spO.Oks 0 Posted June 21, 2014 Share Posted June 21, 2014 Just happened this morning. It kept popping up whenever I load a website that I noramally do not visit. It doesn't show up when I go to facebook, or youtube, etc. It does however show when I google something, go to a blog, etc. I need help. Already scanned my computer. Found a threat the first time I did then I tried several times after and ESET said it was clean, though it still shows up whenever I visit some sites. Is this a false positivity? Can my eset antivirus help me out? or do I need to do something else? :/ I would appreciate all the help I can get. Thanks. Link to comment Share on other sites More sharing options...
rugk 397 Posted June 21, 2014 Share Posted June 21, 2014 (edited) Just some things I found out: Here you get more information about this threat, but this don't helps you so much. On Virustotal the only 1 service thinks it's a malicious site (and that's not ESET) If you visit hxxp://utils.cdneurope.com then there's displayed a warning about "potentially unwanted content" by ESET There are detected more malicious javascript files by Virustotal the site has no really useful content (no pictures, and error file at the main) and it's hosted on a shared hoster (GoDaddy.com) - Source most visitors come directly to this site (that means they don't come from any website before - like entering the address directly in your web browser or opening a bookmark) - Source So IMHO it doesn't look like a false positive, but it would be nice to get more information: What is/are exactly the site(s) you visit if you get this warning? Edited June 22, 2014 by rugk Link to comment Share on other sites More sharing options...
spO.Oks 0 Posted June 22, 2014 Author Share Posted June 22, 2014 Thanks rugk!!It comes out whenever I open just any other site aside from the ones that I have been going to (or usually go to) before it started showing up. It even comes out when I visit this ESET website. Yes, it showed up as I replied to this forum. :/I appreciate your help. Please continue to do so since I have no idea anymore and I am not really experienced with these kind of stuff.And I doubt, since I cant remember, that I went to that site. :/ Link to comment Share on other sites More sharing options...
spO.Oks 0 Posted June 22, 2014 Author Share Posted June 22, 2014 Also a another question: Is it safe to assume that nothing is happening bad since everytim it pops up, it says QUARANTINED? :/ Thanks!! Link to comment Share on other sites More sharing options...
rugk 397 Posted June 22, 2014 Share Posted June 22, 2014 (edited) Also a another question: Is it safe to assume that nothing is happening bad since everytim it pops up, it says QUARANTINED? :/ Thanks!! This malicious javascript is blocked by ESET and copied into the quarantine. So a danger is no longer presented out of this file. But if it often pops up and you really don't visit hxxp://utils.cdneurope.com then it could be more dangerous, because maybe another malware that is already installed on your system could try to connect to this JS-file. It even comes out when I visit this ESET website. That's interesting, because on the ESET website there is surly no redirection or embedding of the questionable website cdneurope! Now I had to ask some more questions: Go on the ESET website and please don't open any other tabs with other websites. Now reload the website. Does this warning always come if you reload your website? Or only at the first visit or... ? What browser do you use? Test it with another browser and say if it's the same. Close all browsers and wait a bit. Does the message also come if you don't browse the web? It also would be good if ESET could say something about it. They surly know more about this threat and about this website than me. Edited March 13, 2015 by rugk Link to comment Share on other sites More sharing options...
Arakasi 549 Posted June 22, 2014 Share Posted June 22, 2014 Its a BHO. ESET is quarantining the threat created, but the harmless object is still sitting in a Scheduler or Extension somewhere. I recommend downloading AdwCleaner, run it and let the clean process complete and reboot your computer. When you log back in, before opening any browsers, perform a reset. With IE, you can find the reset in Control Panel > Internet Properties > Advanced > Reset Firefox is a little different, you have to open about:support, here is a link. <-- You may not even need AdwCleaner but you can just try a RESET first to see if the problem goes away when visiting any site. Alternatively you can Open Task Scheduler from Administrative Tools, and look to see if you have any objects that are scheduled to open on login, or upon opening a browser, or intervals etc. CCleaner lets you view this stuff easily in the Startup Tab sections. Let us know if this helps you solve your troubles. Link to comment Share on other sites More sharing options...
