Jump to content

JS/Exploit.JavaDepKit.A detected in temp file?

JxMcGeary

By JxMcGeary
in Malware Finding and Cleaning

 Share
Go to solution Solved by Marcos,

Recommended Posts

JxMcGeary

JxMcGeary 0

Posted
Posted

I ordered a scan of user computers this morning. This turned up:

Malicious file JS/Exploit.JavaDepKit.A was detected on computer (redacted)

Threat type: Trojan
Threat name: JS/Exploit.JavaDepKit.A
Computer name: (redacted)
Logged user: Administrator initiated scan
Time of occurrence: 1/21/22, 1:31:01 PM UTC
Scanner: On‑demand scanner
Action performed: Deleted

 

When I looked it up at https://www.virusradar.com/en/JS_Exploit.JavaDepKit/detail I saw 'detection created 2010, world activity peak 2011, variant dates to 2010'. The file that the scan found was a temp file and was summarily deleted rather than quarantined. I can't find anything that indicates where it came from or what process or site created it. 

 

This is the second time this user has had this detection come up. The previous time was on January 12th and the detected file was much smaller- 148234 bytes as opposed to 1561050 today. Both times, ESET deleted it rather than quarantining it. Both times, ESET informed me that it had never been seen by LiveGrid. Is this an actual detection or is the current ESET definition set treating an old piece of code in a temp file as a threat? And is it possible to restore a deletion so that it can be uploaded to ESET for analysis, without causing the protection modules to automatically re-delete the file?

 

 

User is on a Windows 10 box. ESET Endpoint Security 9.0.2032.6, ESET Management Agent 9.0.1141.0, Detection Engine 24658 (20220121), ESET Dynamic Threat Defense for Endpoint Security enabled.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

You can retrieve the file from quarantine and submit it in an archive encrypted with the password "infected" to samples[at]eset.com for a check if you suspect it to be false positive.

Link to comment
Share on other sites
JxMcGeary

JxMcGeary 0

Posted
  • Author
Posted

I don't recall clicking that option but I was having some trouble with my connection at the time (I'm working remotely) and may have checked it by mistake in the course of trying to get my options right. My apologies.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
Just now, JxMcGeary said:

I don't recall clicking that option but I was having some trouble with my connection at the time (I'm working remotely) and may have checked it by mistake in the course of trying to get my options right. My apologies.

I'm asking since quite many users submit samples anonymously and expect a reply at the same time. So I wonder if it's not clear enough that we can't reply to anonymous submissions.

As for the samples, I've forwarded them for further analysis.

Link to comment
Share on other sites
JxMcGeary

JxMcGeary 0

Posted
  • Author
Posted

Nah, this was purely accidental. I was going back and forth between two screens and changing a couple of dropdown options and it resulted in me clicking things I didn't intend to click. It's happened in other apps with tickyboxes, too. 

Thank you for sending them off for analysis. I look forward to the results.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...