Author Topic: KNOWN FP: yahoo! false positive  (Read 22188 times)

0 Members and 1 Guest are viewing this topic.

ronnycopeh

  • Guest
KNOWN FP: yahoo! false positive
« on: June 22, 2008, 11:56:52 PM »
I need help bad every time I start up my yahoo page Avast blocks it as Malware (VBS.malware-gen) and won't let me open the page, but I can get on any other site. What do I need to do?
« Last Edit: June 23, 2008, 01:26:41 AM by kubecj »

FutileEternity

  • Guest
Re: Homepage false alert
« Reply #1 on: June 23, 2008, 12:07:29 AM »
I just recently experienced the same exact problem, and it was only after I recently updated to the latest VPS (version 080622-0).

I'm assuming this is a false error with the latest update, as ronnycopeh stated.

ronnycopeh

  • Guest
Re: Homepage false alert
« Reply #2 on: June 23, 2008, 12:10:31 AM »
What can we do about this?

FutileEternity

  • Guest
Re: Homepage false alert
« Reply #3 on: June 23, 2008, 12:12:53 AM »
I'm sure we're not the only ones having this problem, so I'm sure there will be more popping up in this thread.  Avast is pretty good with fixing these kind of things, too, so they'll probably come up with an updated VPS soon.

Also, it's done this on two systems for me.

Happy-Dude

  • Guest
Re: Homepage false alert
« Reply #4 on: June 23, 2008, 12:19:04 AM »
Yes, I have the same problem too, guys.

Yahoo! sites are causing an alert (for me, in log viewer, "VBS:Malware-gen" of application "1208"). I believe that my current VPS version is 080622-8.

I came to the fourms asking to check if anyone else had what I believed was a false positive. And I foudn this thread :) !!

How quickly will avast! update their VPS to accomodate for this false positive?

NOTE: ronnycopeh, please modify the thread title to say yahoo! false positive or something like that. That will give more notice to users.

EDIT- Thanks, ronnycopeh.

Also, I noticed that I can connect to Yahoo! sites via proxy's (like http://www.ocrig.com/ ). Should this be possible? Shouldn't avast! still alert me?
          Would it be possible for attacks from websites to get to the system through proxies, or would the proxy keep a person safe from the attack?
« Last Edit: June 23, 2008, 12:32:23 AM by Happy-Dude »

ronnycopeh

  • Guest
Re: yahoo! false positive
« Reply #5 on: June 23, 2008, 12:24:28 AM »
Thanks, just changed it, I hope they get it fixed soon, This is my first time having a problem with avast and I always though it was the best, I left nod32 to the best

jy

  • Guest
Re: Homepage false alert
« Reply #6 on: June 23, 2008, 12:26:59 AM »
I experienced the same problem today.  This is how I got past it as I am ASSUMING it is a false alarm.  1)  Opened the "avast! On-Access-Scanner", clicked on "Details >>" (more details).  2) Selected "Web-Shield" under "Installed providers:".  3) Selected "Customize".  4) Selected "Exceptions".  5) "Add" to Urls to excude.  "www.yahoo.com".

Now, when I go to Yahoo I get a different Virus Was Found! window which allowed me to select "No action" which states "Note: if you press the "No action" button, the malware will NOT be activated."

I don't seem to have any problems...famous last words maybe.

Hope this helps.

 

ronnycopeh

  • Guest
Re: yahoo! false positive
« Reply #7 on: June 23, 2008, 12:42:35 AM »
I add it to exceptions and when I go there now I get a virus alert but nothing that says no action but ok and the page show, but it happens everytime and this annoying

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: yahoo! false positive
« Reply #8 on: June 23, 2008, 12:45:08 AM »
Maybe you're seeing the WebShield alert and you'll only see abort connection button.
There is a WebShield exception list.
The best things in life are free.

Happy-Dude

  • Guest
Re: yahoo! false positive
« Reply #9 on: June 23, 2008, 12:46:26 AM »
ronnycopeh,

Don't worry. If it is a false positive, the Alwil team is probably working on an update right now. (Yahoo! is a pretty popular site). They've always been pretty quick at correcting false positives.

What they're doing now is probably researching what the heck is causing it/ testing an update/ or finding out more about the problem. Just give them some time :) .

ronnycopeh

  • Guest
Re: yahoo! false positive
« Reply #10 on: June 23, 2008, 12:51:12 AM »
I added it to the WebShield exception list and now it says ok and the page show but I'll just wait, thanks

kubecj

  • Guest
Re: yahoo! false positive
« Reply #11 on: June 23, 2008, 01:00:28 AM »
Really false alarm. Fixed in the internal build, will be fixed in next vps release.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: yahoo! false positive
« Reply #12 on: June 23, 2008, 01:02:11 AM »
Thanks for the quick reaction Kubecj.
The best things in life are free.

FutileEternity

  • Guest
Re: yahoo! false positive
« Reply #13 on: June 23, 2008, 01:25:13 AM »
I just finished a scan, and the following items came up, of which I believe are related to this:

File name: C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\2b5261u8.default\Cache\221737E1d01\221737E1d01

Malware name: VBS:Malware-gen

Malware type: Virus/Worm


File name: C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\WXK3W1G5\yahoo[8].htm

Malware name: VBS:Malware-gen

Malware type: Virus/Worm




I moved all of these to the chest, just to be safe.

chapchap70

  • Guest
Re: yahoo! false positive
« Reply #14 on: June 23, 2008, 01:26:32 AM »
I get the malware warning when using both Firefox and IE.  I changed my homepage from yahoo.com to myyahoo.com while they work on the update.  The warning does not come up when loading myyahoo.