Jump to content

Real Trojan or False Positif


Recommended Posts

Hello,

Everytime i open Edge, there is always detection JS/Chromex.Agent.BB trojan

Here the log

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
31/03/2021 16.13.45;HTTP filter;file;hxxp://msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ec8e6675-6ab7-4c6a-ba5a-a4d7aa5092e9?P1=1617718235&P2=404&P3=2&P4=BV6AskZngUBws3JtBxi8QFFY+K48cNGp+SWP9VxHGm495tIqIikMtaMZ8+pvCLkjp6Zn8UHya71mG0ZVUN7wmg==;JS/Chromex.Agent.BB trojan;connection terminated;HAW\ad;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (8AC8D2468840D73376AA087254097D141026DCDE).;AC15133243681AB240149B1B7CFDEDC18960334D;

 

Is this real trojan or false positif?


Thank You,

Link to comment
Share on other sites

  • Administrators

I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result.

Link to comment
Share on other sites

Eset not alone in this detection per below VirusTotal screen shot. However, most of the other AV vendor detection's appear to be generic ones:

Eset_Edge.thumb.png.ef7b758cf67ac776a222e0f90b1771f3.png

Link to comment
Share on other sites

Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page.

Link to comment
Share on other sites

18 hours ago, Marcos said:

I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result.

Thank you.

 

14 hours ago, itman said:

Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page.

i install it, but Eset still detect.

8 hours ago, kermit80 said:

looks like an extension. I would  reset the browser and check if the detection still occurs.

yes, at first i think it's because extention. then i remove all extention, reset settings but still.

Link to comment
Share on other sites

  • Administrators

It was confirmed that the extension is malicious. I had doubts if it was malicious since its component had 0 detections at VT but was detected by ESET locally:

Utils.js - JS/Chromex.Agent.BB trojan

 

Link to comment
Share on other sites

7 hours ago, Marcos said:

Utils.js - JS/Chromex.Agent.BB trojan

Fixing this it appears is going to be a "real bear." Utils.js is an OS component also used by many apps: https://www.exefiles.com/en/js/utils-js/ . As such, this might not be just an Edge issue related to some extension it is using.

Further details on Utils.js here: http://www.utilsjs.com/

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...