Avast html:script-inf

[spg SCOTT]

Hi kirari,

You're welcome

Essentially yes, the site owner needs to remove the script on the page.

As said already, UnmaskParasites is a tool that checks the web pages, and doesn't do anything to your pc.

-Scott-

[Amiga777]

Hi, I don't mean to be necro-posting but I just recently had the same problem, when visiting http://na. square-enix .com/music/cm/profile/, of all places.

And the area is littered with this occurence, as a heads up.  Either this is a bug, or someone just really hates S-E's music.

[DavidR]

There is a problem in the way they appear to be loading images, I get three alerts. See image1, that shows alerts on what are meant to be .gif files, but they aren't .gif files, but html files, see image2. In those alerts all the pages are identical (see virustotal scan results below) and all point to a domain which I believe is malicious, b35.info and this is confirmed by avast, see image3.

http://www.virustotal.com/file-scan/report.html?id=ce6e35385286c6ac51bcdc7eff84bc1b6b8a9d3c1da7088cbd6a7e3e00f8f3c9-1285031785

So it appears to me that this site has been hacked.

This appears to be the offending script tag on the page that tries to load these .gif images (that aren't images), image4

[Amiga777]

I'm seeing this on another part of their website http://na.  square-enix.com

It appears that S-E may not even really use this area, instead using http://square-enix.com/na (no virus in this version)

I called their customer support recently and had denied that any viral/worm activity exists on their [North American] website.  I gave them the malware identity before hanging up;  I just don't want to see anyone get hurt, on both sides of the web spectrum.

I pray they investigate it.

Luckily I use Mac AND Windows, and I guess if it wasn't for me using Windows, I would have been completely naive of this situation.  I'm perhaps one of the few Mac users out there that doesn't use the Mac version of Avast! (sorry Alwil, I have my reasons).

[DavidR]

Some sites get hacked and the owners are blissfully unaware and some completely adamant they aren't infected.

[grahamft]

I've just started getting this problem, seemingly with the latest virus signature update.  It seems to be almost exclusively affecting Google.  There's no problem simply accessing the www.google.co.uk website but when I try to log into iGoogle I get this message, specifically stating the URL: http://www.google.co.uk/ig?hl=en|>{gzip}. 

I am also getting this when I log onto the members section of www.dooyoo.co.uk (members.dooyoo.co.uk) although I can actually access the website despite the message!  I also get the message in Dooyoo when I do a site search (Dooyoo seems to use Google as it's search engine!)

Getting a strong suspicion that this is a false positive as these website are reputable and have no previous history of security issues.

[scythe944]

I just got several emails and phone calls about viruses on several websites, including some internal Sharepoint websites that aren't accessible via the web.

It seems like all of my locations with Avast (which is all of them...) are complaining about warnings as of about 4pm EST.

I submitted one as a false positive before I left work, then on my way home the emails and phones calls started.

I really think this one is a false positive and I hope it will be fixed in the next update.

[scythe944]

Never mind. https://blog.avast.com/2011/04/11/false-positive-issue-with-virus-defs-110411-1/

[Tiggertum]

Total newbie here, and someone who doesn't know alot about computers!!!

I had no problems earlier today accessing the sites i visit on a daily basis but this evening i have had ton's of problems.  Is there any threat to my computer???  Anything i can do???  Will the problem be fixed???  If So, when???  If i can access it (haven't tried yet) am i safe to use internet banking???

Sorry if they are all really dumb questions, like i said i do not understand the problems and my colleague at work i usually ask is on leave for 2 weeks!

[rquick]

Hi. New member here. Subscribed because of this problem.



Edit: Never mind. Fixed thanks to Scythe944's message (#22) Cheers guv'

[Tiggertum]

Total newbie here, and someone who doesn't know alot about computers!!!

I had no problems earlier today accessing the sites i visit on a daily basis but this evening i have had ton's of problems.  Is there any threat to my computer???  Anything i can do???  Will the problem be fixed???  If So, when???  If i can access it (haven't tried yet) am i safe to use internet banking???

Sorry if they are all really dumb questions, like i said i do not understand the problems and my colleague at work i usually ask is on leave for 2 weeks!

[allenergy]

avast is a disaster today.. WHAT IS GOING ON?

[Agee]

avast is a disaster today.. WHAT IS GOING ON?

Well, I followed the suggestion of running a boot scan, and since it couldn't repair, I quarantined them...it started moving Microsoft Shared files before I lost power.  Now I can't even boot.  A real virus might have been better.

[allenergy]

Well, I followed the suggestion of running a boot scan, and since it couldn't repair, I quarantined them...it started moving Microsoft Shared files before I lost power.  Now I can't even boot.  A real virus might have been better.

Well I am glad I read this because I need to reboot due to this mess and was going to run a boot scan. I won't now! 

SHAME on avast for allowing this to occur.. it has disrupted everyone's life terribly!

I am not happy .. nearly removed avast (which I paid for) from my PC. I knew the warnings were fake but could not make them stop! 

I have had to leave one up so no more new ones will pop up.  DISASTER.

Thanks again for your post!

[Hermite15]

DO NOT RUN ANY SCAN >>> UPDATE MANUALLY TO NEW VPS 110411-2 (you were getting false positives through a bad VPS update, ie 110411-1)

edit: restore quarantined stuff as well