Jump to content

Threat: HTML/ScrInject.B trojan


Recommended Posts

Hi
Over the past few days, a large number of site users have reported to us that some of the site's pages will not open and will be blocked by NOD32 antivirus.

The site is completely secure and there is no problem and they see the following:

HTML/ScrInject.B trojan

Blocked address (example):

https://king2net.com/11746/clash-royale-hack/

 
How can I fix this problem?

nod.png

Link to comment
Share on other sites

Hello
Thank you for your guidance
I have now deleted the file
Will the site problem be solved?

Link to comment
Share on other sites

1 hour ago, abolfazl said:

Hello
Thank you for your guidance
I have now deleted the file
Will the site problem be solved?

It currently scanned clean by Quttera: https://quttera.com/detailed_report/king2net.com

Refer to FAQ section on the Eset forum home page on "submission of false positive" request. I would include the above Quttera scan link in the request to Eset for re-classification of your domain.

Link to comment
Share on other sites

  • 4 weeks later...
On 7/5/2021 at 4:01 AM, itman said:

It currently scanned clean by Quttera: https://quttera.com/detailed_report/king2net.com

Refer to FAQ section on the Eset forum home page on "submission of false positive" request. I would include the above Quttera scan link in the request to Eset for re-classification of your domain.

Thank you for your guidance But I still could not message eset support! Because I did not find the part you mentioned in the forum Please provide a direct link to the report

Link to comment
Share on other sites

  • Most Valued Members
58 minutes ago, abolfazl said:

Thank you for your guidance But I still could not message eset support! Because I did not find the part you mentioned in the forum Please provide a direct link to the report

Here you need to send an email/form as instructed here : https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab

Link to comment
Share on other sites

3 hours ago, abolfazl said:

Because I did not find the part you mentioned in the forum Please provide a direct link to the report

I don't know how you could miss this reference. It's listed on the forum home web page. See below screen shot:

Eset_Forum.thumb.png.7b1c83d54a802f72f56306b391e02a79.png

Link to comment
Share on other sites

Also refer to this Sucuri analysis: https://sitecheck.sucuri.net/results/https/king2net.com/11746/clash-royale-hack/ . This site is currently blacklisted by McAfee. Interestingly, it states that Eset indicates the site is clean. However, Eset is still detecting malware on the web site and blocking access to it:

Eset_malware.png.e5051dd7a546a489568b639d1c745c92.png

My best guess here is the malicious web site script injection is only being triggered via direct browser access to the site.

Eset's current detection is correct since the site still contains malware per this recent VirusTotal scan:

Eset_VT.thumb.png.144e598cd404383371cf12864d4a0a4c.png

Edited by itman
Link to comment
Share on other sites

  • 2 months later...

Dear admin , 

There was a link to an infected site on my site and I deleted it . 

My site is clean now .  ( attachment )  I also sent an email to the ESET  

After 10 days, I still can not enter my site . Please advise what to do? 

Site: irtci.com

 


nod.jpg

Link to comment
Share on other sites

  • Administrators
Quote

There was a link to an infected site on my site and I deleted it . 

My site is clean now

The website was compromised. Please remove all references to joyshoul.com.

Link to comment
Share on other sites

  • Administrators

You should have access to all files on your site so you can search them all for a reference to the malicious domain.

Link to comment
Share on other sites

Really Thanks . 

I seem to have to search all 1500 pages . I wish there was software that would find the pages where this link was added . 

Google can also help  Site:irtci.com ( link ) 

Anyway, thank you for your help

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Habib Hosseini said:

Really Thanks . 

I seem to have to search all 1500 pages . I wish there was software that would find the pages where this link was added . 

Google can also help  Site:irtci.com ( link ) 

Anyway, thank you for your help

Download the source files for your website , let ESET scan it , it should pinpoint which files are having it, can make your search easier.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...