Wrong detection website infection "JS/ScrInject.B"

[HSW 9]

Nearly all pages on all clients,

 

with JavaScript advertising

 

Js/ScrInject.B Trojaner

 

msn, amazon.....

 

 

 

please check and correct

[tsaccs 0]

It would appear that update 13102 is causing false positives on every site, rolling back to previous update works.

 

Come on eset I have over 2000 users on my case about this please fix.

[davidpitt 2]

We're seeing this too on all version of Eset Security, AV and Endpoint products on various websites!

[A.Mannchen 0]

At my company, too.

The most are Windows-Client. On Mac is it not yet happened.

Version: 5.0.2228.1

DB: 13102 (20160229)

[jimwillsher 62]

Same here, www.amazon.co.uk being an example. Definitions 13102.

[Pascal Minery 0]

Hi,

We encounter the same issue on several network.

HTML/Refresh.BC Trojan

 

Hope it will be fixed soon !

[siada 0]

We're getting the same on all of our websites, also google and amazon and many others...

 

 

[pipboy3000 3]

The same here, up so far 3 users, multiple websites latest example Financial Times website:

 

hxxp://www.ft.com/cms/s/2e34304e-deae-11e5-b072-006d8d362ba3,Authorised=false.html?siteedition=uk&_i_location=http%3A%2F%2Fwww.ft.com%2Fcms%2Fs%2F0%2F2e34304e-deae-11e5-b072-006d8d362ba3.html%3Fsiteedition%3Duk&_i_referer=http%3A%2F%2Fwww.ft.com%2Fhome%2Fuk&classification=conditional_standard&iab=barrier-app

 

 

Yet, the same URL scanned in virustotal comes out clean.

 

Any suggestions?

[davidpitt 2]

Can't get through to Eset Support number as the phone system keeps dropping out or not connecting.

 

I'm going to assume they are very busy with people calling them regarding this issue

[VC-James 0]

Same here...  signatures 13102

[HSW 9]

same with "HTML/Refresh.BC"

[MildlyMiffed 0]

Got it happening here too, various websites including Amazon UK and the Daily Mail homepage. 

 

Definitions: 13102 (20160229)

[ruidc 0]

and even an own-goal: hxxp://static3.esetstatic.com/fileadmin/scriptmerger/merged/head-cdd769fd1330080cbaff836d7ddf60bf.merged.js   JS/ScrInject.B trojan
Has anyone raised a case for this with support?

[CMS 8]

Same here. Posted in wrong forum, as we use the business product.

 

JS/ScrInject.B trojan HTML/Refresh.BC trojan

 

https://forum.eset.com/topic/7559-jsscrinjectb-trojan-htmlrefreshbc-trojan/

[triamed 1]

Same here, also using business product, Endpoint Protection and Endpoint Antivirus. All affected clients using 13102 definitions.

[JohnyHunt 0]

Also HTML/Refresh.BC

[Sim 0]

I have the same problem running 13102 (in Nod32) ... I rolled back to a previous version and the problem went away. Another machine running 13100 is fine.

[szerman 0]

Big problems hope Eset solve it quickly with an update.

[pelikanr 0]

...uživatelé mě sežerou. Nešlo by to rychleji?

[MickZH 0]

the same problems, Endpoint Security. on many sites, all computers in network, show JS/ScrInject.B 

[akifumi.tanabe 0]

I got the same error at the following URLs.

hxxp://www.amazon.co.jp/exec/obidos/ASIN/0198566107/

hxxp://kakaku.com/script/libs/k3c/k3c.js

hxxp://www.asahi.com/articles/ASJ2Y66QPJ2YOIPE02X.html

 

Please fix.

[karlisi 13]

The same here, business products, definition 13102

[w.mayr@heson.com 0]

Also same here, after update to 13102 the Problems start.

Now rolled back the Virus signature database and there Problem disappears .

[Hozza12163 0]

this latest update tells me that my internal web pages for my temp control monitor and my netgear switch are both infected!?!?!?!  wtf eset?

[Piotrek 1]

Yes, Problem appeared after update signature.ver number 13102. 

 

 

 

oh Eset, eset.......... hehe......