marjetika Posted January 7, 2021 Report Share Posted January 7, 2021 I'm getting this error: Quote <some letters and numbers>.tmp has been detected as Clam.Html.Exploit.CVE_2016_3271-2. Quarantine failed. I tried searching for the file name, but it doesn't exist. There are two such hits, both listing a file with some random name, located in $HOME\AppData\Local\Temp - which doesn't exist. Do I have a problem? Is it a fp? Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted January 8, 2021 Report Share Posted January 8, 2021 I did some of my own research and found some troubling information regarding CVE-2016-3271. The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser! More info regarding this vulnerability can be found at this www.security-database.com URL https://www.security-database.com/detail.php?alert=CVE-2016-3271 Quote Link to comment Share on other sites More sharing options...
marjetika Posted January 10, 2021 Author Report Share Posted January 10, 2021 On 1/8/2021 at 2:47 AM, ritchie58 said: Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser! I don't know if I was using Edge. I do occasionally open it for testing. I just downloaded the latest version of Immunet. Will that fix the problem? Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted January 11, 2021 Report Share Posted January 11, 2021 Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge. Best wishes, Ritchie... Quote Link to comment Share on other sites More sharing options...
marjetika Posted February 13, 2021 Author Report Share Posted February 13, 2021 On 1/11/2021 at 4:07 PM, ritchie58 said: Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge. Best wishes, Ritchie... I perform a "Full Scan" every night. Also, I just installed new version of Immunet again yesterday. And this thing still keeps popping up. Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted February 14, 2021 Report Share Posted February 14, 2021 Hi marjetika, After a few other Immunet users reported the same detection not long ago I did a little more research about this possible exploit. I found out that this vulnerability to Edge was first reported all the way back in 2016! Given that fact I'm sure that Microsoft has issued a security patch for Edge by now. Also since this is a ClamAV detection I advised that they report this False Positive directly to the ClamAV Support team. I would encourage you to do the same. Here's a URL to Clam's FP reporting page. https://www.clamav.net/reports/fp Since I'm now certain this detection is a 'False Positive' you could try to use the Restore feature next time it happens. That may or may not help though since the file directories involved are .tmp (temporary) files, the Quarantine may fail which makes it impossible to restore. Another option would be to manually type in the exact file path of the detection to create a custom Exclusion rule with Immunet to stop the FP detections. I don't think it's necessary to continue to run a Full Scan every night marjetika. Personally, I do a scheduled Flash Scan everyday since it's fast and looks at the most critical areas of your OS that malware likes to hide. I only run a Full Scan on occasion or if I observe suspicious activity that warrants further investigation. I hope this info helps, Ritchie... Quote Link to comment Share on other sites More sharing options...
Dad1973 Posted April 12, 2021 Report Share Posted April 12, 2021 I'm getting the same error but on Windows 7. I don't have Edge installed on this particular machine. Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted April 12, 2021 Report Share Posted April 12, 2021 Hey Dad, Like I suggested to marjetika please submit a False Positive report to the ClamAV Support team at the included link I provided in my last thread to this topic. Still using Win 7? I'm sure you're aware that Microsoft has stopped all support, including security patches, for this platform well over a year ago now. That leaves your computer increasingly more vulnerable to hackers, zero-day attacks, ransomware, viruses & other forms of malware as time progresses. You should seriously consider upgrading your OS to Win 10 Dad. I went from 7 to 10 & the transition wasn't as difficult as I thought it might be. Then again, going from one OS to another isn't really anything new to me since my very first PC had Windows ME installed. That seems like another lifetime ago, lol! Regards, Ritchie... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.