SweX 871 Posted June 22, 2014 Share Posted June 22, 2014 (edited) I visited a tech news site the other day, and no less than 4 different CDN URL:s were blocked on that site by ESS and I believe this particular CDN was one of them. But I won't say the name of the tech site (I don't want to name the wrong one) since I am not 100% wich of all the different tech sites it were, even if I "think" I know. And I just now visited the site that I "think" it was to check again but no CDN URL:s was blocked today. Anyways, this situation is different, it's just that I remembered that CDN url. Let's continue... Edited February 21, 2015 by SweX Link to comment Share on other sites More sharing options...
Arakasi 549 Posted June 22, 2014 Share Posted June 22, 2014 I visited a tech news site the other day, and no less than 4 different CDN URL:s were blocked on that site by ESS and I believe this particular CDN was one of them. But I won't say the name of the tech site (I don't want to name the wrong one) since I am not 100% wich of all the different tech sites it were, even if I "think" I know. And I just visited the site that I "think" it was but no CDN URL:s was blocked today. Anyways, this situation is different, it's just that I remembered that CDN url. Let's continue... I always go with my gut or first instinct lol, sometimes ill follow others too ! Link to comment Share on other sites More sharing options...
SweX 871 Posted June 22, 2014 Share Posted June 22, 2014 Well, then they must have fixed it as I did follow my gut feeling Link to comment Share on other sites More sharing options...
spO.Oks 0 Posted June 23, 2014 Author Share Posted June 23, 2014 Also a another question: Is it safe to assume that nothing is happening bad since everytim it pops up, it says QUARANTINED? :/ Thanks!! This malicious javascript is blocked by ESET and copied into the quarantine. So a danger is no longer presented out of this file. But if it often pops up and you really don't visit hxxp://utils.cdneurope.com then it could be more dangerous, because maybe another maleware that is already installed on your system could try to connect to this JS-file. It even comes out when I visit this ESET website. That's interesting, because on the ESET website there is surly no redirection or embedding of the questionable website cdneurope! Now I had to ask some more questions: Go on the ESET website and please don't open any other tabs with other websites. Now reload the website. Does this warning always come if you reload your website? Or only at the first visit or... ? What browser do you use? Test it with another browser and say if it's the same. Close all browsers and wait a bit. Does the message also come if you don't browse the web? It also would be good if ESET could say something about it. They surly know more about this threat and about this website than me. Hey thanks again! 1. Yes it shows up even when the only thing I open is the ESET site. Everytime I reload as well (but not if I do it too quick). However it did stop coming up whenever I load this thread. 2. I use Mozilla Firefox. I tried on Google Chrome and it didn't pop up. 3. Nope. It doesn't show up if I don't browse the internet. Link to comment Share on other sites More sharing options...
spO.Oks 0 Posted June 23, 2014 Author Share Posted June 23, 2014 Its a BHO. ESET is quarantining the threat created, but the harmless object is still sitting in a Scheduler or Extension somewhere. I recommend downloading AdwCleaner, run it and let the clean process complete and reboot your computer. When you log back in, before opening any browsers, perform a reset. With IE, you can find the reset in Control Panel > Internet Properties > Advanced > Reset Firefox is a little different, you have to open about:support, here is a link. <-- You may not even need AdwCleaner but you can just try a RESET first to see if the problem goes away when visiting any site. Alternatively you can Open Task Scheduler from Administrative Tools, and look to see if you have any objects that are scheduled to open on login, or upon opening a browser, or intervals etc. CCleaner lets you view this stuff easily in the Startup Tab sections. Let us know if this helps you solve your troubles. Hey thanks man!! I didnt download the adwCleaner. I just did a reset. It stopped popping up. Thanks man, appreciate it! Should I feel safe now or is there anything I should still look into? Oh yeah.. Firefox said that if I did a reset, it would save my old settings in a folder and if resetting worked for me then I should delete it... Should I? I mean Im wondering cause of that CDN thing. Thanks to everyone that helped! Hope it doesn't come back and everything is fine from now on. Thumbs up for everyone!! Link to comment Share on other sites More sharing options...
Arakasi 549 Posted June 23, 2014 Share Posted June 23, 2014 I am positive you are in the clear. ESET protected you the whole time it was trying to load. Sometimes the maintenance aspects like repairing the damage done isn't always so 1, 2, 3, done. Link to comment Share on other sites More sharing options...
Recommended Posts