Jump to content

ESET detects Scrinject.B trojan, but other just scanning services don't detect trojan


Recommended Posts

ESET detected Scrinject.B trojan and blocked a website that I tried to access. 

I also scanned the site on other online scanning services and here is what I got:

Quttera's report:

https://quttera.com/detailed_report/cryptodaily.co.uk

Virustotal's report:

https://www.virustotal.com/gui/url/071d96526c8afdf19317d155e763dae81755272f1c16fe5168179a9d477ebd7f

 

The results are not in line with the ESET detection.

Per Quettera's report, they didn't detect trojan and every detection is about this particular domain doubleclick.net which seems to have been known as an ad-serving domain for many websites.

I would like to confirm the ESET detection is correct. Whether the site really had a trojan file embedded or it's simply the site had the reference to the ad-serving domain in its code but false detected as trojan?

 

 

Link to comment
Share on other sites

  • Administrators

If you are an owner of the website, please remove all references to finized.co.

Link to comment
Share on other sites

Posted (edited)
6 minutes ago, Marcos said:

If you are an owner of the website, please remove all references to finized.co.

Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? 

Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan?

I am confused.

Edited by HK_
typo
Link to comment
Share on other sites

  • Administrators
2 hours ago, HK_ said:

Thanks for the reply. No, I am not the owner of the website. And Im not tech savvy enough, but where did finized.co. come from? 

That's a question for the owner of the website.

2 hours ago, HK_ said:

Are you saying that the detection was simply caused by the reference to the domain? i.e. no trojan?

The site doesn't seem to serve any useful content. Moreover, malware was detected on it.

Link to comment
Share on other sites

Posted (edited)
56 minutes ago, Marcos said:

That's a question for the owner of the website.

No, I meant how did you come to the fact that "the site has a reference to finized.co"?

Does Quterra report mention about finized.co?

https://quttera.com/detailed_report/cryptodaily.co.uk 

Edited by HK_
clarification
Link to comment
Share on other sites

5 minutes ago, Marcos said:

image.png

Uhhh.. Okay, do you mind elaborating a bit? (As I said Im not too technical)

I know this is a hex editor but is this a malware itself or the website?

Link to comment
Share on other sites

9 hours ago, HK_ said:

Quttera detected 31 malicious files scattered throughout web site references all having the same detection:

Detected reference to malicious blacklisted domain securepubads.g.doubleclick.net

Edited by itman
Link to comment
Share on other sites

I will also note that this web site can be accessed fine when using Eset if a good adblocker browser extension such as uBlock Origin is deployed. This is because the adblocker is preventing the malicious ad source from rendering as shown in the below screen shot:

image.thumb.png.c56ac16251c583a5e17f0d4ede6d535e.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...