Virus alerts from office.microsoft.com ?

Discussion in 'ESET NOD32 Antivirus' started by dsi-ap, Oct 28, 2011.

Thread Status:
Not open for further replies.
  1. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Hi All

    We had a few machines on the network report alerts from office.microsoft.com.

    Using ESET NOD32 Antivirus v4.2.71.2 / signature 6583 ( 20111028 )

    Code:
    ESET NOD32 Antivirus: Threat alert
    
    28/10/2011 15:36:06 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helphome14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2 contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:14 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/searchresults14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2&Query=developer&Scope=HP,HA,RZ,FX,XT,XP,VA,DC,EM,LX contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:16 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/searchresults14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2&Query=developer&Scope=HP,HA,RZ,FX,XT,XP,VA,DC,EM,LX contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:17 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:28 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:39 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:36:39 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:37:21 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VWWOP9LO\HELPHOME14[1].HTM contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:37:22 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWOP9LO\helphome14[2].htm contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:37:23 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZI03URIQ\helppreview14[1].htm contains HTML/ScrInject.B.Gen virus.
    28/10/2011 15:37:24 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MAO6815\helppreview14[1].htm contains HTML/ScrInject.B.Gen virus.
    
    Is this a false positive?
     
  2. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    I contacted Eset support and they confirmed it is a false positive and should have it fixed with the next update.
     
  3. techie007

    techie007 Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    125
    Location:
    Ontario, Canada
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
Thread Status:
Not open for further replies.