 and 8.8.4.4.

Is the malware detected even in safe mode with networking?

Posted

The desktop I mentioned earlier (with no detection), is running W8.1 while the laptop is on W10. I tried it on a family member's laptop running W10, also using ESET, and it reported a detection.

I also tried a different ISP, by tethering my phone and I no longer have a detection on my laptop.

Modifying the DNS didn't help, the threat is still being reported. So, after all, looks like something to do with my ISP?

Posted

Any guess as to why the detection doesn't happen on W8.1 but on W10?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...