Jump to content

Dont know if false positivity. Need help, please. Not experienced. :(


Recommended Posts

Just happened this morning. It kept popping up whenever I load a website that I noramally do not visit. It doesn't show up when I go to facebook, or youtube, etc. It does however show when I google something, go to a blog, etc. I need help. Already scanned my computer. Found a threat the first time I did then I tried several times after and ESET said it was clean, though it still shows up whenever I visit some sites. Is this a false positivity? Can my eset antivirus help me out? or do I need to do something else? :/ I would appreciate all the help I can get. Thanks.

post-4120-0-71550200-1403331616_thumb.jpg

Link to post
Share on other sites

Just some things I found out:

  • Here you get more information about this threat, but this don't helps you so much.
  • On Virustotal the only 1 service thinks it's a malicious site (and that's not ESET)
  • If you visit hxxp://utils.cdneurope.com then there's displayed a warning about "potentially unwanted content" by ESET
  • There are detected more malicious javascript files by Virustotal
  • the site has no really useful content (no pictures, and error file at the main) and it's hosted on a shared hoster (GoDaddy.com) - Source
  • most visitors come directly to this site (that means they don't come from any website before - like entering the address directly in your web browser or opening a bookmark) - Source

So IMHO it doesn't look like a false positive, but it would be nice to get more information:

 

What is/are exactly the site(s) you visit if you get this warning?

Edited by rugk
Link to post
Share on other sites

Thanks rugk!!

It comes out whenever I open just any other site aside from the ones that I have been going to (or usually go to) before it started showing up. It even comes out when I visit this ESET website. Yes, it showed up as I replied to this forum. :/

I appreciate your help. Please continue to do so since I have no idea anymore and I am not really experienced with these kind of stuff.

And I doubt, since I cant remember, that I went to that site. :/

Link to post
Share on other sites

Also a another question: Is it safe to assume that nothing is happening bad since everytim it pops up, it says QUARANTINED? :/ Thanks!!

 

This malicious javascript is blocked by ESET and copied into the quarantine. So a danger is no longer presented out of this file.

But if it often pops up and you really don't visit hxxp://utils.cdneurope.com then it could be more dangerous, because maybe another malware that is already installed on your system could try to connect to this JS-file.

 

It even comes out when I visit this ESET website.

 

That's interesting, because on the ESET website there is surly no redirection or embedding of the questionable website cdneurope!

 

Now I had to ask some more questions:

  1. Go on the ESET website and please don't open any other tabs with other websites. Now reload the website. Does this warning always come if you reload your website? Or only at the first visit or... ?
  2. What browser do you use? Test it with another browser and say if it's the same.
  3. Close all browsers and wait a bit. Does the message also come if you don't browse the web?

 

It also would be good if ESET could say something about it. They surly know more about this threat and about this website than me.

Edited by rugk
Link to post
Share on other sites

Its a BHO. ESET is quarantining the threat created, but the harmless object is still sitting in a Scheduler or Extension somewhere.

 

I recommend downloading AdwCleaner, run it and let the clean process complete and reboot your computer.

When you log back in, before opening any browsers, perform a reset.

 

With IE, you can find the reset in Control Panel > Internet Properties > Advanced > Reset

Firefox is a little different, you have to open about:support, here is a link. <--

 

You may not even need AdwCleaner but you can just try a RESET first to see if the problem goes away when visiting any site.

 

Alternatively you can Open Task Scheduler from Administrative Tools, and look to see if you have any objects that are scheduled to open on login, or upon opening a browser, or intervals etc.

CCleaner lets you view this stuff easily in the Startup Tab sections.

 

Let us know if this helps you solve your troubles.

Link to post
Share on other sites

I visited a tech news site the other day, and no less than 4 different CDN URL:s were blocked on that site by ESS and I believe this particular CDN was one of them. But I won't say the name of the tech site (I don't want to name the wrong one) since I am not 100% wich of all the different tech sites it were, even if I "think" I know. And I just now visited the site that I "think" it was to check again but no CDN URL:s was blocked today.

 

Anyways, this situation is different, it's just that I remembered that CDN url.

 

Let's continue...

Edited by SweX
Link to post
Share on other sites

I visited a tech news site the other day, and no less than 4 different CDN URL:s were blocked on that site by ESS and I believe this particular CDN was one of them. But I won't say the name of the tech site (I don't want to name the wrong one) since I am not 100% wich of all the different tech sites it were, even if I "think" I know. And I just visited the site that I "think" it was but no CDN URL:s was blocked today.

 

Anyways, this situation is different, it's just that I remembered that CDN url.

 

Let's continue...

 

I always go with my gut or first instinct lol, sometimes ill follow others too !

Link to post
Share on other sites

 

Also a another question: Is it safe to assume that nothing is happening bad since everytim it pops up, it says QUARANTINED? :/ Thanks!!

 

This malicious javascript is blocked by ESET and copied into the quarantine. So a danger is no longer presented out of this file.

But if it often pops up and you really don't visit hxxp://utils.cdneurope.com then it could be more dangerous, because maybe another maleware that is already installed on your system could try to connect to this JS-file.

 

It even comes out when I visit this ESET website.

 

That's interesting, because on the ESET website there is surly no redirection or embedding of the questionable website cdneurope!

 

Now I had to ask some more questions:

  1. Go on the ESET website and please don't open any other tabs with other websites. Now reload the website. Does this warning always come if you reload your website? Or only at the first visit or... ?
  2. What browser do you use? Test it with another browser and say if it's the same.
  3. Close all browsers and wait a bit. Does the message also come if you don't browse the web?

 

It also would be good if ESET could say something about it. They surly know more about this threat and about this website than me.

 

Hey thanks again!

1. Yes it shows up even when the only thing I open is the ESET site. Everytime I reload as well (but not if I do it too quick). However it did stop coming up whenever I load this thread. :o

2. I use Mozilla Firefox. I tried on Google Chrome and it didn't pop up.

3. Nope. It doesn't show up if I don't browse the internet.

Link to post
Share on other sites

Its a BHO. ESET is quarantining the threat created, but the harmless object is still sitting in a Scheduler or Extension somewhere.

 

I recommend downloading AdwCleaner, run it and let the clean process complete and reboot your computer.

When you log back in, before opening any browsers, perform a reset.

 

With IE, you can find the reset in Control Panel > Internet Properties > Advanced > Reset

Firefox is a little different, you have to open about:support, here is a link. <--

 

You may not even need AdwCleaner but you can just try a RESET first to see if the problem goes away when visiting any site.

 

Alternatively you can Open Task Scheduler from Administrative Tools, and look to see if you have any objects that are scheduled to open on login, or upon opening a browser, or intervals etc.

CCleaner lets you view this stuff easily in the Startup Tab sections.

 

Let us know if this helps you solve your troubles.

Hey thanks man!!

I didnt download the adwCleaner. I just did a reset. It stopped popping up. Thanks man, appreciate it! :)

Should I feel safe now or is there anything I should still look into?

Oh yeah.. Firefox said that if I did a reset, it would save my old settings in a folder and if resetting worked for me then I should delete it... Should I? I mean Im wondering cause of that CDN thing.

Thanks to everyone that helped! Hope it doesn't come back and everything is fine from now on. Thumbs up for everyone!! :)

Link to post
Share on other sites

I am positive you are in the clear.

ESET protected you the whole time it was trying to load. :)

 

Sometimes the maintenance aspects like repairing the damage done isn't always so 1, 2, 3, done.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...