Jump to content

Connection Terminated - Quarantined events.


Recommended Posts

Greetings,

Whenever I see events relating to a user who visits a site, then for whatever reason ESET blocks the connection ( connection terminated - quarantined), There are always one to several .htm files that accompany the blocked connection. Those .HTM files are always "unable to clean".  And if I try to search for the file manually, I can NEVER find that .htm file in windows explorer.

 

What exactly does this mean?  the .htm files were never transferred to the computer?  can I assume the computer is still clean?

Below is an example of what I typically see.

 

Date Occurred Name Threat Action    

 

12/22/2015 11:06 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQNUL2E\1598[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:58 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK5XHEFY\checkout[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:57 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXJUASWB\cart[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:56 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZEGQD60\cart[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:54 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN82WL7Y\cart[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:53 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAFJ7RDG\checkout[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:52 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQNUL2E\armaglock[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:52 hxxp://www.armaglock.com/product/armaglock JS/Kryptik.AYR trojan connection terminated - quarantined    

 

12/22/2015 10:47 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPKWB745\checkout[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:44 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YM01VP24\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:44 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC8YM8MM\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:43 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1D9Y18L\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 10:34 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOL1RANN\armaglock_com[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:56 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOL1RANN\checkout[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:54 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQNUL2E\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:51 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN82WL7Y\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:46 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK5XHEFY\armaglock_com[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:43 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJLWF5SQ\shop[1].htm JS/Kryptik.AYR trojan unable to clean    

 

12/22/2015 8:43 hxxp://www.armaglock.com/shop JS/Kryptik.AYR trojan connection terminated - quarantined    

 

12/22/2015 8:35 C:\Users\(USERNAME)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQNUL2E\armaglock_com[1].htm JS/Kryptik.AYR trojan unable to clean    

 

 

Thanks in advance!

Edited by TomasP
removed links
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...