Jump to content

JS/ScrInject.B trojan HTML/Refresh.BC trojan


CMS
 Share

Recommended Posts

 

same with me, I think my computer is affected by Trojan

hxxp://prnt.sc/a9oew3

 

It should not be reported on popular sites with the signature database 13103 or newer.......

I guess it could happen if the website in question indeed is infected. :P

Popular sites may be popular - but not even the so called popular sites are immune...yet :D

Edited by SweX
Link to comment
Share on other sites

  • 3 months later...

This issue has not gone away.  We are currently getting reports from these sites (within the past 3 days), and we are way beyond the recommended update.

 

     hxxp://king-county. gov contains HTML/Refresh.BC Trojan.

     hxxp://lowes .coom contains HTML/Refresh.BC Trojan.

     hxxp://sirius.c o pm contains HTML/Refresh.BC Trojan.   ​

    hxxp://www.burstbeac on.com/beacon/56091/0/rtbconversion/0 contains HTML/Refresh.BC Trojan. 

 

Is the some kind of mediation that can be preformed on the server.  ​

     ​

Link to comment
Share on other sites

  • Administrators

This issue has not gone away.  We are currently getting reports from these sites (within the past 3 days), and we are way beyond the recommended update.

 

     hxxp://king-county. gov contains HTML/Refresh.BC Trojan.

     hxxp://lowes .coom contains HTML/Refresh.BC Trojan.

     hxxp://sirius.c o pm contains HTML/Refresh.BC Trojan.   ​

    hxxp://www.burstbeac on.com/beacon/56091/0/rtbconversion/0 contains HTML/Refresh.BC Trojan. 

 

Is the some kind of mediation that can be preformed on the server.  ​     ​

 

Most likely the detection is correct. Please provide me with logs collected by ESET Log Collector (hxxp://support.eset.com/kb3466/) and "Recently quarantined files" selected so that i can check the exact files that were detected on your computer.

Link to comment
Share on other sites

  • 1 year later...
  • Administrators
9 hours ago, Sierra said:

My company's website is being blocked under a "HTML/ScrInject.B!tr " warning. I've run all kind of antivirus and it seems to be a false positive.

Please understand that this forum does not serve as a means for reporting false positives or disputing detections or blocks. In this case the detection name is not uses and the alert seems to have come from Fortinet.

Link to comment
Share on other sites

11 hours ago, Sierra said:

This is the URL of our site :hxxp://www.new-world-trading.jp/

I can connect to the web site w/o issue.

Edited by itman
Link to comment
Share on other sites

12 hours ago, Marcos said:

Please understand that this forum does not serve as a means for reporting false positives or disputing detections or blocks. In this case the detection name is not uses and the alert seems to have come from Fortinet.

I see now, I will look into that. Thanks so much for the input 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...