Jump to content

JS/ScrInject.B and HTML/Refresh.BC False positive - discussion


Recommended Posts

I am getting the message that I have been infected with the HTML/Scrinject.B.Gen virus. The timing of the infection coincides with a visit to hxxp://dhamsky.blogspot.co.id/
 
My own is the owner of the blog
I've checked all the html in my blog and I did not find any suspicious html, I beg admin ESET to remove my blog from the notification JS / ScrInject.B trojan. because in the blog there is a record of my important during the learning process that I want to share my knowledge to my blog visitors. ESET admin please help me :(
 
my email: idhammulya1@gmail.com
 

 

post-11206-0-32523500-1456746956_thumb.png

Link to comment
Share on other sites

  • Administrators

It's no longer necessary to switch to pre-release updates. The virus signature database 13103 is now available on regular update servers so all you have to do is click "Update now" or wait a bit until the signature database updates to v13103 automatically.

Link to comment
Share on other sites

It's no longer necessary to switch to pre-release updates. The virus signature database 13103 is now available on regular update servers so all you have to do is click "Update now" or wait a bit until the signature database updates to v13103 automatically.

for admin ESET thanks so much for the service that you have given now I can see my blog again when I followed the advice admin ESET's update to v13103 database. Thank you very much :)

 

post-11206-0-08092500-1456747971_thumb.png

 

Edited by idhamkerenz
Link to comment
Share on other sites

It's no longer necessary to switch to pre-release updates. The virus signature database 13103 is now available on regular update servers so all you have to do is click "Update now" or wait a bit until the signature database updates to v13103 automatically.

Thank you Marcos. :)

 

Also for those who asked about pre-release update-see this KB article.

 

hxxp://support.eset.com/kb3415/

Edited by TomFace
Link to comment
Share on other sites

this just happened to me again 10 mins ago, i am on update 13106. windows 7 64 bit, its been happening for about a week blocking so many websites, even my telstra outlook which i had been complaining abut a paid inbox which runs ads on the side anyway, nearly abused them for providing virus..........lol maybe i should have...........and tried to find some of the virus in the log file to remove, was so worried last night thinking my computer is sick, infected by all these things, malwarebytes couldnt find anything, microsoft malicious software tool nothing, i used a few others also, so am i infected or not please???? 

 

 

