Dangerous Website

[MrGump]

When I was using Kaspersky Internet Security and I would visit the website ~ Malware Link Removed as per TOS ~. I would always get a warning message that this website was trying to load a Trojan, and then a message that Kaspersky blocked it.

I am now using ESET and I visit that website and I get no warning at all. Does this mean that ESET is not detecting/blocking this threat and my system is now compromised?

[JRViejo]

MrGump, that Web site is labeled as an Attack Site as per my Firefox browser and under our Terms of Service, I had no choice but to remove the malware link. Perhaps you can PM an ESET Moderator with your problem.

JR

[MrGump]

my bad, sorry

[JRViejo]

MrGump, no problem. We don't want someone else, whose computer might not be protected, to get infected. Take care.

JR

[MrGump]

The ESET Moderator, danieln wrote this to me:

'Hello,

the page is infected and will be detected as
HTML/TrojanDownloader.IFrame trojan

D."

I am aware the page is infected but I am not getting a visual detection warning. Is that normal? The page just loads normally.

[Marcos]

Suspicious websites should be reported to samples[at]eset.com. The one in question contains a JS code that will be detected as of the next update.

[Marcos]

Quote:

Originally Posted by MrGump

I am aware the page is infected but I am not getting a visual detection warning. Is that normal? The page just loads normally.

You've already answered it yourself. Detection will be added to the next update, that's the reason why you didn't receive any alert.

[MrGump]

Quote:

Originally Posted by Marcos

You've already answered it yourself. Detection will be added to the next update, that's the reason why you didn't receive any alert.

so technically my computer is infected now? With whatever was coming from that site?

[reevesloh]

Would u tell me which website that got malware?To make we all user to alert about the website...

[MrGump]

Quote:

Originally Posted by reevesloh

Would u tell me which website that got malware?To make we all user to alert about the website...

i am not allowed to post it here because it violates the TOS of this forum. if you send me a private message I can send you the website address.

[MrGump]

Quote:

Originally Posted by Marcos

You've already answered it yourself. Detection will be added to the next update, that's the reason why you didn't receive any alert.

Marcos,

I really need to know if my system is infected by this. I understand that the notification has been added to the next update, but does that mean the malware got past ESET and my system is now infected by whatever that website was trying to put on my computer?

[trjam]

I try so hard to ride in Esets corner but this one takes the cake. Eset I really, hope over time you learn how to talk to ypur customers and not down to them. Arogance sells zero software and you, or one in particular really needs a attitude adjustment.

All this customer wanted to know was, is he not infected.

[MrGump]

Quote:

Originally Posted by trjam

I try so hard to ride in Esets corner but this one takes the cake. Eset I really, hope over time you learn how to talk to ypur customers and not down to them. Arogance sells zero software and you, or one in particular really needs a attitude adjustment.

All this customer wanted to know was, is he not infected.

thank you and thank you. I also felt I was being treated a bit like a dope. And I am not even a ESET customer yet, i am trying out the 30 day trial software.

[MrGump]

will someone please help me

[LoneWolf]

Quote:

Originally Posted by MrGump

will someone please help me

Personally I would start off by downlaoding Malwarebytes Antimalware, update the definitions then run a full scan and see what it detects.
Post your results here as they will be able to sort out FP's (if any) and real malware.
Also downloading the free version of Prevx and post your results in the Prevx forum here at Wilders. A Prevx rep and others should be able to help you out with the results.
The free version of Prevx will only detect, not remove, but at least you should be able to find out if indeed you are infected.

[pegr]

I agree with LoneWolf's suggestions.

Also download the free versions of Avira AntiVir and SUPERAntispyware, and do full scans with these as well.

Once you have got your system back to a clean state, I would suggest getting some imaging software for future use. Restoring the system from a clean image is the most reliable way to remove all traces of a malware infection.

In terms of web browser protection, antivirus software that relies on blacklisting is always bound to be a bit hit and miss. A layered approach is always good and you could consider supplementing a conventional antivirus with some kind of sandbox to restrict the potential for damage that malware can cause. In case you are not familiar with sandboxing, there are two kinds: virtualisation sandboxes and policy-based sandboxes.

Good examples of this type of technology are: Sandboxie (application virtualisation), Returnil (partition virtualisation), DefenseWall (policy-based), Appguard (policy-based), etc.

[Hotep]

Quote:

Originally Posted by trjam

I try so hard to ride in Esets corner but this one takes the cake. Eset I really, hope over time you learn how to talk to ypur customers and not down to them. Arogance sells zero software and you, or one in particular really needs a attitude adjustment.

