Jump to content

Eset threat window keeps appearing but scan is clean

Chouett

By Chouett,
in Malware Finding and Cleaning

 Share Followers 0
Go to solution Solved by Marcos,

Recommended Posts

Chouett

Chouett 0

Posted
Posted

Hello,

 

I am having some issues with a threat dialog box which appears often, however the Eset scan does not seem to detect anything that it can quarantine and clean.

 

Could you please help me solve the issue?

 

Thank you.

 

VB

Link to post
Share on other sites
  • 2 weeks later...
itman

itman 952

Posted
Posted

That is strange. Normally when Eset's Web Filter protection blocks an IP address, it usually states why e.g. blocked by internal IP block list, etc..

 

Check your Eset Filtered Web Sites log for an entry with that IP address. Then copy that log line item and paste it into your reply.

Link to post
Share on other sites
Chouett

Chouett 0

Posted
  • Author
Posted

Hi Itman,

 

I found 2:

 

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD;
 
 
Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD;
 
 
Link to post
Share on other sites
Chouett

Chouett 0

Posted
  • Author
Posted

Here's another one.

 

It looks different from the others.

 

Time;URL;Status;Application;User;IP address;Threat
04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12;
 
Thank you.
 
Chouett
Link to post
Share on other sites
itman

itman 952

Posted
Posted

 

Here's another one.

 

It looks different from the others.

 

Time;URL;Status;Application;User;IP address;Threat
04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12;
 
Thank you.
 
Chouett

 

This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset.

Link to post
Share on other sites
  • Administrators
Marcos

Marcos 3,632

Posted
  • Administrators
Posted

This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset.

Likely not a FP. There was also malware detected by a signature (ProxyChanger.BW trojan).

Link to post
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 3,632

Posted
  • Administrators
  • Solution
Posted

As I wrote, it doesn't seem to be a false positive. Make sure that you have no automatic configuration script set up in the Network settings and the appropriate box is unchecked as shown below:

post-10-0-67313100-1478526488_thumb.png

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...