Avast WEBforum
Other => Viruses and worms => Topic started by: FreewheelinFrank on January 24, 2006, 08:30:34 PM
-
I get a virus warning when trying to view this link. I guess it's a false positive on the page?
http://forum.avast.com/index.php?topic=7557.0\PxB1AB8
Win32:Mhtplo-26 [Trj]
-
***
Well, that is surely strange. I also got the virus warning. :o ???
***
-
Well the DrWeb browser extension doesn't show anything. So it could well be an FP.
Strange thing my browser extension for firefox now displays the info in Russian!
-
Got the same there Filesize 39220 bytes
PxB1AB8 archive HTML
,, Javascript.0 - OK
,, Javascript1.2.1 - OK
,, OK
Yep, that can be you just have to look for OK or the colour of the Spider green = OK. When the servers are busy sometimes you get the messages in Russian (in that case just reload or scan again), some lucky ones can have their messages in French even. It means it is rush hour there on their servers.
Wait until the Spider blushes in pink ;D ;D
polonus
-
AntiVir
Found HTML/Exploit.Mhtml script-virus
ArcaVir
Found nothing
Avast
Found Win32:Mhtplo-26
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found Exploit.HTML.MHTRedir-8
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
-
Still detecting even after todays update.
Is there a virus lurking on the forum?
I'm pretty sure is must be a false positive. Is anybody from avast! looking into it?
-
Bump.
Still detecting even after todays update.
-
***
Yep ... still detecting it also!
***
-
However it is a good tutorial for people who have never seen webshield at work ;D
-
Strange thing my browser extension for firefox now displays the info in Russian!
Dr. Web hyperlink scanner in Opera does the same also.
-
As polonus mentioned.
When the servers are busy sometimes you get the messages in Russian (in that case just reload or scan again),
Mine remained in Russian for a day or so and now it is back to English, so hopefully yours will too.
-
There is no virus on the webpage linked above.
I guess there is a false positive because of the string " m -s - i -t -s- :-m -h- t- m- l :f i l e-:- / -/ -C- :-\ - \-M- A-I -N .-M- H- T ! h- t- t-p"
(censured in case of I am right ;) )
-
Bump.
Still detecting even after todays update.
Yes, I thought it must be a false positive of a character string too, but is anybody going to fix it, or at least say that they know about it?
-
It will be fixed early next week (that is tomorrow or day after tomorrow)
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
Thanks
Vlk
-
Cheers Vlk!
-
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
12,000 Trojans !!!! :o :o :o So the new virus analysts are hard at work eh ;D
-
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
:o 12 000! ;D ;D ;D Cheers
BTW Vlk will this FP be fixed ? -> http://forum.avast.com/index.php?topic=18934.0 ::)
-
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
Excellent news and good work from the new virus team members, were seeing a quicker turn round in inclusion and correction of the VPS.
-
***
Thanks for the info, Vlk ... and thanks for all the hard work you and all of the Alwil team do! It's greatly appreciated by all of us users! :D
***
-
***
Thanks for the info, Vlk ... and thanks for all the hard work you and all of the Alwil team do! It's greatly appreciated by all of us users! :D
***
Second that emotion
-
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB)
Cool! Good work. Besides, Vlk, maybe there is need to create separate topic in forum for comments about unusual VPS updates. ??? Just a suggestion of course. ;D
-
It will be fixed early next week (that is tomorrow or day after tomorrow)
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
Thanks
Vlk
The days keep flying ;)
HL
-
It will be fixed early next week (that is tomorrow or day after tomorrow)
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
Thanks
Vlk
The days keep flying ;)
HL
To be serious: Is this a false one, or not? :o
It's still there anyway, VPS 0606-0 just now.
Thanks
HL
Edit: The original link in the beginning of the thread:
http://forum.avast.com/index.php?topic=7557.0\PxB1AB8
-
It is still there with new VPS 0606-1. February 06.
The best answer I can get is from myself. :'(
Thanks for reading. Perhaps this is Avast Eicar-version for web-shield?
HL
EDIT February 07: I can see that a lot of people have read this post.
On my computer the alert has been there for nearly 2 weeks, I believe.
I am surprised that nobody comments on the post. Are you getting the (false) positive? Is there anything wrong with my Webshield?
I am DISAPPOINTED that this matter has not been taken care of by now.
If Avast can't handle viruswarnings on its own forum, what then? :-[
-
***
Hi hlecter,
I hadn't posted about it since Jan 29th because I am sure they know about it. I have no idea what is being done, though.
Yes, I am still getting the warning also. It is not just you. :)
***
-
MODS:
I think you might have forgotten this one.
It's still there, VPS 0607-0 13.2.2006.
Regards
HL
-
I am talking to myself:
Still there, VPS 0607-1 14.2.2006
Regards
HL
-
Thats funny. I was looking for ways to set off the alerts in the program.
Starting to get use to the interface. Pretty cool AV!!
-
Plenty of ways to test the alerts without risking a potentially live virus link.
http://www.eicar.org/anti_virus_test_file.htm
Web Shield Test
http://www.eicar.org/download/eicar.com
NOD32 - JPEG Exploit
http://www.nod32.de/download/jpegcompoc.jpg http://www.nod32.de/download/jpegcompoc.zip
EMAIL VIRUS TEST
You can test the security of your email system here: http://www.gfi.com/emailsecuritytest/
Remember https: traffic isn't monitored so don't expect alerts in https traffic.
-
Bump.
