HTML/ScrInject.B.Gen on OSX?

Discussion in 'ESET NOD32 Antivirus' started by Carbonyl, Mar 5, 2012.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    I'm currently running the latest version of ESET cycbersecurity v4 (not 5) for OS X on a macbook (I believe it's version 4.0.76). I browse the web in Opera, and have javascript restricted to only run on trusted sites - I whitelist them via site preferences, and only enable scripts for a site that I've concluded is trustworthy.

    Today I was following a Google search to a forum page that I had never visited before - as such the domain would NOT be authorized to run javascript. However, just seconds after landing on the page, ESET came up with a warning about HTML/ScrInject.B.Gen being found in Opera's temporary cache files. I deleted the file and submitted it for analysis from the quarantine. A subsequent full system scan revealed nothing futher, but I know that very often once something like this has been found it's too late.

    My questions are as follows: First, how could a (presumably javascript based) malicious attack occur when javascript was explicitly not allowed? And second, are there any steps necessary to take to ensure the stability and safety of my system in the wake of this attack? If I were running on Windows, I would reformat the computer and restore from backup - but on OS X I'm not certain that's necessary.

    I've also read a lot about HTML/ScrInject.B.Gen being related to false positives. Is there some possibility that ESET is generating an FP here? Or is that old news that's since been reliably fixed?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No-script add-ons prevent scripts on web pages from being evaluated but will not remove them from pages when saved in a temporary folder.

    That wouldn't be definitely necessary even if you were using Windows. There are hardly any cases when infected users would need to resort to formatting the disk.

    If it was an FP, then it would be just because some malware had been removed from the referenced website in the mean time. There's always a reason for this kind of detection.
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Thank you for the prompt and informative reply, Marcos. You're always super helpful.

    Am I correct in assuming from what you've written that no further action is necessary? I realize I'm probably not fully grasping the situation, but it sounds as if ESET was simply removing a threat located in a temporary file that was prevented from being executed?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Basically it was an html file with a reference to a site known to host malware that was detected and removed. Since malicious scripts mainly download other Windows malware or redirect to another site, I don't think they could do any harm on Mac (at least the chance is much lower than on Windows). Also the fact that you don't allow Java script by default increases protection.
     
Thread Status:
Not open for further replies.