DanielZ 0 Posted October 25, 2023 Share Posted October 25, 2023 Hi, can you analize this url please The site is https://vdi.metrogas.com.ar Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted October 26, 2023 Administrators Share Posted October 26, 2023 I'm unable to reproduce it, I assume because the site requires authorization and the alert occurred after logging in? Link to comment Share on other sites More sharing options...
DanielZ 0 Posted October 26, 2023 Author Share Posted October 26, 2023 Hi Marcos. The error appears after entering the url, before it asks for login. I have added the exclusion in nod to be able to enter the site. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted October 26, 2023 Administrators Share Posted October 26, 2023 I don't recommend excluding the website or you may get infected. Please provide logs collected with ESET Log Collector. Make sure to select also quarantined files to be collected. Link to comment Share on other sites More sharing options...
DanielZ 0 Posted October 26, 2023 Author Share Posted October 26, 2023 Link to comment Share on other sites More sharing options...
DanielZ 0 Posted October 26, 2023 Author Share Posted October 26, 2023 eav_logs.zip Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,243 Posted October 26, 2023 Administrators Solution Share Posted October 26, 2023 The detection is correct. There's a code injected at the end which loads a malicious JS from jscloud.biz. However, this website doesn't exist exist at the moment so this injected code can't do anything now. I strongly recommend removing the site from the list of urls which are not scanned for threats: Link to comment Share on other sites More sharing options...
DanielZ 0 Posted October 26, 2023 Author Share Posted October 26, 2023 thanks a lot. Link to comment Share on other sites More sharing options...
Recommended Posts