AndrewL

Thanks, Guilherme. Should I still wait? The site is still being detected.

Hello! I just saw this "HEUR:Trojan.Script.Balada.gen" message as well with this site: https:// padreguillermo . com Virustotal detects nothing. Thanks!!

Is it still not working for you? https://motopress.com loads just fine for me (it didn’t before, when you reported it).

Now they are. 😅

After a quick check I noticed that most of the sites mentioned in this thread are now working (even tiny.pl from above)! 😀 Although there a few which are still inaccesible: https://backpackforlaravel.com https://www.theedgesingapore.com https://www.esjzone.cc

Right, but: Opera is blocked by Kaspersky on these sites Vivaldi is not blocked by Kaspersky, despite there is an extension (enabling or disabling it doesn’t make a difference)So I am not sure what “not supported” exactly means.

I don’t think that would work. For example, I downloaded Opera portable and it still has the issue. Only other browsers like Vivaldi never had the problem (somehow not directly supported apparently).

I understand that, but what if the affected site was google.com, hotmail.com, kaspersky.com? I think this should be treated as if thousands of users cannot access a site, and you can’t go one by one explaining a workaround. Also many first time visitors will just move on when the site displays this errors, unaware of this problem.

Claro, Kaspersky ciertamente me bloquea cosas en Opera, por eso me extraña que en Opera suceda este problema, y en Vivaldi, aun activando la extensión, no. Evidentemente esto no tiene que ver con la extensión del navegador. Reitero: ya agregué la dirección de confianza y solucioné el problema con esa página hace unos días. Sólo estoy “filosofando” un poco sobre por qué sucede en un navegador y no en otro, o por qué a algunos usuarios sí y a otros no.

Anti-Banner desactivado, Navegación Privada activada, pero aun desactivándola no cambia nada. Sobre los navegadores, el problema es con Opera (que es también basado en Chromium), y no tengo ninguna extensión de Kaspersky. ¿Esto significa que Kaspersky no actúa si se usan navegadores distintos a algunos en particular? No me queda en claro por qué a algunos les funcionan y a otros no. ¿Todos los sitios mencionados te funcionan? Fíjate en la publicación en inglés que mencioné más arriba, hay mucha gente con el exacto mismo problema. Como indicaron en la segunda página de esa publicación, las páginas funcionan si en Configuración / Configuración de red / Análisis de conexiones cifradas se elige "No analizar las conexiones cifradas", aunque claro, esto no es recomendable.

Perdón que no aclaré, terminé haciendo lo que sugieren en esa publicación, que es lo de Configuración / Configuración de red / Direcciones de confianza. Las lista de “URL de confianza” de Web Anti-Virus no funcionó. ¿Será que te funciona porque tienes el Total Security en vez del Internet Security? ¿Probaste las direcciones de la otra publicación? Aquí te dejo algunas de las allí mencionadas que a mí tampoco me funcionan: https://mapgenie.io https://leasticoulddo.com https://genshin.honeyhunterworld.com https://covidtracker.fr https://www.folhape.com.br Con Vivaldi todas funcionan, debe de ser por alguna funcionalidad de privacidad del navegador, que impide que Kaspersky intercepte.

Bueno, acabo de ver que en inglés hay un montón de gente reportando cosas similares, perdón por repetir el problema. Link Lo extraño es que por algún motivo, el navegador Vivaldi en muchos casos los sitios funcionan.

Tengo Kaspersky Internet Security hace años, y hace algunas semanas comenzó a bloquear este sitio: https://criptoya.com En pantalla aparece el mensaje: No se puede acceder a este sitioEs posible que la página web en https://criptoya.com/ar no funcione temporalmente o se haya trasladado de manera permanente a una nueva dirección web. ERR_HTTP2_PROTOCOL_ERROR Kaspersky no muestra ningún mensaje. Al desactivar el antivirus, el sitio vuelve a funcionar. Lo extraño es que si reactivo Kaspersky, inicialmente el sitio sigue funcionando. Pero luego de unos minutos, el problema vuelve a suceder. Probando módulo por módulo, el que produce esto es el Web Anti-Virus; desactivándolo basta para que el sitio vuelva a funcionar. He intentado agregar la url entre las exclusiones de URL Advisor, como así también a la lista de URLs de confianza, pero no soluciona el problema. Incluso probé desactivando toda la configuración del Web Anti-Virus, pero tampoco. Lo único que funciona es desactivar el módulo completo. En los informes del Web Anti-Virus tampoco dice nada, sólo cada vez que lo inicié y detuve. Esto es en Windows 10 Pro x64 20H2 19042.1237, y utilizando Kaspersky Internet Security 21.3.10.0391 (g). Muchas gracias.

