Dangerous Website

Discussion in 'ESET Smart Security' started by MrGump, Sep 7, 2009.

Thread Status:
Not open for further replies.
  1. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    When I was using Kaspersky Internet Security and I would visit the website ~ Malware Link Removed as per TOS ~. I would always get a warning message that this website was trying to load a Trojan, and then a message that Kaspersky blocked it.

    I am now using ESET and I visit that website and I get no warning at all. Does this mean that ESET is not detecting/blocking this threat and my system is now compromised?
     
    Last edited by a moderator: Sep 7, 2009
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,959
    Location:
    U.S.A.
    MrGump, that Web site is labeled as an Attack Site as per my Firefox browser and under our Terms of Service, I had no choice but to remove the malware link. Perhaps you can PM an ESET Moderator with your problem.

    JR
     
  3. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    my bad, sorry
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,959
    Location:
    U.S.A.
    MrGump, no problem. We don't want someone else, whose computer might not be protected, to get infected. Take care.

    JR
     
  5. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    The ESET Moderator, danieln wrote this to me:

    'Hello,

    the page is infected and will be detected as
    HTML/TrojanDownloader.IFrame trojan

    D."

    I am aware the page is infected but I am not getting a visual detection warning. Is that normal? The page just loads normally.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Suspicious websites should be reported to samples[at]eset.com. The one in question contains a JS code that will be detected as of the next update.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You've already answered it yourself. Detection will be added to the next update, that's the reason why you didn't receive any alert.
     
  8. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394

    so technically my computer is infected now? With whatever was coming from that site?
     
  9. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Would u tell me which website that got malware?To make we all user to alert about the website...
     
  10. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    i am not allowed to post it here because it violates the TOS of this forum. if you send me a private message I can send you the website address. :p
     
  11. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    Marcos,

    I really need to know if my system is infected by this. I understand that the notification has been added to the next update, but does that mean the malware got past ESET and my system is now infected by whatever that website was trying to put on my computer?
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I try so hard to ride in Esets corner but this one takes the cake. Eset I really, hope over time you learn how to talk to ypur customers and not down to them. Arogance sells zero software and you, or one in particular really needs a attitude adjustment.

    All this customer wanted to know was, is he not infected.
     
  13. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    thank you and thank you. I also felt I was being treated a bit like a dope. :mad: o_O And I am not even a ESET customer yet, i am trying out the 30 day trial software.
     
    Last edited: Sep 7, 2009
  14. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    will someone please help me :doubt: :'(
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Personally I would start off by downlaoding Malwarebytes Antimalware, update the definitions then run a full scan and see what it detects.
    Post your results here as they will be able to sort out FP's (if any) and real malware.
    Also downloading the free version of Prevx and post your results in the Prevx forum here at Wilders. A Prevx rep and others should be able to help you out with the results.
    The free version of Prevx will only detect, not remove, but at least you should be able to find out if indeed you are infected.
     
    Last edited: Sep 7, 2009
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree with LoneWolf's suggestions.

    Also download the free versions of Avira AntiVir and SUPERAntispyware, and do full scans with these as well.

    Once you have got your system back to a clean state, I would suggest getting some imaging software for future use. Restoring the system from a clean image is the most reliable way to remove all traces of a malware infection.

    In terms of web browser protection, antivirus software that relies on blacklisting is always bound to be a bit hit and miss. A layered approach is always good and you could consider supplementing a conventional antivirus with some kind of sandbox to restrict the potential for damage that malware can cause. In case you are not familiar with sandboxing, there are two kinds: virtualisation sandboxes and policy-based sandboxes.

    Good examples of this type of technology are: Sandboxie (application virtualisation), Returnil (partition virtualisation), DefenseWall (policy-based), Appguard (policy-based), etc.
     
  17. Hotep

    Hotep Registered Member

    Joined:
    Jan 7, 2008
    Posts:
    34
    Location:
    Sydney Australia
    Nice to know it's not just me that feels that way! (you took the words right out of my mouth Trjam):thumb:
     
  18. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    ESET SS does handle Malware. Like any software they can't catch everything. They have done a fine job for me.
    So why would the 2 mentioned Malwares be needed?
    The WEB is a very dangerous place, so all surfing should be done in "Sandboxie".
    It is an excellent program and free. Also Has the gentleman tried doing a scan with ESET?
    Another good free program to be running is "CCleaner". A combination of these
    and a tenacious application of these keeps my Puter running smoothly.
    Good luck
     
    Last edited: Sep 7, 2009
  19. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394

    thank you, i have done both and posted both.


    UPDATE: the prevx log is too large to post on the forum!
     
  20. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Technically, yes....otherwise they wouldn't have added a detection for the bad code. I guess it's hard for them to admit they didn't hit this one :(
     
  21. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    645
    Location:
    Edmonton, AB
    Completely agree. The support here certainly seems to have an "attitude" don't they?

    To the OP, go download a free 15 day trial of Vipre. I would bet they find whatever is infected on your system and remove it for you. They also would help you get rid of it otherwise and actually provide some customer service with a smile.
     
  22. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    UPDATE:

    Malwarebytes Antimalware did not find anything wrong

    Prevx did not find anything

    I just updated my ESET anti-virus and ran the scan. One file was infected and cleaned, but I do not know which file it was. If it found the threat I was concerned about, where can I confirm this?

    thank you to everyone for helping out a noob.
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'm not sure if you expect a person responsible for completely different things than malware analysis to analyse obfuscated javascript codes and post the result of analysis here shortly after someone reports a possibly malicious site, but nevermind. Such requests should always be routed to samples[at]eset.com per the instructions here.

    The website has turned out to be basicly clean, it's just a sort of an obfuscated clicker that doesn't do anything malicious.
     
  24. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394

    if that was meant for me Marcos than i don't want you to think i expected magic or anything. Honestly i never even been to this forum or used the software until today and I didn't know what or where to ask. I am novice that saw an alarming difference and reacted as a novice. I can see that this anti-virus and its users are not generally novices and this makes me feel secure because people know what they are talking about, but it also makes me feel a bit like a child in the dark because me being a noob reaall stands out.

    thank you for checking into that website with such thoroughness. :D

    on a separate note pertaining to my last post. ESET has just fond and cleaned a threat but I am not sure how to check if it is the treat I was concerend about. where can i find that information?
     
  25. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    FINAL UPDATE [SOLVED]


    I have updated my virus signatures for ESET and run a scan. One issue was detected and resolved.

    I now notice that each time I visit the attack site the "Number of blocked attacks" goes up in ESET.

    I then went into "setup" and chose "advanced setup", scrolled down to "Alerts and Notifications" and clicked the "Advanced setup..." button. I un-ticked the "Display only notifications requiring user interaction" and "display only notifications requiring user interaction when running applications in full screen mode" The "minimum verbosity of events to display:" is set to "informative records".

    now when I visit the attack site I get a ESET popup telling me the threat is detected and quarantined. (i just wonder if ESET would have always been doing that)

    I am a very relieved person because nothing is more comforting than the familiar haha. I know I had a noob issue but that issue seems to be fixed and I am no longer concerned.

    Thank you to everyone who helped. you know who you are. :thumb: :thumb:

    and this noob figured that last part out all by himself! WOOOOT :argh:
     
Thread Status:
Not open for further replies.