Jump to content

html/Refresh.BC trojan alert when typing 192.168.1.254

gryn2

By gryn2
in Malware Finding and Cleaning

 Share

Recommended Posts

gryn2

gryn2 0

Posted
Posted

When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted.

Eset says that site has malware on it, so a warning to everyone don't go to the link in the column named object.

  

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">1/07/2022 9:54:02 pm</COLUMN>
      <COLUMN NAME="Scanner">HTTP filter</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">dont click on this link its malware!! https://19216811-vn.webpkgcache.com/doc/-/s/19216811.vn/en/ip/192-168-1-254</COLUMN>
      <COLUMN NAME="Detection">HTML/Refresh.BC trojan</COLUMN>
      <COLUMN NAME="Action">connection terminated</COLUMN>
      <COLUMN NAME="User">redacted username</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the web by the application: C:\Program Files\Google\Chrome\Application\chrome.exe (889F217AD770794EDEC8FE405445F507B77B6E64).</COLUMN>
      <COLUMN NAME="Hash">EE158D8F0159326F5CDE897722CC482DA5CE867A</COLUMN>
      <COLUMN NAME="First seen here"></COLUMN>
    </RECORD>
 </LOG>
</ESET>

When I press f12 to open up the chrome console in the google search page there is a link to the site that has the trojan on it. Also that site is the third link down on the google search results.

image.png.531ccc80de737cc2649b5bba285b758a.png

 

 

image.thumb.png.db10f1f48380332844860a96694cad9d.png

 

 

This in 100% reproducible, every single time I refresh the page or google search 192.168.1.254 or google the link above Eset comes up with the warning message I pasted above. Is this something I should be worried about? I tried to reinstall chrome but it still happens. 

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
On 7/1/2022 at 7:37 AM, gryn2 said:

When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted.

No problem here. When I enter 192.168.1.254 in Google search window, it opens my router's GUI interface.

Is your router's IPv4 gateway address 192.168.1.254? To verify what your IPv4 gateway address is open a command prompt windows and enter:

ipconfig /all

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...