summitit 0 Posted November 1, 2016 Posted November 1, 2016 Hi All, Wondering if you can point me in the right direction. I've seen a few of these alert in my environment and I've done a scan on the systems that have generated this alert. They've all come up clean and I cannot find any additional info on this. Is ESET aware of this alert? What can I do to prevent this alert? Thanks in advance!
TomFace 540 Posted November 1, 2016 Posted November 1, 2016 Can you give us a screen shot of the alert?
Administrators Marcos 5,468 Posted November 2, 2016 Administrators Posted November 2, 2016 Or better copy & paste the appropriate record from ESET's logs but make sure the link is not clickable.
summitit 0 Posted November 2, 2016 Author Posted November 2, 2016 I get an email notification: 11/2/2016 14:40:15 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX: hxxp://cdn.altitude/ contains HTML/Refresh.BC trojan. 11/2/2016 14:40:32 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX: hxxp://cdn.altitude/ contains HTML/Refresh.BC Trojan.
itman 1,807 Posted November 2, 2016 Posted November 2, 2016 I get an email notification: 11/2/2016 14:40:15 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX: hxxp://cdn.altitude/ contains HTML/Refresh.BC trojan. 11/2/2016 14:40:32 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX: hxxp://cdn.altitude/ contains HTML/Refresh.BC Trojan. Possibly e-mail based? If your using an e-mail client, you should have hot linking disabled in the e-mail client.
summitit 0 Posted November 3, 2016 Author Posted November 3, 2016 This is the email notification I receive when an event is triggered on a client computer.
Administrators Marcos 5,468 Posted November 3, 2016 Administrators Posted November 3, 2016 I'd check DNS settings; make sure that DNS server is set to automatic or try using Google DNS 8.8.8.8 or 4.4.4.4. It's likely related to this: hxxp://www.dslreports.com/forum/r29394552-What-is-this-LEVEL3-.
Recommended Posts