[False Positive] Exploit:JS/HuanJuanEK.A! is everywhere

BerkBerk Posts: 12
in F-Secure SAFE

Hi,

 

I have just turned on my router and after 2 minutes, f-secure started to block all non-ssl websites. I tried to browse http website but immediately sign of Exploit:JS/HuanJuanEK.A!xxxxx popped up. I got scared and turned off router and got new ip and again it happened. I am seeing lots of activity about this exploit from f-secure map here:worldmap3.f-secure.com

 

Should I be worried about this? I couldn't find any information about it. How a network can be infected like this?

 

Edit: Seems like updating F-Secure product solves the issue however we are waiting a statement from F-Secure.

 

False Positive: Exploit:JS/HuanJuanEK.A:

https://www.f-secure.com/weblog/archives/00002779.html

Like

Accepted Answer

Comments

  • WardriveWardrive Posts: 3
    Also wondering this. Started getting notifications every minute. I also checked the world map so I to came here. Wonder if its a massive false positive? Granted it is new years so I'm paranoid
    Like
  • dgfdgf Posts: 2

    Hi,

     

    My F-Secure also reports  Exploit:JS/HuanJuanEK.A!

     

    I got it from HS.fi 3 times every time I changed to new topic.

     

    DGF

    Like
  • KwonjahKwonjah Posts: 2

    Exact same problem happend to be around 50 minutes ago, and doen't JS stand for javascript?

    Like
  • FolldFolld Posts: 2

    This was happening to me also, about 7 mins ago. 

     

    I havent got JS (JavaScript) installed so I dont think its that. 

     

     

    Like
  • BerkBerk Posts: 12
    Weird thing is I am also using Noscript addon with Firefox. So javascript is disabled by default however that infection like thing still appeared even if I browsed js disabled.
    Like
  • FolldFolld Posts: 2
    I meant, I havent got Java installed. I dont know if JavaScript is another thing.. >_>
    Like
  • KwonjahKwonjah Posts: 2

    Seems to be working properly now

    Like
  • WardriveWardrive Posts: 3
    I'm guessing as I don't work for fsecure. It is most likely a legitimate windows service trying to update but the cloud service is treating it as malware. It seems extremely likely. The other virus vendors that I have products with aren't reporting anything, granted all my other products are Linux based.
    Like
  • dgfdgf Posts: 2

    This explains something http://worldmap3.f-secure.com/

     

    Like
  • AllarBAllarB Posts: 2

    Hi!

     

    For me, it dissapeared after updating virus definition but F-secure should provide some information about it ASAP. Was it false positive or not and if it was, then how did it happen?

     


    Allar

    Like
  • WardriveWardrive Posts: 3
    Update fixed it on my end to. Looks like the world map bar graph is showing they are pushing this update out. Now to just wait on some PR.
    Like
  • RiderDavisRiderDavis Posts: 1
    @dgf wrote:

    This explains something http://worldmap3.f-secure.com/

     

    You just made my day... ...and made me cry a little.

     

    (I created an account here just to say...)

    Thank you kind stranger. lol

     

    And a happy new year!

    Chrissy
    1Like
This discussion has been closed.