Jump to content

Recommended Posts

Hello,

Everytime i open Edge, there is always detection JS/Chromex.Agent.BB trojan

Here the log

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
31/03/2021 16.13.45;HTTP filter;file;hxxp://msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ec8e6675-6ab7-4c6a-ba5a-a4d7aa5092e9?P1=1617718235&P2=404&P3=2&P4=BV6AskZngUBws3JtBxi8QFFY+K48cNGp+SWP9VxHGm495tIqIikMtaMZ8+pvCLkjp6Zn8UHya71mG0ZVUN7wmg==;JS/Chromex.Agent.BB trojan;connection terminated;HAW\ad;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (8AC8D2468840D73376AA087254097D141026DCDE).;AC15133243681AB240149B1B7CFDEDC18960334D;

 

Is this real trojan or false positif?


Thank You,

Link to post
Share on other sites
  • Administrators

I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result.

Link to post
Share on other sites

Eset not alone in this detection per below VirusTotal screen shot. However, most of the other AV vendor detection's appear to be generic ones:

Eset_Edge.thumb.png.ef7b758cf67ac776a222e0f90b1771f3.png

Link to post
Share on other sites

Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page.

Link to post
Share on other sites
18 hours ago, Marcos said:

I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result.

Thank you.

 

14 hours ago, itman said:

Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page.

i install it, but Eset still detect.

8 hours ago, kermit80 said:

looks like an extension. I would  reset the browser and check if the detection still occurs.

yes, at first i think it's because extention. then i remove all extention, reset settings but still.

Link to post
Share on other sites
  • Administrators

It was confirmed that the extension is malicious. I had doubts if it was malicious since its component had 0 detections at VT but was detected by ESET locally:

Utils.js - JS/Chromex.Agent.BB trojan

 

Link to post
Share on other sites
7 hours ago, Marcos said:

Utils.js - JS/Chromex.Agent.BB trojan

Fixing this it appears is going to be a "real bear." Utils.js is an OS component also used by many apps: https://www.exefiles.com/en/js/utils-js/ . As such, this might not be just an Edge issue related to some extension it is using.

Further details on Utils.js here: http://www.utilsjs.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...