SimonG 0 Posted October 17, 2016 Share Posted October 17, 2016 Hi, I tried to access www.touchtec.biz, a photocopier and printer support company, but ESET reports it: Threat found Access to the web page was blocked.hxxp:// www.touchtec.biz Threat: JS/TrojanDownloader.FakejQuery.B trojan The company hasn't had any warnings from their webhost or webmaster, although they are obviously following up on this, so I wondered how you tell if a warning like this is based on a detection or because some sort of block/blacklist activity. Any advice available? Obviously if this is just a malicious report that's got them blacklisted they can follow the KB141 advice (thus proving I have read through the other forum posts!). Thanks From the log: <?xml version="1.0" encoding="UTF-8"?> -<ESET> -<LOG> -<RECORD> <COLUMN NAME="Time">17/10/2016 12:05:26</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">hxxp://www.touchtec.biz</COLUMN> <COLUMN NAME="Threat">JS/TrojanDownloader.FakejQuery.B trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">DESKTOP-J7NFCSF\Simon Goodair</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (8B808E34CABE32C18D7B1FFD110614DA92404EF2).</COLUMN> <COLUMN NAME="Hash">7FBEBF4C3F36C6277E6EF1B4B2067599874B5786</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> </LOG> </ESET> Link to comment Share on other sites More sharing options...
ESET Staff Solution researcher 11 Posted October 18, 2016 ESET Staff Solution Share Posted October 18, 2016 When you see name of detection signature / threat name, then the web-page is not blocked by blacklist but by specific detection. The website was infected and following code was inserted to the website by hackers: When the website was infected, WordPress 4.5.3 was used. I am glad that the admin not only removed the malicious script but WordPress was updated to recent 4.6.1 version. That's my recommendation for other owners of infected websites. It is not enough to clean the bad code, the site must be secured to prevent future reinfections. At least older versions of CMS must be updated to recent versions. Link to comment Share on other sites More sharing options...
SimonG 0 Posted October 20, 2016 Author Share Posted October 20, 2016 Thanks for the response, much appreciated. (Apologies for the delayed thanks, afraid I was unwell yesterday - all better now) Link to comment Share on other sites More sharing options...
Recommended Posts