Jump to content

html/Refresh.BC trojan alert when typing 192.168.1.254


Recommended Posts

When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted.

Eset says that site has malware on it, so a warning to everyone don't go to the link in the column named object.

 

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">1/07/2022 9:54:02 pm</COLUMN>
      <COLUMN NAME="Scanner">HTTP filter</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">dont click on this link its malware!! https://19216811-vn.webpkgcache.com/doc/-/s/19216811.vn/en/ip/192-168-1-254</COLUMN>
      <COLUMN NAME="Detection">HTML/Refresh.BC trojan</COLUMN>
      <COLUMN NAME="Action">connection terminated</COLUMN>
      <COLUMN NAME="User">redacted username</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the web by the application: C:\Program Files\Google\Chrome\Application\chrome.exe (889F217AD770794EDEC8FE405445F507B77B6E64).</COLUMN>
      <COLUMN NAME="Hash">EE158D8F0159326F5CDE897722CC482DA5CE867A</COLUMN>
      <COLUMN NAME="First seen here"></COLUMN>
    </RECORD>
 </LOG>
</ESET>

When I press f12 to open up the chrome console in the google search page there is a link to the site that has the trojan on it. Also that site is the third link down on the google search results.

image.png.531ccc80de737cc2649b5bba285b758a.png

 

 

image.thumb.png.db10f1f48380332844860a96694cad9d.png

 

 

This in 100% reproducible, every single time I refresh the page or google search 192.168.1.254 or google the link above Eset comes up with the warning message I pasted above. Is this something I should be worried about? I tried to reinstall chrome but it still happens. 

Link to comment
Share on other sites

On 7/1/2022 at 7:37 AM, gryn2 said:

When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted.

No problem here. When I enter 192.168.1.254 in Google search window, it opens my router's GUI interface.

Is your router's IPv4 gateway address 192.168.1.254? To verify what your IPv4 gateway address is open a command prompt windows and enter:

ipconfig /all

Link to comment
Share on other sites

  • ESET Insiders

It's just Chrome preloading links from the search results. I get the same thing happen when Google searching the same address with MS Edge.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...