Still triggering a false alarm!
-
I haven't mentioned it since February 14, 2006.
I have given up on this one. Speed is not Avast strongest part. ;D
Suppose they can't fix it. :'( :'( :'(
HL
-
I guess they could delete the thread ;D
-
I guess they could delete the thread ;D
Doesn't look like that. ;D
The 1000+ visitors to this thread must really wonder why an Antivirus-firm
keeps a viruswarning at the forum for several months.
It will be fixed early next week (that is tomorrow or day after tomorrow)
The last night's update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn't fix any FP's).
That is also why it was larger than usual (217KB).
Thanks
Vlk
Anyway, not my problem. But reading the quote from Vlk 2 months ago is strange.
-
***
Well, it is a good test if nothing else. ;)
***
-
It's gone!! Congratulations. :)
(we have to use another testplace for webshield. ;D )
HL
-
I still get the warning!
-
Sorry for misleading.
I tried once more and no warning.
When checking, my webshield was turned off!
(can't remember turning it off.)
Well, anyway, everything is as it should be ;D, a testingplace
for webshield ;)
HL
-
It will be fixed early next week (that is tomorrow or day after tomorrow)
The FP is still here :P ::)
-
Complete scanning result of "index.php", received in VirusTotal at 06.01.2006, 18:25:33 (CET).
Antivirus Version Update Result
AntiVir 6.34.1.37 06.01.2006 HTML/Exploit.Mhtml
Authentium 4.93.8 05.31.2006 no virus found
Avast 4.7.844.0 06.01.2006 Win32:Mhtplo-26
AVG 386 06.01.2006 no virus found
BitDefender 7.2 06.01.2006 no virus found
CAT-QuickHeal 8.00 06.01.2006 no virus found
ClamAV devel-20060426 05.31.2006 Exploit.HTML.MHTRedir-8
DrWeb 4.33 06.01.2006 no virus found
eTrust-InoculateIT 23.72.23 06.01.2006 no virus found
eTrust-Vet 12.6.2237 06.01.2006 no virus found
Ewido 3.5 06.01.2006 no virus found
Fortinet 2.77.0.0 05.31.2006 no virus found
F-Prot 3.16f 05.31.2006 no virus found
Ikarus 0.2.65.0 06.01.2006 no virus found
Kaspersky 4.0.2.24 06.01.2006 no virus found
McAfee 4774 05.31.2006 Exploit-MhtRedir.gen
Microsoft 1.1441 06.01.2006 no virus found
NOD32v2 1.1573 06.01.2006 no virus found
Norman 5.90.17 06.01.2006 no virus found
Panda 9.0.0.4 05.31.2006 no virus found
Sophos 4.05.0 06.01.2006 no virus found
Symantec 8.0 06.01.2006 MHTMLRedir.Exploit
TheHacker 5.9.8.152 06.01.2006 no virus found
UNA 1.83 05.30.2006 no virus found
VBA32 3.11.0 05.31.2006 no virus found
-
Has anyone else experienced this?
I clicked on the link and, as expected, Web Shield put up a warning about the trojan. But when I clicked Abort Connection the connection was not aborted. It downloaded to my Temporary Internet Files folder and was then caught by the Standard shield. Its now in quarantine.
Also, strangely, there is no log of either event even though the logging level is set to Notice.
btw, I did the same with eicar and the Web Shield did block that, though still no log.
-
Complete scanning result of "index.php", received in VirusTotal at 06.01.2006, 18:25:33 (CET).
Antivirus Version Update Result
AntiVir 6.34.1.37 06.01.2006 HTML/Exploit.Mhtml
Authentium 4.93.8 05.31.2006 no virus found
Avast 4.7.844.0 06.01.2006 Win32:Mhtplo-26
AVG 386 06.01.2006 no virus found
BitDefender 7.2 06.01.2006 no virus found
CAT-QuickHeal 8.00 06.01.2006 no virus found
ClamAV devel-20060426 05.31.2006 Exploit.HTML.MHTRedir-8
DrWeb 4.33 06.01.2006 no virus found
eTrust-InoculateIT 23.72.23 06.01.2006 no virus found
eTrust-Vet 12.6.2237 06.01.2006 no virus found
Ewido 3.5 06.01.2006 no virus found
Fortinet 2.77.0.0 05.31.2006 no virus found
F-Prot 3.16f 05.31.2006 no virus found
Ikarus 0.2.65.0 06.01.2006 no virus found
Kaspersky 4.0.2.24 06.01.2006 no virus found
McAfee 4774 05.31.2006 Exploit-MhtRedir.gen
Microsoft 1.1441 06.01.2006 no virus found
NOD32v2 1.1573 06.01.2006 no virus found
Norman 5.90.17 06.01.2006 no virus found
Panda 9.0.0.4 05.31.2006 no virus found
Sophos 4.05.0 06.01.2006 no virus found
Symantec 8.0 06.01.2006 MHTMLRedir.Exploit
TheHacker 5.9.8.152 06.01.2006 no virus found
UNA 1.83 05.30.2006 no virus found
VBA32 3.11.0 05.31.2006 no virus found
So, from this report it turns out that this is not a false positive? :o
-
Kaspersky said:
Hello
New detection has been added
Detection will be avaliable in an hour
This is Exploit.HTML.Mht
-
still getting the warning here
-
So is it or is not a worm, as of today I still get the virus warning !!! ???
MounierNetwork
-
Were is Alwil?
It still shows a warning and many updates have come and gone??????