Jump to content

Wrong detection website infection "JS/ScrInject.B"


HSW
Go to solution Solved by CMS,

Recommended Posts

We have the same issue with Endpoint AV v. 6.2.2033.0 and virus signature database 13102.

 

Alerts mention the following threads:

JS/ScrInject.B trojan

HTML/Refresh.BC trojan

HTML/Phishing.Agent.B trojan

Link to comment
Share on other sites

Would be nice to hear from someone at ESET. Should be part of a contingency to post on the forums in a situation like this...

Link to comment
Share on other sites

Managed to get through to the helpdesk via direct email to one of their techs, his response follows:

 

 

It is being worked on, we are as you can imagine very busy.

 

The situation can be resolved if the user rolls back the signature updates.

 

The problem should be resolved soon with another update, the broken update has already been pulled so no further customers should get affected by it.

 

As stated by earlier posts, the affected definition is 13102.

Link to comment
Share on other sites

Same problems here, loads of my business customers are affected by this!  Does anyone know if ESET are doing anything about it, or if there have been any announcements from them?  This also raises questions about how thoroughly ESET updates are tested before they are released!

Link to comment
Share on other sites

  • Administrators

A virus signature database update 13103 which addresses the false positive has been released. For more information, please refer to https://forum.eset.com/topic/7577-jsscrinjectb-and-htmlrefreshbc-false-positive/.

Also we would like to assure you than the problem pertained only to web browsing and no files on disks were affected.

We apologize for the inconvenience.

Link to comment
Share on other sites

Client had the same with chrome/hotmail.

Even after updating with the fix, same thing.  Even after removing eset and restarting, same thing.

Had to go into chrome (cccleaner didn't do it), and delete history/catch/cookies.  THEN, it worked.

just fyi if Chrome is hanging on to an error.  Probably local special issue though. 

Jamie. 

Link to comment
Share on other sites

  • Administrators

The false positives occurred only with web protection, ie. when a specific java script file was actually downloaded and scanned. These detection may occur also with newer versions as they've been in place for month or years already. If you are unsure if the detection is ok or FP, submit it to samples[at]eset.com in an archive protected with the password "infected".

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...