Jump to content

Wrong detection website infection "JS/ScrInject.B"


Go to solution Solved by CMS,

Recommended Posts

Posted

We should be happy that it didn't nuke critical Windows files like some other AV vendors' false positive have done :-)

Posted

Same problem with our website, glad I found this thread otherwise I might would have set a website backup back.

Posted

We should be happy that it didn't nuke critical Windows files like some other AV vendors' false positive have done :-)

 

lol yeah, that would've not been a happy Monday!

Posted

We have the same issue with Endpoint AV v. 6.2.2033.0 and virus signature database 13102.

 

Alerts mention the following threads:

JS/ScrInject.B trojan

HTML/Refresh.BC trojan

HTML/Phishing.Agent.B trojan

Posted

yep we're even getting it on our own ticketsystems editor (ckeditor.js).

 
signature: 13102 (20160229)
Posted

Issue seems to be related since signature update 13102

Very annoying

Posted

So do you think this is a ESET prob?  Not handy that we cant do anything today.  Cant get onto bank site or anywhere for that matter, a real pain

Posted

Would be nice to hear from someone at ESET. Should be part of a contingency to post on the forums in a situation like this...

Posted

Same problem here...roll out an update eset :)

Posted

Managed to get through to the helpdesk via direct email to one of their techs, his response follows:

 

 

It is being worked on, we are as you can imagine very busy.

 

The situation can be resolved if the user rolls back the signature updates.

 

The problem should be resolved soon with another update, the broken update has already been pulled so no further customers should get affected by it.

 

As stated by earlier posts, the affected definition is 13102.

Posted

Same problems here, loads of my business customers are affected by this!  Does anyone know if ESET are doing anything about it, or if there have been any announcements from them?  This also raises questions about how thoroughly ESET updates are tested before they are released!

Posted

Same here.

Livejournal comments does not load, Tumblr blogs does not load.

Posted

The problem is now fixed with by virus signature db version 13103.

  • Administrators
Posted

A virus signature database update 13103 which addresses the false positive has been released. For more information, please refer to https://forum.eset.com/topic/7577-jsscrinjectb-and-htmlrefreshbc-false-positive/.

Also we would like to assure you than the problem pertained only to web browsing and no files on disks were affected.

We apologize for the inconvenience.

Posted

Client had the same with chrome/hotmail.

Even after updating with the fix, same thing.  Even after removing eset and restarting, same thing.

Had to go into chrome (cccleaner didn't do it), and delete history/catch/cookies.  THEN, it worked.

just fyi if Chrome is hanging on to an error.  Probably local special issue though. 

Jamie. 

  • Administrators
Posted

The false positives occurred only with web protection, ie. when a specific java script file was actually downloaded and scanned. These detection may occur also with newer versions as they've been in place for month or years already. If you are unsure if the detection is ok or FP, submit it to samples[at]eset.com in an archive protected with the password "infected".

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...