Skip to content

GSA SER Security Concern - Need Advice

SupernovaSupernova Internet
in Need Help

Hi everyone,

I recently encountered a security issue on my Windows machine and wanted to check if anyone else has experienced something similar.

Windows Security Alert (Severe):

  • Detected: Trojan/ScrInject.EK!MTB
  • Status: Quarantined
  • Affected file path: AppData\Roaming\GSA Search Engine Ranker\projects\[]...new_targets
  • The alert mentioned that the program is dangerous and may execute commands from an attacker.

So far, Windows Defender has quarantined the threat, but I also noticed a “Remediation incomplete” message from an earlier detection, which is a bit concerning.

A few questions:

  1. Has anyone here encountered this specific threat before (especially related to GSA SER or similar tools)?
  2. Is Windows Defender quarantine sufficient, or should I take additional steps?
  3. Would you recommend running other tools (e.g., Malwarebytes, full system scan, etc.)?
  4. Should I completely remove and reinstall the affected software?

I’d appreciate any advice on best practices to ensure my system is fully clean and secure.

Thanks in advance.


Tagged:

Comments

  • SvenSven www.GSA-Online.de
    It can happen that a website is infected. Our software doesn't know that of course when it visits it and has previously got the target from search engines or site lists / imports.
    However, this is not really a security problem here. The software does not execute anything on these sites (like javascript). It just performs the actions defined int he script for that site (if at all and the site matches some defined patterns). It can not infect your system.
    Your virus scanner does not know what will happen with such an infected site and warns you of course. Which is OK but also a bit annoying and slows things down a lot. I suggest to add an exception for the folder/app.
    Thanked by 1Supernova
  • SupernovaSupernova Internet
    Sven said:
    It can happen that a website is infected. Our software doesn't know that of course when it visits it and has previously got the target from search engines or site lists / imports.
    However, this is not really a security problem here. The software does not execute anything on these sites (like javascript). It just performs the actions defined int he script for that site (if at all and the site matches some defined patterns). It can not infect your system.
    Your virus scanner does not know what will happen with such an infected site and warns you of course. Which is OK but also a bit annoying and slows things down a lot. I suggest to add an exception for the folder/app.

    Thanks for the clear explanation, @Sven. That makes a lot of sense, the software is just storing URLs/targets from those sites, not executing any code from them, so the detection is essentially a false alarm from Defender being overly cautious.

    Just to update, I'm currently in the process of reinstalling my VM and planning to do a fresh install of GSA SER afterwards. Since this will be a clean setup, I want to make sure I don't lose any of my existing data and configurations.

    Honestly, I'm not sure where to start when it comes to backing up GSA SER properly. Could you advise on what exactly needs to be backed up before I wipe everything? Things like projects, settings, target lists, verified URLs, I'm not even sure where all of that is stored or what format it's in.

    Also, once I have the backup, what's the correct way to restore it on the fresh install? Is it just a matter of copying files over, or is there more to it?

    Really don't want to lose months of work, so any guidance would be greatly appreciated!


  • SvenSven www.GSA-Online.de
    edited March 26
    The easiest way is probably the following...
    1. go to %appdata%\GSA Search Engine Ranker\ folder (you can enter that exact path in the explorer)
    2. copy all of that content over to your new system (same %appdata% folder)
    If the login changed, you might have to edit config.ini and search for ":\" and change it.
    Thanked by 1Supernova
Sign In or Register to comment.