All this customer wanted to know was, is he not infected.

Nice to know it's not just me that feels that way! (you took the words right out of my mouth Trjam)

[Shankle]

ESET SS does handle Malware. Like any software they can't catch everything. They have done a fine job for me.
So why would the 2 mentioned Malwares be needed?
The WEB is a very dangerous place, so all surfing should be done in "Sandboxie".
It is an excellent program and free. Also Has the gentleman tried doing a scan with ESET?
Another good free program to be running is "CCleaner". A combination of these
and a tenacious application of these keeps my Puter running smoothly.
Good luck

[MrGump]

Quote:

Originally Posted by LoneWolf

Personally I would start off by downlaoding Malwarebytes Antimalware, update the definitions then run a full scan and see what it detects.
Post your results here as they will be able to sort out FP's (if any) and real malware.
Also downloading the free version of Prevx and post your results in the Prevx forum here at Wilders. A Prevx rep and others should be able to help you out with the results.
The free version of Prevx will only detect, not remove, but at least you should be able to find out if indeed you are infected.

thank you, i have done both and posted both.


UPDATE: the prevx log is too large to post on the forum!

[Baz_kasp]

Quote:

Originally Posted by MrGump

so technically my computer is infected now? With whatever was coming from that site?

Technically, yes....otherwise they wouldn't have added a detection for the bad code. I guess it's hard for them to admit they didn't hit this one

[TheIgster]

Quote:

Originally Posted by trjam

I try so hard to ride in Esets corner but this one takes the cake. Eset I really, hope over time you learn how to talk to ypur customers and not down to them. Arogance sells zero software and you, or one in particular really needs a attitude adjustment.

All this customer wanted to know was, is he not infected.

Completely agree. The support here certainly seems to have an "attitude" don't they?

To the OP, go download a free 15 day trial of Vipre. I would bet they find whatever is infected on your system and remove it for you. They also would help you get rid of it otherwise and actually provide some customer service with a smile.

[MrGump]

UPDATE:

Malwarebytes Antimalware did not find anything wrong

Prevx did not find anything

I just updated my ESET anti-virus and ran the scan. One file was infected and cleaned, but I do not know which file it was. If it found the threat I was concerned about, where can I confirm this?

thank you to everyone for helping out a noob.

[Marcos]

I'm not sure if you expect a person responsible for completely different things than malware analysis to analyse obfuscated javascript codes and post the result of analysis here shortly after someone reports a possibly malicious site, but nevermind. Such requests should always be routed to samples[at]eset.com per the instructions here.

The website has turned out to be basicly clean, it's just a sort of an obfuscated clicker that doesn't do anything malicious.

[MrGump]

Quote:

Originally Posted by Marcos

I'm not sure if you expect a person responsible for completely different things than malware analysis to analyse obfuscated javascript codes and post the result of analysis here shortly after someone reports a possibly malicious site, but nevermind. Such requests should always be routed to samples[at]eset.com per the instructions here.

The website has turned out to be basicly clean, it's just a sort of an obfuscated clicker that doesn't do anything malicious.

if that was meant for me Marcos than i don't want you to think i expected magic or anything. Honestly i never even been to this forum or used the software until today and I didn't know what or where to ask. I am novice that saw an alarming difference and reacted as a novice. I can see that this anti-virus and its users are not generally novices and this makes me feel secure because people know what they are talking about, but it also makes me feel a bit like a child in the dark because me being a noob reaall stands out.

thank you for checking into that website with such thoroughness.

on a separate note pertaining to my last post. ESET has just fond and cleaned a threat but I am not sure how to check if it is the treat I was concerend about. where can i find that information?

[MrGump]

FINAL UPDATE [SOLVED]


I have updated my virus signatures for ESET and run a scan. One issue was detected and resolved.

I now notice that each time I visit the attack site the "Number of blocked attacks" goes up in ESET.

I then went into "setup" and chose "advanced setup", scrolled down to "Alerts and Notifications" and clicked the "Advanced setup..." button. I un-ticked the "Display only notifications requiring user interaction" and "display only notifications requiring user interaction when running applications in full screen mode" The "minimum verbosity of events to display:" is set to "informative records".

now when I visit the attack site I get a ESET popup telling me the threat is detected and quarantined. (i just wonder if ESET would have always been doing that)

I am a very relieved person because nothing is more comforting than the familiar haha. I know I had a noob issue but that issue seems to be fixed and I am no longer concerned.

Thank you to everyone who helped. you know who you are.

and this noob figured that last part out all by himself! WOOOOT