Jump to content

Website JS/Agent.rjr


Go to solution Solved by Marcos,

Recommended Posts

Hello,

Somebody in our business just try to visit a website of friend school :

https://www.tours-fondettes-agrocampus.fr/

 

This is our ESET logs.

Is that a real positiv detection? I'm trying to help this school to detect whats the problem 😕

 

 

Thanks :)

 

 

image.png

Link to comment
Share on other sites

Thanks you Marcos.

I just check ur link.

Is that a files or something else? Trying to understand. (sorry ...)

Because i see on the link : 

No Malware Found

Our scanner didn't detect any malware

 

And now i can go on the website withtout alert.

 

Edited by kvgr
Link to comment
Share on other sites

15 minutes ago, Marcos said:

The website is still infected

I'm not receiving any Eset alerts on the web site. Also, Sucuri doesn't detect any malware.

Link to comment
Share on other sites

  • Administrators

You should be getting an alert like this:

image.png

The obfuscated JS responsible for loading this malicious script will be detected in 1-2 hours I assume.

Link to comment
Share on other sites

10 minutes ago, Marcos said:

You should be getting an alert like this:

Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it;

Time;URL;Status;Detection;Application;User;IP address;Hash
2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731

Link to comment
Share on other sites

For me the strange thing is, on friday he was detect and alert me, but today there is nothing , i can acces to the website and not alert from eset , nothing on the logs too.

Don't really understand... 

edit : i just watch on the logs : ( but the website is open for me and i can visit ) friday that was totaly blocked.

image.thumb.png.40fea6221db0795c4f65f5703c297302.png

Edited by kvgr
Link to comment
Share on other sites

  • Administrators
  • Solution
1 hour ago, itman said:

Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it;

Time;URL;Status;Detection;Application;User;IP address;Hash
2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731

That's expected cause we've blacklisted the site with the JS malware that was detected.

Now the new malware JS/Agent.RJZ trojan is detected on the main page as shown above.

Link to comment
Share on other sites

1 hour ago, Marcos said:

That's expected cause we've blacklisted the site with the JS malware that was detected.

The problem is I could fully access the web site w/o issue. No alert and no blocked access.

1 hour ago, Marcos said:

Now the new malware JS/Agent.RJZ trojan is detected on the main page as shown above.

Correct. Alert now shown and web site access blocked.

Link to comment
Share on other sites

Thanks you for everything. I just notice this school and give the link to this post.

Thanks 😃

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...