Jump to content

JS/Agent.NOQ trojan - Why is ESET still blocking this website


Go to solution Solved by Marcos,

Recommended Posts

ESS8 is blocking access to the website hxxp://www.puebloarts(111).orgbut if I use another computer running Webroot or Windows Defender I can access this site.

Virustotal.com does state there is one detection for this site by 'ADMINUSLabs" but also shows in the list that ESET says it is a clean site.

 

If virustotal.com is showing that ESET says it is a clean site why is ESET not allowing access to this site by saying it detects JS/Agent.NOQ trojan?

 

If this is an FP, how do I tell ESS8 to stop blocking it?

Link to post
Share on other sites
  • Administrators

The website was compromised (looks like a SEO poisoning attack) and contains hidden text starting with "100% Authentic bee pollen and weight loss weight loss pills for you, Free Shipping to Worldwide...".

Link to post
Share on other sites
  • Administrators
  • Solution

If virustotal.com is showing that ESET says it is a clean site why is ESET not allowing access to this site by saying it detects JS/Agent.NOQ trojan?

 

On VirusTotal the website was shown as not blocked by ESET because it's not on ESET's blacklist. However, it was the malicious script which was detected upon download. 

Link to post
Share on other sites

Marcos, thanks for the reply, clarification/information.

In my wife's' business it was required for her to go to this site and view some photos. It was an inconvenience to not be able to view the site with ESET blocking it.

As I mentioned earlier, we used a computer with Windows Defender which allowed access to the site.

After viewing the site on the non ESET computer I did a scan with ESET online scanner and nothing was detected.

 

How serious is the JS/Agent.NOQ trojan and would I (should I) be able to add an exclusion in ESET to be able to visit this site in the future?

I'm thinking too the owners of this website probably don't know it's being flagged by ESET.

Any further info/opinion would be most appreciated.

Link to post
Share on other sites
  • Administrators

I'd strongly not recommend excluding an infected website from scanning. Instead, contact the owner and inform him or her about the infection on the website. After they have cleaned it, ESET will not detect the malware and block the website any more.

Link to post
Share on other sites

Thank you for the prompt reply and info.

I did contact the webmaster of this site to inform them.

 

It's interesting Webroot did not detect this and of course Windows Defender could not be expected to.

The dead on accuracy and outstanding support is why I use and stay with ESET.   :)

Link to post
Share on other sites

The web access protection is not active on VirusTotal afaik when you run a URL check, in the product WAP scans web content in real-time as it is loaded in the browser and will detect and block threats if anything is found like in your case. Windows defender does not include any type of web protection afaik, so no surprise that it said nothing about it.

 

Exluding the website to be able to access it = bad idea. Better have them clean the site so your wife (and others) can access it safely afterwards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...