Jump to content

Threat: HTML/ScrInject.B trojan


Recommended Posts

Hi
Over the past few days, a large number of site users have reported to us that some of the site's pages will not open and will be blocked by NOD32 antivirus.

The site is completely secure and there is no problem and they see the following:

HTML/ScrInject.B trojan

Blocked address (example):

https://king2net.com/11746/clash-royale-hack/

 
How can I fix this problem?

nod.png

Link to comment
Share on other sites

Hello
Thank you for your guidance
I have now deleted the file
Will the site problem be solved?

Link to comment
Share on other sites

1 hour ago, abolfazl said:

Hello
Thank you for your guidance
I have now deleted the file
Will the site problem be solved?

It currently scanned clean by Quttera: https://quttera.com/detailed_report/king2net.com

Refer to FAQ section on the Eset forum home page on "submission of false positive" request. I would include the above Quttera scan link in the request to Eset for re-classification of your domain.

Link to comment
Share on other sites

  • 4 weeks later...
On 7/5/2021 at 4:01 AM, itman said:

It currently scanned clean by Quttera: https://quttera.com/detailed_report/king2net.com

Refer to FAQ section on the Eset forum home page on "submission of false positive" request. I would include the above Quttera scan link in the request to Eset for re-classification of your domain.

Thank you for your guidance But I still could not message eset support! Because I did not find the part you mentioned in the forum Please provide a direct link to the report

Link to comment
Share on other sites

  • Most Valued Members
58 minutes ago, abolfazl said:

Thank you for your guidance But I still could not message eset support! Because I did not find the part you mentioned in the forum Please provide a direct link to the report

Here you need to send an email/form as instructed here : https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab

Link to comment
Share on other sites

3 hours ago, abolfazl said:

Because I did not find the part you mentioned in the forum Please provide a direct link to the report

I don't know how you could miss this reference. It's listed on the forum home web page. See below screen shot:

Eset_Forum.thumb.png.7b1c83d54a802f72f56306b391e02a79.png

Link to comment
Share on other sites

Also refer to this Sucuri analysis: https://sitecheck.sucuri.net/results/https/king2net.com/11746/clash-royale-hack/ . This site is currently blacklisted by McAfee. Interestingly, it states that Eset indicates the site is clean. However, Eset is still detecting malware on the web site and blocking access to it:

Eset_malware.png.e5051dd7a546a489568b639d1c745c92.png

My best guess here is the malicious web site script injection is only being triggered via direct browser access to the site.

Eset's current detection is correct since the site still contains malware per this recent VirusTotal scan:

Eset_VT.thumb.png.144e598cd404383371cf12864d4a0a4c.png

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...