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash
29/02/2016 10:50:37 PM;HTTP filter;file;hxxp://static4.esetstatic.com/fileadmin/scriptmerger/merged/head-7a1928057ac4c138aee1b2be92108cfd.merged.js;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;D3DBD19C1C320BA4F67C3EE39F8D20A0E6F37FDF
29/02/2016 10:50:14 PM;HTTP filter;file;hxxp://static2.esetstatic.com/fileadmin/scriptmerger/merged/head-2734b52c5a4e66d9487fbd93768a0309.merged.js;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;A2B3EFA724F4A6AE114E249032342C02D82859F0
29/02/2016 10:49:07 PM;HTTP filter;file;hxxp://advertising.gov.au/ad/bom/www?id=1297318;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;C44FF9976752E38E088D21BFC02F08D424A3885E
29/02/2016 10:38:58 PM;HTTP filter;file;hxxp://adkengage.com/pshandler.js?aid=7495&v=K2xBUQRlNFYphfH9SqjwUw==&dpid=1565;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;18A2B06F7E38A19829CA89432B06C7E82CC4D856
29/02/2016 10:38:58 PM;HTTP filter;file;hxxp://www.google-analytics.com/urchin.js;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;4B9441626E2173E09601EAC91798337F11782583
29/02/2016 10:19:59 PM;HTTP filter;file;hxxp://www.virusresearch.org/spyhunter-installation-instructions;HTML/Refresh.BCtrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;B2D357497E4F89123BA1384C29FD87C67C31AD13
29/02/2016 10:00:52 PM;HTTP filter;file;hxxp://advertising.gov.au/ad/bom/www?id=1297318;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;C44FF9976752E38E088D21BFC02F08D424A3885E
29/02/2016 9:39:40 PM;HTTP filter;file;https://az815563.vo.msecnd.net/olc/en-us/10528-t01-v01.html?cid=-7433822423422786730&loc=en-us;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;6B82C651CB794437049A8412DD97AA04D0D81FD6
29/02/2016 9:17:20 PM;HTTP filter;file;https://twitter.com/brendangilligan;HTML/Refresh.BCtrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;E9BA1CD52D7FE2CB65DDB50DE3BD8F010565A95A
29/02/2016 9:08:51 PM;HTTP filter;file;https://secure.adnxs.com/ttj?member=3121&inv_code=39914943300250BLW&cb=1323015302&pubclick=https://adclick.g.doubleclick.net/aclk?sa=L&ai=BndBPrhjUVv7sMcGS9AXbxrCgDN_vw5EIAAAAEAEgADgAWKfb3qnDAmClwKOApAGCARdjYS1wdWItNzg5NzI5MDE3OTMxNTQ2NLIBFG1lZGlhLnRlbHN0cmEuY29tLmF1ugEJZ2ZwX2ltYWdlyAEJ2gEmaHR0cHM6Ly9tZWRpYS50ZWxzdHJhLmNvbS5hdS9ob21lLmh0bWypAo_kyHt77ac-wAIC4AIA6gIPLzc0MTQvdG1ocC9ob21l-AL_0R6QA-QKmAPkCqgDAdAEkE7gBAHSBQUQr5ylL5AGAaAGINgHAOAHDw&num=0&cid=5GgsK55l5PwkTkhxiRulxrsk&sig=AOD64_3yzf5rH1eQjmZO3ZuVaZr6zetNNQ&client=ca-pub-7897290179315464&adurl=;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;97D3B5496E50625A74D65C714BC386A5FFE12C86
29/02/2016 9:08:51 PM;HTTP filter;file;https://secure.adnxs.com/ttj?member=3121&inv_code=39914943300250BLW&cb=1209034313&pubclick=https://adclick.g.doubleclick.net/aclk?sa=L&ai=Ben8_rhjUVvzsMcGS9AXbxrCgDN_vw5EIAAAAEAEgADgAWK_755rDAmClwKOApAGCARdjYS1wdWItNzg5NzI5MDE3OTMxNTQ2NLIBFG1lZGlhLnRlbHN0cmEuY29tLmF1ugEJZ2ZwX2ltYWdlyAEJ2gEmaHR0cHM6Ly9tZWRpYS50ZWxzdHJhLmNvbS5hdS9ob21lLmh0bWypAo_kyHt77ac-wAIC4AIA6gIPLzc0MTQvdG1ocC9ob21l-AL_0R6QA-QKmAPkCqgDAdAEkE7gBAHSBQUQr5ylL5AGAaAGINgHAOAHDw&num=0&cid=5GhG_hR5s536m_pIhbaZnJFw&sig=AOD64_20C8pyX9YniJmCNJR4rP6TUdLF9w&client=ca-pub-7897290179315464&adurl=;JS/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;B3463FEF6F4A7F497251D8D8401ADF21C2940616
24/02/2016 4:54:31 PM;HTTP filter;file;hxxp://www.theshedcompany.com.au/store;HTML/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;9708DF95835A2F0C4047A79E6280E2FE10A3FF14
24/02/2016 4:54:07 PM;HTTP filter;file;hxxp://www.theshedcompany.com.au/store;HTML/ScrInject.Btrojan;connection terminated;Orac99-PC\Orac 99;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (90CE41F8716483E791AFBABED1C2890A654C7509).;AF91FC0DA687561F83AFD92A7E649EA6BFBF9759
 
THANKS CHRISTINE
Link to comment
Share on other sites

  • Administrators

this just happened to me again 10 mins ago, i am on update 13106. windows 7 64 bit, its been happening for about a week blocking so many websites, even my telstra outlook which i had been complaining abut a paid inbox which runs ads on the side anyway, nearly abused them for providing virus..........lol maybe i should have...........and tried to find some of the virus in the log file to remove, was so worried last night thinking my computer is sick, infected by all these things, malwarebytes couldnt find anything, microsoft malicious software tool nothing, i used a few others also, so am i infected or not please???? 

 

This must be related to yesterday's false positive. I was able to access the sites in the log without anything being blocked. Should the problem persist, do the following:

- clear your ESET threat log

- reproduce the detection

- collect logs using ESET Log Collector (ELC) - select "Recently quarantined files" before collecting logs

- drop me a pm with the output from ELC.

Link to comment
Share on other sites

  • Administrators

I have a version of 13108, i still can not get in on some sites

 

Most likely they are really infected. Please copy the appropriate records from your threat log and paste them here.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...