Office.Microsoft.Com: NOD32 Catching HTML/ScrInject.B.Gen virus

Discussion in 'ESET NOD32 Antivirus' started by pmabee, Oct 28, 2011.

Thread Status:
Not open for further replies.
  1. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Looks like the MS office site has been compromised.
     
  2. jmcvay

    jmcvay Registered Member

    Joined:
    Mar 2, 2010
    Posts:
    11
    I have been receiving several alerts relating to Microsoft Office Help as well. I can't tell if you are being sarcastic or not, but I am going to guess that it is a sensitivity issue in a recent update. Both the Real-time and HTTP Scanner are picking them up.


    ClientSectionID = 16777475
    DateReceived = Oct 28 2011
    DateOccurred = Oct 28 2011
    ScannerReportedID = 16843009
    LogLevel = 2684420097
    Object = file
    Name = C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5\3J1R2G92\hfws[1].aspx
    Virus = HTML/ScrInject.B.Gen virus
    ActionTaken = unable to clean
    Info = Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Office\OFFICE11\1033\MSOHELP.EXE.
    Details = N
    ScannerReportedName = Real-time file system protection


    ClientSectionID = 16777475
    DateReceived = Oct 28 2011
    DateOccurred = Oct 28 2011
    ScannerReportedID = 16974336
    LogLevel = 1073807362
    Object = file
    Name = http://office.microsoft.com/en-us/support/??CTT=6&Origin=EC010227221033
    Virus = HTML/ScrInject.B.Gen virus
    ActionTaken = connection terminated - quarantined Info = Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    Details = N
    ScannerReportedName = HTTP filter
     
  3. techie007

    techie007 Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    125
    Location:
    Ontario, Canada
    Myself and another user (rcash, at least) have both contacted ESET and they recognize it's a false positive and have said it will be fixed in the next defs.

     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As it's been mentioned, this is a false positive that is going to be fixed in update 6584 that is being prepared right now and will be available shortly. Also we've taken measures to prevent other users from downloading the erroneous update.
     
  5. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Wasn't being sarcastic. Just thought that the Office site had really been compromised, which wouldn't surprise me at all.

    So a false positive huh? At least NOD32 wasn't detecting itself as a virus.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, it was an unfortunate detection due to a very complex Java script (142 kB in size).
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    A prior post | findings of mine perhaps there is something could be of use to ESET.
     
  8. FourEyes

    FourEyes Registered Member

    Joined:
    Dec 6, 2011
    Posts:
    2
    Location:
    UK
    Hello there,

    Just joined the forum after finding on Google.

    I am being blocked by ESET for a website called -midiox.com-

    Could you say if this is also a false positive please.

    Thanks

    Mike
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  10. FourEyes

    FourEyes Registered Member

    Joined:
    Dec 6, 2011
    Posts:
    2
    Location:
    UK
    Many thanks

    Mike
     
  11. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You're very welcome :)
     
Thread Status:
Not open for further replies.