Jump to content

How do I tell if a site is blocked by ESET or the warning is based on detection?

Go to solution Solved by researcher,

Recommended Posts



I tried to access www.touchtec.biz, a photocopier and printer support company, but ESET reports it:


Threat found


Access to the web page was blocked.
hxxp:// www.touchtec.biz


Threat: JS/TrojanDownloader.FakejQuery.B trojan


The company hasn't had any warnings from their webhost or webmaster, although they are obviously following up on this, so I wondered how you tell if a warning like this is based on a detection or because some sort of block/blacklist activity.  Any advice available?


Obviously if this is just a malicious report that's got them blacklisted they can follow the KB141 advice (thus proving I have read through the other forum posts!). :)




From the log:


<?xml version="1.0" encoding="UTF-8"?>
<COLUMN NAME="Time">17/10/2016 12:05:26</COLUMN>
<COLUMN NAME="Scanner">HTTP filter</COLUMN>
<COLUMN NAME="Object type">file</COLUMN>
<COLUMN NAME="Object">hxxp://www.touchtec.biz</COLUMN>
<COLUMN NAME="Threat">JS/TrojanDownloader.FakejQuery.B trojan</COLUMN>
<COLUMN NAME="Action">connection terminated</COLUMN>
<COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (8B808E34CABE32C18D7B1FFD110614DA92404EF2).</COLUMN>
<COLUMN NAME="Hash">7FBEBF4C3F36C6277E6EF1B4B2067599874B5786</COLUMN>
<COLUMN NAME="First seen here"/>
Link to comment
Share on other sites

  • ESET Staff
  • Solution

When you see name of detection signature / threat name, then the web-page is not blocked by blacklist but by specific detection.
The website was infected and following code was inserted to the website by hackers:


When the website was infected, WordPress 4.5.3 was used.

I am glad that the admin not only removed the malicious script but WordPress was updated to recent 4.6.1 version.


That's my recommendation for other owners of infected websites. It is not enough to clean the bad code, the site must be secured to prevent future reinfections. At least older versions of CMS must be updated to recent versions.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...