Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: JJB22 on August 28, 2012, 11:55:42 AM

Title: Trojan?
Post by: JJB22 on August 28, 2012, 11:55:42 AM
go to tesco.com and when I try and log in I get flagged a trojan, is it Firefox as I cant see why a site like Tesco would do this?

Infection Details
URL:   http://HXX.tesco.com/groceries/UIAssets/...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   JS:Blacole-AV [Trj]
Title: Re: Trojan?
Post by: CraigB on August 28, 2012, 12:20:13 PM
Please break the link by changing http to hxxp as we dont want anyone to click on infected links.
Title: Re: Trojan?
Post by: JJB22 on August 28, 2012, 12:58:38 PM
go to tesco.com and when I try and log in I get flagged a trojan, is it Firefox as I cant see why a site like Tesco would do this?

Infection Details
URL:   http://hxxp.tesco.com/groceries/UIAssets/...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   JS:Blacole-AV [Trj]
Title: Re: Trojan?
Post by: kim_c on August 28, 2012, 01:27:02 PM
Happening to me too, same trojan
Title: Re: Trojan?
Post by: callump on August 28, 2012, 01:31:35 PM
There was an upgrade to Avast this morning and then I started getting this on my own website.

I then went to the main DotNetNuke website and had the same issue (Both are complaining about Telerik)
Title: Re: Trojan?
Post by: strvmarv on August 28, 2012, 02:11:12 PM
Looks like a false positive to me.  SiteFinity triggers it as well...

Telerik.Web.UI.WebResource.axd in regards to a hidden field
Title: Re: Trojan?
Post by: tristanovic on August 28, 2012, 02:15:28 PM
All telerik enabled sites trigger this. Local development on the telerik components is not possible now with Avast enabled..
Title: Re: Trojan?
Post by: CraigW on August 28, 2012, 03:00:27 PM
I  have the same blocked trojan notice on -  https:\\www.wffcuonline.com
I get the same notice on 3 computers since this morning.
I ran Avast, Malwarebytes & MS Malicious Removal and nothing found.
Hoping for posting on fix - I cannot get to my banking.  Thx
Title: Re: Trojan?
Post by: merricat on August 28, 2012, 03:11:05 PM
I have the same message from Avast. I was accessing my banking online. I can get into anything else I have tried so far but not Bangor Savings Online.

Is this something attached to ME or the bank???
I ran quick scan and it did find  JS:Blacole-AV [Trj] in one file.

How do I remove it? And should I tell my bank?
Title: Re: Trojan?
Post by: ISES Softpack on August 28, 2012, 03:16:21 PM
I have the same problems with all my DNN site after the update of Avast.

What to do ???
Title: Re: Trojan?
Post by: MAG on August 28, 2012, 03:19:22 PM
submit to virustotal for checking would be a good start.
Title: Re: Trojan?
Post by: merricat on August 28, 2012, 03:24:55 PM
how do I submit? Avast would like to shut down and scan boot then restart. btw the woman I spoke to at the bank (local branch) had no issues getting in to her account. She has given my info to customer service but they haven't called me yet.

do we always have to do captcha? I can't read half of them. :/
Title: Re: Trojan?
Post by: sept2749 on August 28, 2012, 03:28:03 PM
same problem here. Starting this morning every time I open firefox I get the Avast alert. It's got to be a false positive. WOuld like to hear from Avast or have them patch it.
Title: Re: Trojan?
Post by: CharlesZdh on August 28, 2012, 03:28:19 PM
This is most likely a false positive, I am a web developer and have been using Telerik products for years, there is no way that they contain trojans. Telerik provide professional class developer tools for web (and other) applications.

Also, it seems like Avast only has this false positive in Firefox. I have been checking my production websites in Chrome and IE8+, no trojans detected.

