Author Topic: Avast detecting files as ELF:Agnet-RA [Trj] after blocking website  (Read 2332 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hey guys,
today avast blocked a website because of a file infected with JS:Downloader-FY[Trj].
After that, I did a smart scan which didn't detect anything. After the smart scan, I did a complete scan.
That complete scan did detect several infected files as ELF:Agent-Ra [Trj], but I wouldn't call most of them dangerous (e.g. part of my Minecraft installation).
Some of those files were from my Linux subsytem for windows.

Does the blocked website have something to do with the detection of ELF:Agent-Ra [Trj]?
Are the detected files false positives?

Thanks for your help in advance.
« Last Edit: July 16, 2018, 09:26:17 PM by Drachenfrucht1 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Avast detecting files as ELF:Agnet-RA [Trj] after blocking website
« Reply #1 on: July 16, 2018, 09:56:06 PM »
Ha der Drachenfrucht1,

Can you give the infested (or redirecting) url as a broken link, so we can have a look if it may be still infested.
Sometimes some malware is very short-lived and then no longer active.

Break links like -http or hxtp or with spaces like http www dot badsite dot com, so it becomes non-clickable.

This malicious file downloader, hence that name, has been around for some time now, see a detection at VT's:
https://www.virustotal.com/en/file/7ea2f52578ab9dddc0e56ce46b3f7eed7e07288a7efc4f49d24c62928fa73d4a/analysis/1460937666/

S.Gr.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast detecting files as ELF:Agnet-RA [Trj] after blocking website
« Reply #2 on: July 16, 2018, 09:57:23 PM »
Quote
That complete scan did detect several infected files as ELF:Agent-Ra [Trj]
Quote
Some of those files were from my Linux subsytem for windows.
False positives  >>  https://forum.avast.com/index.php?topic=220504.0


@Polonus ... VT link posted is over 2 years old   ???


« Last Edit: July 16, 2018, 10:01:45 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Avast detecting files as ELF:Agnet-RA [Trj] after blocking website
« Reply #3 on: July 16, 2018, 10:14:44 PM »
Pondus, always there with essential feedback.

Thank you, Pondus, the older link was just there for the terminology and to show it is a longer existing threat,
nothing further related  ;) Sigh of relief for some, when these files are FP detections.  8)

pol
« Last Edit: July 16, 2018, 10:17:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Avast detecting files as ELF:Agnet-RA [Trj] after blocking website
« Reply #4 on: July 16, 2018, 10:22:27 PM »
The infested url is https snigelweb-com [dot] videoplayerhub [dot] com [slash] videoloader [dot] js

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: July 17, 2018, 12:14:33 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!