CMS 8 Posted February 29, 2016 Share Posted February 29, 2016 Hi Support, I've tried to call your UK support number, but it's engaged. This morning we're getting lots of notifications about the JS/ScrInject.B trojan HTML/Refresh.BC trojan, from staff seemingly visiting innocuous websites. Could this signify some sort of outbreak, or a lot of false positives? Some example links that trigger ESET: hxxp://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwjx78nO35zLAhXDXBoKHaPbDbgQFggrMAI&url=hxxp://worksheets.theteacherscorner.net/make-your-own/word-search/&usg=AFQjCNEq5F5ptXApo_sMMEmJJLdcP7EuEw hxxp://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUKEwi-tu-B4JzLAhVHBBoKHdAHB_8QFggiMAE&url=hxxp://www.iboard.co.uk/activity/Word-Search-Maker-59&usg=AFQjCNE3Z2HE2eNnBvtEI2b7ZyXJzlJKeA hxxp://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0ahUKEwjx78nO35zLAhXDXBoKHaPbDbgQFghKMAc&url=hxxp://softschools.com/language_arts/worksheets/word_search_maker/&usg=AFQjCNFi840ks7uGRgAMQxAMyS2rUwLWRA hxxp://www.audiomicro.com/royalty-free-music?wlexpid=83C632B45AC548EAA93A2162D37B2B01&wlrefapp=5 hxxp://h30434.www3.hp.com/t5/LaserJet-Printing/page-too-complex-error-message/td-p/120310 Thanks Link to comment Share on other sites More sharing options...
alex.mohora 0 Posted February 29, 2016 Share Posted February 29, 2016 After updating the ESET antivirus, it blocks every .js file from right about any webpage that my users are trying to access. An answer from the ESET team would be highly appreciated. Link to comment Share on other sites More sharing options...
Ledruz 0 Posted February 29, 2016 Share Posted February 29, 2016 No sign in at eset forum JS/ScrInject.B trojan. Link to comment Share on other sites More sharing options...
cav 0 Posted February 29, 2016 Share Posted February 29, 2016 Please help, same here with one of the biggest sites in Poland - gazeta.pl, allegro.pl - JS/ScrInject.B. Link to comment Share on other sites More sharing options...
CMS 8 Posted February 29, 2016 Author Share Posted February 29, 2016 See this thread in the Business Products forum https://forum.eset.com/topic/7550-wrong-detection-website-infection-jsscrinjectb/ Link to comment Share on other sites More sharing options...
RaDoe 0 Posted February 29, 2016 Share Posted February 29, 2016 Hello, we are getting the same Message at all of our PCs running ESET NOD32 Antivirus 8. I think its a false positive. I checked our Systems with third Party products (and NOD32) but it didnt found anything. It seems the Message apears randomly. Also on Websites we host internal (for example our Mail Server Mgt. Console). Is it really a false positive? Thank you! Link to comment Share on other sites More sharing options...
Piotrek 1 Posted February 29, 2016 Share Posted February 29, 2016 (edited) I have the same problem. Problem appeared after update signature.ver number 13102. At this moment, problem occurs in polish site - onet.pl and o2.pl, when i try sign into email account in this sites on IE. In my opinion this is 100% false notification, because I have email account in this two sites 10 years hehe.... Edited February 29, 2016 by Piotrek Link to comment Share on other sites More sharing options...
Tony.Skid 0 Posted February 29, 2016 Share Posted February 29, 2016 Same here in Italy, almost 90% of the sites being blocked, same update signature 13102. Link to comment Share on other sites More sharing options...
Hozza12163 0 Posted February 29, 2016 Share Posted February 29, 2016 this has just started to me since this morning's update it's reporting viruses in my temperature monitoring kit and my Netgear smart switch - I'm hoping someone at Eset broke the virus definitions? Link to comment Share on other sites More sharing options...
Alfasolution 0 Posted February 29, 2016 Share Posted February 29, 2016 We have the same issue with a lot of our customers. This seems to happen in Internet Explorer, no problem in Firefox. Example : hxxp://i68.tinypic.com/2q8u8g8.jpg Link to comment Share on other sites More sharing options...
