Chouett 0 Posted October 25, 2016 Share Posted October 25, 2016 Hello, I am having some issues with a threat dialog box which appears often, however the Eset scan does not seem to detect anything that it can quarantine and clean. Could you please help me solve the issue? Thank you. VB Link to post Share on other sites
ESET Insiders glugy 1 Posted October 25, 2016 ESET Insiders Share Posted October 25, 2016 this is a big bug... Link to post Share on other sites
itman 952 Posted October 25, 2016 Share Posted October 25, 2016 Please post a screen shot of the alert you are receiving. Link to post Share on other sites
TomFace 538 Posted October 25, 2016 Share Posted October 25, 2016 Please post a screen shot of the alert you are receiving. Yes please show us.... Link to post Share on other sites
Administrators Marcos 3,632 Posted October 25, 2016 Administrators Share Posted October 25, 2016 I second that, post a screen shot as we have no clue what you mean. Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hi, sorry it took me a while to get back on line, As soon as it appears I will post a screen shot. Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 How do I upload the screenshot? as copy paste does not seem to work? Link to post Share on other sites
TomFace 538 Posted November 4, 2016 Share Posted November 4, 2016 (edited) Once you do the print screen/paint thing................see help (bottom of the page)>posting. Need more help let us know. Edited November 4, 2016 by TomFace Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hello, So this is what happens at random. But the scan keeps coming back clean. Please help. Thank you Esetscanshot.pdf Link to post Share on other sites
itman 952 Posted November 4, 2016 Share Posted November 4, 2016 That is strange. Normally when Eset's Web Filter protection blocks an IP address, it usually states why e.g. blocked by internal IP block list, etc.. Check your Eset Filtered Web Sites log for an entry with that IP address. Then copy that log line item and paste it into your reply. Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hi Itman, I found 2: Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD; Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 24/10/2016 19:32:30;HTTP filter;file;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;JS/ProxyChanger.BWtrojan;connection terminated;LP-UK\vsbadmin;Threat was detected upon access to web by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2184EA4822725A0E0DBF206FEA1DD6DBCA47C4C0).;B5D5B6E0E3BC5D85F8DE71E76F1A0B5CDAE308AD; Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 I should have said, I found 2 different one and one that keeps repeating so I only copied it once. Thank you. Chouett Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Here's another one. It looks different from the others. Time;URL;Status;Application;User;IP address;Threat 04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12; Thank you. Chouett Link to post Share on other sites
Administrators Marcos 3,632 Posted November 4, 2016 Administrators Share Posted November 4, 2016 Check the setting for automatic proxy server configuration and remove the address that you currently have there. Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Ok I have just done that. Let's see what happens Is that ok it the field to remain blank? Chouett Link to post Share on other sites
itman 952 Posted November 4, 2016 Share Posted November 4, 2016 Here's another one. It looks different from the others. Time;URL;Status;Application;User;IP address;Threat 04/11/2016 18:51:46;hxxp://non-block.net/wpad.dat?bc144778120dc73e3e974edcbd59eef316705492;Blockedby internal blacklist;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE;50.7.145.12; Thank you. Chouett This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset. Link to post Share on other sites
Administrators Marcos 3,632 Posted November 4, 2016 Administrators Share Posted November 4, 2016 This might be a false positive. The IP scanned clean at a number of IP validation web sites. The only AV vendor at VirusTotal to have issue with URL was Eset. Likely not a FP. There was also malware detected by a signature (ProxyChanger.BW trojan). Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Hello, The message is still appearing but not as often. What is an FP? Chouett Link to post Share on other sites
Chouett 0 Posted November 4, 2016 Author Share Posted November 4, 2016 Oh false positive Link to post Share on other sites
Administrators Solution Marcos 3,632 Posted November 7, 2016 Administrators Solution Share Posted November 7, 2016 As I wrote, it doesn't seem to be a false positive. Make sure that you have no automatic configuration script set up in the Network settings and the appropriate box is unchecked as shown below: Link to post Share on other sites
Chouett 0 Posted November 10, 2016 Author Share Posted November 10, 2016 Thank you so much Team Eset Moderators, It seems to have done the trick. Chouett Link to post Share on other sites
Recommended Posts