[False Positive] Exploit:JS/HuanJuanEK.A! is everywhere

Berk

Hi,

 

I have just turned on my router and after 2 minutes, f-secure started to block all non-ssl websites. I tried to browse http website but immediately sign of Exploit:JS/HuanJuanEK.A!xxxxx popped up. I got scared and turned off router and got new ip and again it happened. I am seeing lots of activity about this exploit from f-secure map here:worldmap3.f-secure.com

 

Should I be worried about this? I couldn't find any information about it. How a network can be infected like this?

 

Edit: Seems like updating F-Secure product solves the issue however we are waiting a statement from F-Secure.

 

False Positive: Exploit:JS/HuanJuanEK.A:

https://www.f-secure.com/weblog/archives/00002779.html

Wardrive

Also wondering this. Started getting notifications every minute. I also checked the world map so I to came here. Wonder if its a massive false positive? Granted it is new years so I'm paranoid

dgf

Hi,

 

My F-Secure also reports  Exploit:JS/HuanJuanEK.A!

 

I got it from HS.fi 3 times every time I changed to new topic.

 

DGF

Kwonjah

Exact same problem happend to be around 50 minutes ago, and doen't JS stand for javascript?

Folld

This was happening to me also, about 7 mins ago. 

 

I havent got JS (JavaScript) installed so I dont think its that. 

 

 

Berk

Weird thing is I am also using Noscript addon with Firefox. So javascript is disabled by default however that infection like thing still appeared even if I browsed js disabled.

Folld

I meant, I havent got Java installed. I dont know if JavaScript is another thing.. >_>

Kwonjah

Seems to be working properly now

Wardrive

I'm guessing as I don't work for fsecure. It is most likely a legitimate windows service trying to update but the cloud service is treating it as malware. It seems extremely likely. The other virus vendors that I have products with aren't reporting anything, granted all my other products are Linux based.

dgf

This explains something http://worldmap3.f-secure.com/

 

AllarB

Hi!

 

For me, it dissapeared after updating virus definition but F-secure should provide some information about it ASAP. Was it false positive or not and if it was, then how did it happen?

 

Allar

Wardrive

Update fixed it on my end to. Looks like the world map bar graph is showing they are pushing this update out. Now to just wait on some PR.

AllarB

Update from F-secure:

It was false positive and is fixed now. Just update your virus definition:
https://www.f-secure.com/weblog/archives/00002779.html

RiderDavis

---

@dgf wrote:

This explains something http://worldmap3.f-secure.com/

 

---

You just made my day... ...and made me cry a little.

 

(I created an account here just to say...)

Thank you kind stranger. lol

 

And a happy new year!