Chouett 0 Posted October 25, 2016 Share Posted October 25, 2016 Hello, I am having some issues with a threat dialog box which appears often, however the Eset scan does not seem to detect anything that it can quarantine and clean. Could you please help me solve the issue? Thank you. VB Link to comment Share on other sites More sharing options...
ESET Insiders glugy 11 Posted October 25, 2016 ESET Insiders Share Posted October 25, 2016 this is a big bug... Link to comment Share on other sites More sharing options...
itman 1,538 Posted October 25, 2016 Share Posted October 25, 2016 Please post a screen shot of the alert you are receiving. Link to comment Share on other sites More sharing options...
TomFace 539 Posted October 25, 2016 Share Posted October 25, 2016 Please post a screen shot of the alert you are receiving. Yes please show us.... Link to comment Share on other sites More sharing options...
Administrators Marcos 4,705 Posted October 25, 2016 Administrators Share Posted October 25, 2016 I second that, post a screen shot as we have no clue what you mean. Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hi, sorry it took me a while to get back on line, As soon as it appears I will post a screen shot. Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 How do I upload the screenshot? as copy paste does not seem to work? Link to comment Share on other sites More sharing options...
TomFace 539 Posted November 4, 2016 Share Posted November 4, 2016 (edited) Once you do the print screen/paint thing................see help (bottom of the page)>posting. Need more help let us know. Edited November 4, 2016 by TomFace Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hello, So this is what happens at random. But the scan keeps coming back clean. Please help. Thank you Esetscanshot.pdf Link to comment Share on other sites More sharing options...
itman 1,538 Posted November 4, 2016 Share Posted November 4, 2016 That is strange. Normally when Eset's Web Filter protection blocks an IP address, it usually states why e.g. blocked by internal IP block list, etc.. Check your Eset Filtered Web Sites log for an entry with that IP address. Then copy that log line item and paste it into your reply. Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hi Itman, I found 2: Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD; Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD; Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 I should have said, I found 2 different one and one that keeps repeating so I only copied it once. Thank you. Chouett Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Here's another one. It looks different from the others. Time;URL;Status;Application;User;IP address;Threat 04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12; Thank you. Chouett Link to comment Share on other sites More sharing options...
Administrators Marcos 4,705 Posted November 4, 2016 Administrators Share Posted November 4, 2016 Check the setting for automatic proxy server configuration and remove the address that you currently have there. Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Ok I have just done that. Let's see what happens Is that ok it the field to remain blank? Chouett Link to comment Share on other sites More sharing options...
itman 1,538 Posted November 4, 2016 Share Posted November 4, 2016 Here's another one. It looks different from the others. Time;URL;Status;Application;User;IP address;Threat 04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12; Thank you. Chouett This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,705 Posted November 4, 2016 Administrators Share Posted November 4, 2016 This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset. Likely not a FP. There was also malware detected by a signature (ProxyChanger.BW trojan). Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hello, The message is still appearing but not as often. What is an FP? Chouett Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Oh false positive Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,705 Posted November 7, 2016 Administrators Solution Share Posted November 7, 2016 As I wrote, it doesn't seem to be a false positive. Make sure that you have no automatic configuration script set up in the Network settings and the appropriate box is unchecked as shown below: Link to comment Share on other sites More sharing options...
Chouett 0 Posted November 10, 2016 Author Share Posted November 10, 2016 Thank you so much Team Eset Moderators, It seems to have done the trick. Chouett Link to comment Share on other sites More sharing options...
Recommended Posts