doubleclick.net causing HTML/ScrInject.B.Gen virus alerts

Discussion in 'ESET NOD32 Antivirus' started by Geosoft, Jan 30, 2012.

Thread Status:
Not open for further replies.
  1. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Any known issues with 6840? A lot of computers on my network is complaining about HTML/ScrInject.B.Gen virus, where most of the URL is coming from doubleclick.net, and a small handful of others.
     
  2. jard

    jard Registered Member

    Joined:
    Jan 30, 2012
    Posts:
    1
    Location:
    United States
    I'm seeing the same problem with 6840.
     
  3. clutch

    clutch Registered Member

    Joined:
    Oct 10, 2008
    Posts:
    19
    We're getting them too. No adverse affects that we can see....and all are on what looks to be advertising sites too. I wonder if an ad hosting company that hosts all these sites got hit.
     
  4. etciv

    etciv Registered Member

    Joined:
    Jan 30, 2012
    Posts:
    1
    Location:
    US
    We are getting them as well at our site with 100+ users.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hello,
    it was an advertising domain that was blocked. A new update addressing the FP is being prepared and will be released shortly.
     
  6. clutch

    clutch Registered Member

    Joined:
    Oct 10, 2008
    Posts:
    19
    Looks like 6841 has been released. Pushing out to my clients now.
     
  7. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588

    Awesome. Let us know if there's any continued FP activity
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Could it be that this FP was caused by "Antivirus and antispyware scanner module: 1337 (20120130)" and not by defs 6840?

    Just being curious here ;)
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    If it was caused by defs 6840, you would expect to see it here mentioned:
    http://www.eset.eu/podpora/aktualizacia-6840?lng=en

     
  10. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    • @ FanJ

    I have Antivirus and antispyware scanner module: 1337 (20120130) module installed under non pre-release, no issues reported from the users that report to me through other channels.

    I hope it was a true false-positive and has been rectified for now.
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Siljaline,

    The whole point of my two previous postings in this thread was:
    If defs update 6840 was causing this FP "HTML/ScrInject.B.Gen",
    then you would expect it mentioned in the list here .
    But it is not mentioned there.
    So did that list not mention everything? Lets assume that that list was correct. I suppose we get correct info on those lists.
    Was "HTML/ScrInject.B.Gen" mentioned in a previous other list? As far as I can see with my bad eyes: no.
    So the only conclusion can be that it was the recent "Antivirus and antispyware scanner module: 1337 (20120130)" that was causing this.
    Or am I missing something?

    PS:
    And yes, this was with pre-releases updates not enabled on NOD32 4.2.71.2, on XP-home SP3.
    And no, I got no warnings from this FP: I block doubleclick.
     
  12. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The virus signature update 6480 does not list HTML/ScrInject.B.Gen per se. It was blocked a ESET's Virus Labs for reasons as we are aware to be a confirmed false-positve, which has been corrected.

    The updated module component:
    Antivirus and antispyware scanner module: 1337 (20120130) was likely unrelated. The module change was not logged
     
  13. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    I too have one quarantine item (2 detected threats) related to this HTML/ScrInject.B.Gen virus-so in plain language, is this real or false and should it be deleted from quarantine or what should I do? I currently have version 6843 and have run a scan after detection which was clean.
     
    Last edited: Jan 31, 2012
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    If the files are not detected with the latest version you can leave them out of quarantine.
     
  15. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    OK-Marcos, thank you for the prompt reply. I am a simple man, not an expert.
     
    Last edited: Jan 31, 2012
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Hey silj,

    OK.
    I was considering that possibilty when I wrote "Lets assume that that list was correct. I suppose we get correct info on those lists."
    So, if defs update 6840 was causing this, we might come to a conclusion about those lists :ouch:

    Anyway, glad to see that it seems to have been fixed quickly. :)

    BTW, the "Antivirus and antispyware scanner module" was updated to: 1338 (20120131)
     
  17. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    ESET didn't remain '1337' for very long. ;)
     
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Hmmm... since I am no longer logging, these, my version no longer allows me to report them

     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.