Jump to content

JS/TrojanDownloader.Agent.THG


Recommended Posts

I keep getting this warning informing me that the threat (in title) was found when I try to visit a specific forum. This however, only happens on my laptop. Visiting the forum using my desktop (running the same ESET product) doesn't ring any alert.

Also, yesterday a friend shared a link: airline-empires.com and I get the same threat on this website as well. The odd thing again is, I don't get any detection on my desktop.

The common trait of the two sites are, they use HTTP. Curious, I've been trying different HTTP only sites and most of them, give me this threat, irrespective of the browser I'm using.

It gets really annoying when browsing through the forum. Is there anything I can do fix this? I've run a full scan on my laptop and it came clean with 0 detection.

Thanks!

unknown.png

Link to post
Share on other sites
  • Administrators

Please provide logs collected with ESET Log Collector. Prior to collecting logs, select also "quarantined files" in ELC.

Link to post
Share on other sites
  • Administrators

Do you get the detection as soon as you open in.forum.ivao.aero or site.aace.org in Firefox? Does it make a difference if you open it in Chrome or Edge? If you have more computers in the network connected via the same router, are you able to reproduce it on every machine? Please check DNS settings of your router if it's not configured to use a malicious DNS server.

Link to post
Share on other sites
Posted (edited)

Yes, I get it as soon as I open it. I have two browsers installed, Firefox and Edge. I can reproduce on both. It only happens on this computer. Another computer, also running ESET Internet Security, on the same network does not detect anything.

Edited by skuri
Link to post
Share on other sites
  • Administrators

Unfortunately I have no clue where the problem lies. Edge has only an uBlock Origin extension installed which is fine. There are quite many applications installed, hard to say if any of them could modify http communication. The logs didn't reveal anything suspicious.  I can only suggest to try replacing DNS servers 202.88.152.8 and 202.88.152.10 with Google's DNS 8.8.8.8 and 8.8.4.4.

Is the malware detected even in safe mode with networking?

Link to post
Share on other sites

The desktop I mentioned earlier (with no detection), is running W8.1 while the laptop is on W10. I tried it on a family member's laptop running W10, also using ESET, and it reported a detection.

I also tried a different ISP, by tethering my phone and I no longer have a detection on my laptop.

Modifying the DNS didn't help, the threat is still being reported. So, after all, looks like something to do with my ISP?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...