PLEASE AVAST PROVIDE QUICK UPDATE  before our customers start complaining. Telerik products are WIDELY used in web development and having a false positive in such a context is not a good thing AT ALL.
Title: Re: Trojan?
Post by: Maria Bourke on August 28, 2012, 03:34:13 PM
Hi,

All of us in the office who have ran Avast cannot now access any web sites - we keep getting the message Trojan Horse Blocked

c/programmefiles(*86)mozilla firefox/firefox.exe - we have tried internet explorer and other internet providers but the same message appearing.

Is there any way we can get rid of the error message ?

None of us techies and we have all come to a standstill

thanks
Title: Re: Trojan?
Post by: emere on August 28, 2012, 03:45:04 PM
Doesn't look like a false positive to me.

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FBlacole.AV

I got the same error trying to access my bank. Microsoft says it's real.
Title: Re: Trojan?
Post by: fraser on August 28, 2012, 03:46:18 PM
It would appear that AVAST is picking up compressed javascript and falsely reporting it as JS/Blacole.AV trojan  ::)

Avast triggers a warning for every website that uses a CMS and gzip-compressed JS

It is causing major problems at the game I moderate, unless there has been a major global infestation which no one else has picked up this is an AVAST issue not a genuine trojan.

/uninstalled until fixed

I can do this on all my machines quicker than adding realtime / webshield / scriptshield exceptions for every site I need to visit

Title: Re: Trojan?
Post by: fraser on August 28, 2012, 03:48:32 PM
Microsoft says it's real.

The trojan is real - I doubt this detection is  ;)
Title: Re: Trojan?
Post by: emere on August 28, 2012, 03:54:00 PM
OK. UNINSTALLING AVAST!!!!!!!!! No time for rubbish. They need to fix this ASAP.
Title: Re: Trojan?
Post by: essexboy on August 28, 2012, 03:57:11 PM
I am detecting a Java script on the site ..  I have downloaded it and edited it.. (after closing Avast ) I can see nothing there at the moment but I am not to hot on Java


Edit :  Submitted to virus labs for analysis
Title: Re: Trojan?
Post by: merricat on August 28, 2012, 04:12:55 PM
I ran Malware bytes and it found nothing.
Avast has a file named  JS:Blacole-AV [Trj] .
I can seemingly get into everything but my online banking.
My bank has no problems that they know of.
Now what?

Title: Re: Trojan?
Post by: kim_c on August 28, 2012, 04:20:37 PM
I am only having a problem with tesco.com. Wish they'd do something, I need to do my grocery shopping!
Title: Re: Trojan?
Post by: MAG on August 28, 2012, 04:26:16 PM
I ran Malware bytes and it found nothing.
Avast has a file named  JS:Blacole-AV [Trj] .
I can seemingly get into everything but my online banking.
My bank has no problems that they know of.
Now what?

Not sure that there are any options but to (i) wait for a response/update of database from avast or (ii) choose to ignore the detection and take a risk (or (iii) change AV, which if avast is the only av detecting is pretty much the same as (ii)).
Title: Re: Trojan?
Post by: merricat on August 28, 2012, 04:30:21 PM
Quote
Not sure that there are any options but to (i) wait for a response/update of database from avast or (ii) choose to ignore the detection and take a risk (or (iii) change AV, which if avast is the only av detecting is pretty much the same as (ii)).

Well waiting it will probably be as I can't do what I needed to do lol.
I only have Avast and Malware bytes. Avast put the trojan in the virus vault. So probably that is why malware bytes finds nothing.

