santoso 7 Posted March 31, 2021 Posted March 31, 2021 Hello, Everytime i open Edge, there is always detection JS/Chromex.Agent.BB trojan Here the log Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 31/03/2021 16.13.45;HTTP filter;file;hxxp://msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ec8e6675-6ab7-4c6a-ba5a-a4d7aa5092e9?P1=1617718235&P2=404&P3=2&P4=BV6AskZngUBws3JtBxi8QFFY+K48cNGp+SWP9VxHGm495tIqIikMtaMZ8+pvCLkjp6Zn8UHya71mG0ZVUN7wmg==;JS/Chromex.Agent.BB trojan;connection terminated;HAW\ad;Event occurred during an attempt to access the web by the application: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (8AC8D2468840D73376AA087254097D141026DCDE).;AC15133243681AB240149B1B7CFDEDC18960334D; Is this real trojan or false positif? Thank You,
Administrators Marcos 5,455 Posted March 31, 2021 Administrators Posted March 31, 2021 I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result.
itman 1,802 Posted March 31, 2021 Posted March 31, 2021 Eset not alone in this detection per below VirusTotal screen shot. However, most of the other AV vendor detection's appear to be generic ones:
itman 1,802 Posted March 31, 2021 Posted March 31, 2021 Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page.
Guest Posted March 31, 2021 Posted March 31, 2021 looks like an extension. I would reset the browser and check if the detection still occurs.
santoso 7 Posted April 1, 2021 Author Posted April 1, 2021 18 hours ago, Marcos said: I've submitted the file to samples[at]eset.com to get it checked. I'll let you know when I hear back about the result. Thank you. 14 hours ago, itman said: Also, I don't use Edge but I did open it to see if I could duplicate this issue. Other than it appears to have recently updated, I did not receive any Eset detection. Ditto for a second opening of Edge. Now I do use uBlock Origin on Edge , so it is possible it is blocking the source of this Javascript detection on the Edge home (default one) page. i install it, but Eset still detect. 8 hours ago, kermit80 said: looks like an extension. I would reset the browser and check if the detection still occurs. yes, at first i think it's because extention. then i remove all extention, reset settings but still.
Administrators Marcos 5,455 Posted April 1, 2021 Administrators Posted April 1, 2021 It was confirmed that the extension is malicious. I had doubts if it was malicious since its component had 0 detections at VT but was detected by ESET locally: Utils.js - JS/Chromex.Agent.BB trojan
itman 1,802 Posted April 1, 2021 Posted April 1, 2021 7 hours ago, Marcos said: Utils.js - JS/Chromex.Agent.BB trojan Fixing this it appears is going to be a "real bear." Utils.js is an OS component also used by many apps: https://www.exefiles.com/en/js/utils-js/ . As such, this might not be just an Edge issue related to some extension it is using. Further details on Utils.js here: http://www.utilsjs.com/
Recommended Posts