HTML/ScrInject.B.Gen

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Jun 8, 2012.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    HTML/ScrInject.B.Gen virus flagged at - www. famfamfam.com -

    Submitted to ESET. There are a number of other posts similar to this, is it an FP ?
     

    Attached Files:

    Last edited: Jun 9, 2012
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I'm not getting any detection on that website. I'd suggest emailing the htm file in question to ESET's viruslab as per the instructions here.
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    And how does one submit a quarantined file to ESET ?
    I have been able to duplicate this detection at least 15 times. Try obfuscated link hXXttp://www.downforeveryoneorjustme.com/famfamfam.com (note) this infects or flags, every time. Submission to ESET later.
    Please read your PM's.

     
    Last edited: Jun 9, 2012
  4. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hey siljaline :)
    Try to right click on the quarantined file, it will give you a context menu and an opportunity to send the file. (from quarantine)
     

    Attached Files:

  5. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hi
    Okay hope I have done it right. Restored the file to a virtual environment. Zipped it, and password protected it named" infected”. as per instruction here. and e-mailed it.
     

    Attached Files:

  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Submitted from quarantine using Wilders post URL as a reference.
    @ESET • Please advise Virus Lab folks it is inbound.
    Also submitted by virtue of the detection as noted in the attached screenshot. And via ThreatSense.Net. I will take no further action.
     
    Last edited: Jun 9, 2012
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The detection is correct. The web page loads a script from a rr.nu domain and is detected by 4 other AVs.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    OK, It's funky that Mozilla doesn't flag the URL but IE9 does.
    I'll stuff the URL in my Hosts file until the domain is cleaned up. Thanks for taking the time on your weekend to respond, Marcos, it is greatly appreciated :thumb:

     
Thread Status:
Not open for further replies.