Jump to content

ESET detects Scrinject.B trojan, but other just scanning services don't detect trojan

HK_

By HK_
in Malware Finding and Cleaning

 Share

Recommended Posts

HK_

HK_ 0

Posted
Posted

ESET detected Scrinject.B trojan and blocked a website that I tried to access. 

I also scanned the site on other online scanning services and here is what I got:

Quttera's report:

https://quttera.com/detailed_report/cryptodaily.co.uk

Virustotal's report:

https://www.virustotal.com/gui/url/071d96526c8afdf19317d155e763dae81755272f1c16fe5168179a9d477ebd7f

 

The results are not in line with the ESET detection.

Per Quettera's report, they didn't detect trojan and every detection is about this particular domain doubleclick.net which seems to have been known as an ad-serving domain for many websites.

I would like to confirm the ESET detection is correct. Whether the site really had a trojan file embedded or it's simply the site had the reference to the ad-serving domain in its code but false detected as trojan?

 

 

Link to comment
Share on other sites
HK_

HK_ 0

Posted
  • Author
Posted (edited)
6 minutes ago, Marcos said:

If you are an owner of the website, please remove all references to finized.co.

Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? 

Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan?

I am confused.

Edited by HK_
typo
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
2 hours ago, HK_ said:

Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? 

That's a question for the owner of the website.

2 hours ago, HK_ said:

Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan?

The site doesn't seem to serve any useful content. Moreover, malware was detected on it.

Link to comment
Share on other sites
HK_

HK_ 0

Posted
  • Author
Posted (edited)
56 minutes ago, Marcos said:

That's a question for the owner of the website.

No, I meant how did you come to the fact that "the site has a reference to finized.co"?

Does Quterra report mention about finized.co?

https://quttera.com/detailed_report/cryptodaily.co.uk 

Edited by HK_
clarification
Link to comment
Share on other sites
HK_

HK_ 0

Posted
  • Author
Posted
5 minutes ago, Marcos said:

image.png

Uhhh.. Okay, do you mind elaborating a bit? (As I said Im not too technical)

I know this is a hex editor but is this a malware itself or the website?

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)
9 hours ago, HK_ said:

Quttera's report:

https://quttera.com/detailed_report/cryptodaily.co.uk

Quttera detected 31 malicious files scattered throughout web site references all having the same detection:

Detected reference to malicious blacklisted domain securepubads.g.doubleclick.net

Edited by itman
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

I will also note that this web site can be accessed fine when using Eset if a good adblocker browser extension such as uBlock Origin is deployed. This is because the adblocker is preventing the malicious ad source from rendering as shown in the below screen shot:

image.thumb.png.c56ac16251c583a5e17f0d4ede6d535e.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...