As to risk the only thing this is effecting is my online banking site..... so...I don't know :(
Title: Re: Trojan?
Post by: Drooooom on August 28, 2012, 04:47:09 PM
It would appear that AVAST is picking up compressed javascript and falsely reporting it as JS/Blacole.AV trojan  ::)

Avast triggers a warning for every website that uses a CMS and gzip-compressed JS

It is causing major problems at the game I moderate, unless there has been a major global infestation which no one else has picked up this is an AVAST issue not a genuine trojan.
"Avast triggers a warning for every website that uses a CMS and gzip-compressed JS"

Oh, I've got the same problem with videos on canalplus.fr :

hxxp://media.canal-plus.com/design_pack/front_office_wwwplus/js/cplus.8b4dc01d11c41b6fdece6c63160522e9.min.js is the problem [ JS:Blacole-AV [Trj] ] according to my scan report...
Title: Re: Trojan?
Post by: kd5 on August 28, 2012, 04:55:52 PM
The same (JS:Blacole-AV [Trj]) is being reported when I log into my banking acount.  If this is in fact a false positive, then it needs to be taken care of QUICKLY.  If it is NOT a false positive, then I need to call my bank and tell them someone has infected their website with a trojan.       -kd5-
Title: Re: Trojan?
Post by: spbastien on August 28, 2012, 05:02:30 PM
Having the same issue trying to access my account settings for Google.

hxxps://www.google.com/settings/account?hl=en
Title: Re: Trojan?
Post by: JJB22 on August 28, 2012, 05:13:05 PM
I am only having a problem with tesco.com. Wish they'd do something, I need to do my grocery shopping!

Perhaps its a sign we need to walk and fetch it? ::)
Title: Re: Trojan?
Post by: jimmy2done on August 28, 2012, 05:14:42 PM
Just wanted to say I visited the Adobe forums looking something up and I got the same message, avast said there was a trojan infecting Adobe. Hopefully someone will see this thread, this is huge mistake that is going to cause major issues for people if it doesn't get fixed quickly. I highly doubt all these major corporations have this trojan, more likely a false positive.

Virus definitions: 120828-1
Program version: 7.0.1466
Title: Re: Trojan?
Post by: polonus on August 28, 2012, 05:17:47 PM
Whenever it is a FP, it will be soon be taken care of with a coming update,

polonus
Title: Re: Trojan?
Post by: CharlesZdh on August 28, 2012, 05:24:09 PM
Check this thread and this for more info:

http://forum.avast.com/index.php?topic=104155.0
 (http://forum.avast.com/index.php?topic=104155.0)

http://www.telerik.com/community/forums/aspnet-ajax/general-discussions/avast-and-g-data-antivirus-detect-trojan-in-telerik-generated-js-file.aspx#2250715
 (http://www.telerik.com/community/forums/aspnet-ajax/general-discussions/avast-and-g-data-antivirus-detect-trojan-in-telerik-generated-js-file.aspx#2250715)
Title: Re: Trojan?
Post by: howpau on August 28, 2012, 05:43:48 PM
FOR THOSE OF YOU WHO WANT TO ACCESS YOUR BANK ACCOUNT ONLINE:
I RESTARTED MY COMPUTER IN SAFE MODE WITH NETWORKING AND WAS ABLE TO ACCESS MY ACCOUNT THAT WAY.
MEANWHILE, I HOPE THIS REALLY IS A FALSE POSITIVE
Title: Re: Trojan?
Post by: essexboy on August 28, 2012, 05:57:55 PM
Update just released has fixed it

Update now please manually
Title: Re: Trojan?
Post by: merricat on August 28, 2012, 06:02:03 PM
Thank you! And yes it did! I was talking with my bank at the time the update popped up. So I dumped everything in the cache just for luck and I logged in!
Thank you Avastians lol!
Title: Re: Trojan?
Post by: CraigW on August 28, 2012, 06:05:11 PM
Update worked.   On to banking.    Thanks.
Title: Re: Trojan?
Post by: jimmy2done on August 28, 2012, 06:21:27 PM
Update worked for me also, couldn't reproduce the trojan alert again.

Good work, avast.
Title: Re: Trojan?
Post by: gibot on August 28, 2012, 08:28:48 PM
Is this the virus definition that has the fix?

virus definition 120828-2. If it has been updated through automatic update, do I still need to update it manually again?
Title: Re: Trojan?
Post by: essexboy on August 28, 2012, 08:53:44 PM
That is the one - if you have it no need to update