Author Topic: Frequent Virus Alert - How to remove these URLs? (Read 4452 times)

polonus · « **Reply #15 on:** January 08, 2021, 10:59:44 AM »

The problem apparently is with afu.php for -zunsoach.com. There are several RETN.net ANY.RUN reports alerting afu.php with one malicious process. So we have to wait for avast team to confirm, that this is the case here as well and whether that is an FP. (particular malicious adware process)

-zunsoach website itself has empty code, and redirects in a scan to-> -Results from scanning URL:
-https://www.assemblea.emr.it/portal_javascripts/al_agidtheme/collective.js.jqueryui.custom.min-cachekey-14f98667ff14b45eb9b97c7c7e65557a.js website for serving up dynamic content for websites through Plone JavaScript.

That is all we know, so far,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Georgi27 · « **Reply #16 on:** January 08, 2021, 04:55:51 PM »

Quote from: DavidR on January 07, 2021, 07:12:08 PM

What windows version are you using ?

Is skype in the windows programs list to try an uninstall from there.
The reason I mention this is that I generally don't try right click uninstall from a program executable file.

Given its location in c\users\your-name\AppData\local\packages\Microsoft.Windows.Skype........... I just wonder this originated from the windows app store.

Unfortunately I can't be of much practical help, having never installed or used it.
I'm making an assumption this is a windows 10 OS - if so check this https://www.google.co.uk/search?q=uninstall+skype+for+business+windows+10

I'm using Windows 10 x64

No, Skype isn't in windows programs. I usually don't do right click and deinstall too but noticed just now that there is such an option. It still takes me to windows programs but Skype isn't there.

I googled the issue and found out that it comes preinstalled with the Office package and in order to remove it, the Office package needs to be removed as well.

Quote from: rocksteady on January 08, 2021, 10:49:20 AM

@Georgi27
Additional to David's post. Does Skype appear in Task Manager or icon in Task Bar?
David raises a valid question. Did you download Skype from a reliable source i.e. Microsoft Store?

It doesn't appear in the Task Bar, but there re two processes in the Task Manager.
Of course, I always download stuff from reliable sources but I found that it's preinstalled with the Office package so that's why I cant deinstall it. I need to remove the Office package to remove Skype for business.

Quote from: polonus on January 08, 2021, 10:59:44 AM

The problem apparently is with afu.php for -zunsoach.com. There are several RETN.net ANY.RUN reports alerting afu.php with one malicious process. So we have to wait for avast team to confirm, that this is the case here as well and whether that is an FP. (particular malicious adware process)

-zunsoach website itself has empty code, and redirects in a scan to-> -Results from scanning URL:
-https://www.assemblea.emr.it/portal_javascripts/al_agidtheme/collective.js.jqueryui.custom.min-cachekey-14f98667ff14b45eb9b97c7c7e65557a.js website for serving up dynamic content for websites through Plone JavaScript.

That is all we know, so far,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

I'll posts screenshots of the other sites when I get alerts for (they are the same sites everytime).

rocksteady · « **Reply #17 on:** January 09, 2021, 10:13:39 AM »

Thanks for clarifying that you have "Skype for business". That is slightly different from the original "Skype" product.

Author Topic: Frequent Virus Alert - How to remove these URLs? (Read 4452 times)

polonus

Re: Frequent Virus Alert - How to remove these URLs?

Georgi27

Re: Frequent Virus Alert - How to remove these URLs?

rocksteady

Re: Frequent Virus Alert - How to remove these URLs?