ESET seems to find HTML/ScrInject.B.Gen on a number of pages recently

Discussion in 'ESET NOD32 Antivirus' started by Carbonyl, Dec 8, 2011.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    I'm currently browsing the web on OS X 10.6.8, using Opera 11.60 with Javascript on a whitelist basis, and running ESET 4.0.69.0. In the last month or two I've seen at least three warnings about HTML/ScrInject.B.Gen when browsing the web. I find this odd, because that's more than I even see with my PC. Usually the infection warning for HTML/ScrInject.B.Gen is about a temporary file in the Opera Cache. I delete it in all cases.

    The last time, my curiosity got the better of me, and I submitted the URL to virus total, only to find that ESET was the only scanner to claim the HTML/ScrInject.B.Gen infection, or any infection at all. I'm a bit curious about this. When attempted to contact a webmaster about this, the only reply I got was "ESET is [Expletive Deleted], get a real virus scanner", and his insistence that this was a false positive.

    My question is: What type of infection is HTML/ScrInject.B.Gen? Is this something that could leverage the OS X platform in a way I'm unaware of? Is it just triggered by the presence of a few lines in the HTML, like a javascript redirect? Is it possible that I have my settings for ESET set too aggressively? Thanks for any assistance.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a detection of sites known to host malware. If you think that certain website has been flagged in error, report it to ESET as per the instructions here.
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Thanks, Marcos. Will do, in terms of reporting false positives.

    For clarification, though, if I run Javascript on a whitelist and ESET caught this, is there any risk involved of the page spreading the malware? The name makes me think it's a Javascript injection type malware, but I can't find any more information on it anywhere. Also, the pages seem to still load despite ESET flagging the temporary cache files.
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I guess the site itself may be alright except that it probably loads an external script which is detected and blocked. Please email ESET as advised above and include the url that the alert is triggered on.
     
Thread Status:
Not open for further replies.