GVTS 0 Posted October 11, 2018 Report Share Posted October 11, 2018 Hi, I'm running EAM on a Windows 7 machine. I've been getting scareware. EAM is not protecting against it coming in, but it does find the infection when I run a scan. It removes it and then later on it comes back. The file is found in <User>\Application Data\Local\Microsoft\Windows\INetCache\Low\IE. From what I've read, this infection is due to visiting a web site with a nasty java script. Question is how can I prevent the infection from coming back. Link to post Share on other sites
stapp 160 Posted October 11, 2018 Report Share Posted October 11, 2018 Please follow the instructions here and attach the requested logs so that one of our experts can help you https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/ Link to post Share on other sites
GVTS 0 Posted October 11, 2018 Author Report Share Posted October 11, 2018 Here's the logs. As I said, EAM finds the infection and deletes it. I think I found the site with the malicious code. When I go there using IE, I get re-infected. EAM isn't preventing the infection from getting in. Addition.txt FRST.txt EEK scan_181011-141322.txt Link to post Share on other sites
Kevin Zoll 309 Posted October 11, 2018 Report Share Posted October 11, 2018 Clear the browser cache that should take care of the issue. The system is not infected, it's just a cached page containing a link to a malicious JavaScript. Link to post Share on other sites
GVTS 0 Posted October 11, 2018 Author Report Share Posted October 11, 2018 Thank you for your response. 1) How do I clear the browser cache? 2) Why didn't EAM block this in the first place? It removed the file in <User>\Application Data\Local\Microsoft\Windows\INetCache\Low\IE, but then it came back again. Link to post Share on other sites
GVTS 0 Posted October 11, 2018 Author Report Share Posted October 11, 2018 Also, shouldn't EAM have done something to clear the cache? or maybe it should have told the user to clear the cache? Maybe something to work on. Link to post Share on other sites
Kevin Zoll 309 Posted October 12, 2018 Report Share Posted October 12, 2018 See this web page for how to clear your browser cache. https://kb.iu.edu/d/ahic EAM does not clear browser cache and is not something an Anti-Virus/Anti-Malware application should do. We do not monitor web pages and what is running inside the browser, that would mean that we would have to intercept all your internet traffic and actively monitor what you are visiting and doing while online. We do not do this for 2 reasons. First and foremost that it is a massive privacy issue and we take privacy seriously. The second is that we would have to intercept all encrypted traffic, essentially performing a man-in-the-middle attack, that poses a serious security issue and if done wrong will completely break SSL. Link to post Share on other sites
GVTS 0 Posted October 13, 2018 Author Report Share Posted October 13, 2018 Kevin, Thank you for the link and supplemental info. Link to post Share on other sites
Kevin Zoll 309 Posted October 13, 2018 Report Share Posted October 13, 2018 You are welcome. If we can be of assistance in the future do not hesitate to contact us. Link to post Share on other sites
Recommended Posts