Por favor, eliminar. Mis disculpas.

Well, I was about to do it but when explaining the steps I noticed that there's this other setting, "trusted URLs", and that one worked. The one that didn't is the one above, "Manage exclusions", which apparently only affects the URL Advisor. Thanks!

Since yesterday, Kaspersky is blocking the request my webmail does to refresh the mailbox. It says there could be a data loss, even though it's under https and the certificate is ok. The interface is Roundcube. The blocked url is like this: https://wmail4.sion.com/?_task=mail&_action=list&_refresh=1&_mbox=INBOX&_remote=1&_unlock=loading1556301415877&_=1556298403553 And the response status is "499 Request has been forbidden by antivirus". Under the advanced Web AV configuration, I've added "https://wmail4.sion.com/*", but the problem persists. If I uncheck the heuristic analysis, then the page works again. Can I disable heuristic analysis just for this url? Or can I send something to Kaspersky for analysis so they no longer detect this as risky? Using the Developer Toolbar, I see that the request's response is Kaspersky's page explaining this and with a link to inform a false positive. I clicked it several times but it doesn't fix it. Maybe because it whitelists the entire url, which of course changes every time? Thanks in advance!

Oh, I thought the following messages from KLVirusDesk after that message of mine were for the second version. I've uploaded the file to Dropbox. https://www.dropbox.com/s/h4rxfil4zcha5i7/initjs-virus.zip?dl=0 If you don't have an account, you have to click on the "no" at the bottom of the popup, and then on Download / Direct download, on the top right corner.

It seems you are talking about the first version, which was 407.13 KB and was detected with deep heuristics. I'm referring to the second version, the 669 KB one that we discussed since this reply I made, where I wondered if it was a "more obscure script", which it seems it was in the end.

Thanks a lot for all your follow-ups, harlan. I've checked the web site and indeed the init.js file is now just 5k instead of 669kb (as the second version we have seen); all its obscured JavaScript code is gone. Is this blacklisting they mention simply url-based? Because I have downloaded the previous malicious .js file and my updated KIS still does not detect it, even with the deep heuristics settings. It's not that it matters much now, but I was just wondering why it doesn't. Also KSN and Kaspersky Application Advisor say nothing about it. Again, this exact file will probably be never seen again, but the obfuscated code may appear somewhere else in the future.

Wow, thank you! I was going to send an email to that web site, as maybe they have been hacked, or some employee added this mining script, but I noticed that the file has been changed. Now it is no longer detected by Kaspersky. In Virus Total only one engine (Antiy-AVL) detects it. Could you confirm the new version is safe, and not simply a more obscure script?

Right, but at that moment I thought it may keep alerting me if I chose not to delete it. I'll try that next time. Still, Kaspersky shouldn't ask me to reboot. It happened some time ago the same thing with some other files, and it kept asking me to reboot as it wasn't able to delete them after each reboot, as those files were gone as well. I ended up having to restore them so Kaspersky could -finally- delete them.

Whenever I have a suspicious file and Kaspersky detectes a virus in it, if I manually delete the file, Kaspersky insists that I have a problem and that it should delete the file. If I choose "delete", it tries for a while and then asks for a reboot to delete it. I think Kaspersky should be smart enough to realize that the reason the file cannot be deleted is that it is gone already, and not that it's locked or something else. Once this happens, the Kaspersky icon remains red until I reboot, which I find quite bothering. Edit: I just realized I created this as a "question", instead of discussion or idea. Can that be changed when editing the post?

While looking for word meanings in this official Spanish site (ps://dle.rae.es), Kaspersky reported a trojan in this file: ps:// dle.rae.es/ js/init. js Not loading this apparently breaks the whole site styling. Kaspersky reports this as "HEUR:Trojan.Script.Miner.gen". However, if I download this file and scan it, nothing is found. I then uploaded it to Virus Total and only 2 out of 57 engines detected a virus. Kaspersky did not either. I just tried increasing the heuristic level to the maximum, and only then Kaspersky detected again this supposed trojan in this downloaded file. Is this a false positive?