santoso 7 Posted March 31, 2021 Share Posted March 31, 2021 Hello, Everytime i open Edge, there is always detection JS/Chromex.Agent.BB trojan Here the log Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 31/03/2021 16.13.45;HTTP filter;file;hxxp://msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ec8e6675-6ab7-4c6a-ba5a-a4d7aa5092e9?P1=1617718235&P2=404&P3=2&P4=BV6AskZngUBws3JtBxi8QFFY+K48cNGp+SWP9VxHGm495tIqIikMtaMZ8+pvCLkjp6Zn8UHya71mG0ZVUN7wmg==;JS/Chromex.Agent.BB trojan;connection terminated;HAW\ad;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (8AC8D2468840D73376AA087254097D141026DCDE).;AC15133243681AB240149B1B7CFDEDC18960334D; Is this real trojan or false positif? Thank You, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted March 31, 2021 Administrators Share Posted March 31, 2021 I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result. Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 31, 2021 Share Posted March 31, 2021 Eset not alone in this detection per below VirusTotal screen shot. However, most of the other AV vendor detection's appear to be generic ones: Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 31, 2021 Share Posted March 31, 2021 Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page. Link to comment Share on other sites More sharing options...
Guest Posted March 31, 2021 Share Posted March 31, 2021 looks like an extension. I would reset the browser and check if the detection still occurs. Link to comment Share on other sites More sharing options...
santoso 7 Posted April 1, 2021 Author Share Posted April 1, 2021 18 hours ago, Marcos said: I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result. Thank you. 14 hours ago, itman said: Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page. i install it, but Eset still detect. 8 hours ago, kermit80 said: looks like an extension. I would reset the browser and check if the detection still occurs. yes, at first i think it's because extention. then i remove all extention, reset settings but still. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 1, 2021 Administrators Share Posted April 1, 2021 It was confirmed that the extension is malicious. I had doubts if it was malicious since its component had 0 detections at VT but was detected by ESET locally: Utils.js - JS/Chromex.Agent.BB trojan Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 1, 2021 Share Posted April 1, 2021 7 hours ago, Marcos said: Utils.js - JS/Chromex.Agent.BB trojan Fixing this it appears is going to be a "real bear." Utils.js is an OS component also used by many apps: https://www.exefiles.com/en/js/utils-js/ . As such, this might not be just an Edge issue related to some extension it is using. Further details on Utils.js here: http://www.utilsjs.com/ Link to comment Share on other sites More sharing options...
Recommended Posts