Shachar Shadmi 0 Posted September 26, 2021 Share Posted September 26, 2021 About 2 days ago, ESET Internet Security (13.1.21.0) has flagged my personal site https://www.mylist.co.il/ due to it intercepting the "JS/Agent.OZD" trojan. I've had this site more than 2 years and never had a problem with security issues. I suspect that this item was recently added to the ESET list? The problem has been reported to my Host Provider tech team and their scans didn't detect anything. The practical issue is that some of the features of the forum are disabled, e.g., the text box for starting new discussions or replying to one is missing. Other related features are using the "Quote" feature, and a few others. Disabling ESET resolves those problems. I suspect that this is a false positive. I think javascript items are being flagged. What can I do to resolve this issue without creating a real risk? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted September 26, 2021 Administrators Share Posted September 26, 2021 I was unable to reproduce the detection on this website. Are you still getting the threat detected? Link to comment Share on other sites More sharing options...
Shachar Shadmi 0 Posted September 26, 2021 Author Share Posted September 26, 2021 Hi Marcos, Thanks for the quick response, Yes I'm still get it on several computers, Maybe you need to try it through Israel geo? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted September 26, 2021 Administrators Share Posted September 26, 2021 Please provide logs collected with ESET Log Collector from a mchine where it is still detected. Link to comment Share on other sites More sharing options...
itman 1,629 Posted September 26, 2021 Share Posted September 26, 2021 I could reproduce on Firefox using EIS 14.2.24: Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted September 26, 2021 ESET Insiders Share Posted September 26, 2021 7 hours ago, Marcos said: I was unable to reproduce the detection on this website. Are you still getting the threat detected? You should try and do investigate why you didn’t get a detection. You may find what some of us are saying, There are sporadic times that ESSP just doesn’t work, even though there are no indications it’s not working. In other words it still appears in the system tray but it’s not working. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted September 26, 2021 Administrators Share Posted September 26, 2021 It was caused by using a different browser. The website was indeed compromised. Please remove all references to: frookshop-winsive.com cening-setects.com Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted September 26, 2021 ESET Insiders Share Posted September 26, 2021 So not all browsers have http/https scanning enabled? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted September 26, 2021 Administrators Share Posted September 26, 2021 5 minutes ago, NewbyUser said: So not all browsers have http/https scanning enabled? It's not about SSL scanning but about conditions that the malware uses to inject into viewed html pages. Still, neither you nor me got the JS/Agent.OZD detection on the website, hence I assume this particular malware has been removed but another malware that injects a malicious code into viewed pages is still on the web server. Link to comment Share on other sites More sharing options...
Recommended Posts