Member-DP 0 Posted February 29, 2016 Share Posted February 29, 2016 We are receiving the same issue here across 80 computers - again the UK support number is engaged so it seems a widespread issue (definitely a false positive). This is causing messages to flash up on every machine and then asking to reboot. Link to comment Share on other sites More sharing options...
Kferguson 0 Posted February 29, 2016 Share Posted February 29, 2016 This is also triggering for me this morning. hxxp://www.eset.ie/ie/ (!) hxxp://www.myhome.ie Link to comment Share on other sites More sharing options...
MYTH 0 Posted February 29, 2016 Share Posted February 29, 2016 50% OF WEBSITES IS MARKED AS TROJAN BY ESET!// Link to comment Share on other sites More sharing options...
Kaloryfer 0 Posted February 29, 2016 Share Posted February 29, 2016 Each link opens the search engine Google is recognized as a threat Refressh.BC or JS/ScrInject.B V.definition -13102 Link to comment Share on other sites More sharing options...
MYTH 0 Posted February 29, 2016 Share Posted February 29, 2016 hxxp://prntscr.com/a9cq03 Link to comment Share on other sites More sharing options...
CMS 8 Posted February 29, 2016 Author Share Posted February 29, 2016 Official word from ESET https://forum.eset.com/topic/7567-jsscrinjectb-and-htmlrefreshbc-false-positive/ Link to comment Share on other sites More sharing options...
Piotrek 1 Posted February 29, 2016 Share Posted February 29, 2016 Eset NOD32 also blocked : hxxp://www.wykop.pl/ludzie/lechwalesa//2 ( official Lech Wałęsa site - polish nobelist hahaha) hxxp://bedroomproducersblog.com www.chomikuj.pl hxxp://nk.pl www.allegro.pl hxxp://windows7.pl hxxp://zakamarkiaudio.pl/2011/08/jak-osiagnac-glosny-master-czesc-3-z-6.html and many, many more.. This is not a funny! Link to comment Share on other sites More sharing options...
Mohammad Wasiullah 0 Posted February 29, 2016 Share Posted February 29, 2016 I just an update call 13103 and my problem has been solve, no notification now i can log in any website and forum, if it happened again will inform. Thanks Eset for solve this issue very fastly. Mohammad Link to comment Share on other sites More sharing options...
subyroo 1 Posted February 29, 2016 Share Posted February 29, 2016 I have used NOD32 for the past 25+ years and this is the 2nd or 3rd problem in all that time that I have ever encountered (from memory), so I can live with it as they are already onto the problem. Keep up the good work NOD32. Link to comment Share on other sites More sharing options...
val4o0o0 0 Posted February 29, 2016 Share Posted February 29, 2016 I received the same thread of my online game project. Is bug or... ? Link to comment Share on other sites More sharing options...
mirko041 0 Posted February 29, 2016 Share Posted February 29, 2016 also for me: JS/ScrInject.B trojan horse I try to remove with other progs: -AdwCleaner 5.037 -malwares antibytes -superantispyware but nothing, it is a virus or a nod false positive? thank you. Link to comment Share on other sites More sharing options...
Kferguson 0 Posted February 29, 2016 Share Posted February 29, 2016 Confirmed as working with 13103. Link to comment Share on other sites More sharing options...
watanukichihiro 0 Posted March 1, 2016 Share Posted March 1, 2016 same with me, I think my computer is affected by Trojan hxxp://prnt.sc/a9oew3 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,294 Posted March 1, 2016 Administrators Share Posted March 1, 2016 same with me, I think my computer is affected by Trojan hxxp://prnt.sc/a9oew3 You have posted more than 24 hours after the problem was resolved. It should not be reported on popular sites with the signature database 13103 or newer. The most current signature database version is 13107 at the moment. Link to comment Share on other sites More sharing options...
SweX 871 Posted March 1, 2016 Share Posted March 1, 2016 (edited) same with me, I think my computer is affected by Trojan hxxp://prnt.sc/a9oew3 What VSD are you on ?.....(If you are on 13103 -> solution is to update.) If you are on 13104 or later...... "If the detections are triggered after update to 13103 or higher, they should be correct. If you are unsure if a particular detection is ok or not, report it to the ESET Malware Research Lab" hxxp://support.eset.com/alert5879/ Edited March 1, 2016 by SweX Link to comment Share on other sites More sharing options...
Recommended Posts