Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Spiritual2016 on March 16, 2017, 06:29:27 AM
-
I opened my Word Processing Software (that I created and saved) and the following pop-up appeared:
Object: Http:\\cdn/adinall.com\js\ssp.\jsl (gZip) (Embedded)
Infection: HTMLScript-inf
Process: C:\Users\User\AppData\Local\Kingsoft\WPSOffice\10.2.0.5820\Office6\wps.exe
What is this HTMLScript-inf Infection?
-
You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
-
Asyn:
The false positive threat was listed under 'Notifications' but not in the Virus Vault.
I ran a Smart Scan and Malware Scan but no threats were detected.
I checked for Avast Updates but the latest ones were already installed.
I rebooted and opened the software again but it was not detected as a threat.
a) What is this Object threat and why wasn't anything placed in the Virus Vault?
b) Why did rebooting resolve the issue?
-
Wps.exe is my Kingsoft Writer (Word Processing Program) so why did Avast recognize it as a threat?
It did not
this is detected: Object: Http:\\cdn/adinall.com\js\ssp.\jsl (gZip) (Embedded)
-
It seems to be a false positive.
What is this specific Object threat and why wasn't anything placed in the Virus Vault?
-
What is that Object Path?
You tell me
Did you open a doc, does it containe that url
anyway the url is none working
a) What is this Object threat and why wasn't anything placed in the Virus Vault?
Did avast say blocked?
-
Like I already stated, I opened my word processing software (WPS Writer), it was detected as a 'Threat Blocked,' and listed in notifications but not in the virus vault.
A Smart Scan and Malware scan did not detect anything and the latest versions of Avast and WPS Writer are installed.
I opened and closed WPS 10 times and Avast blocked as a threat once.
-
HTML:Script-inf is a website infection, if avast say blocked then there will not be anything in the chest
-
Pondus:
The pop-up appeared when I opened my word processing software so I do not know about it being a website infection. I only have my Hotmail page and the Avast Forum pages open.
Does the fact that it was 'Blocked' mean that there is no infection on my system and nothing to be concerned about?
If so, why is WPS still being detected as a threat periodically?
-
Does the fact that it was 'Blocked' mean that there is no infection on my system and nothing to be concerned about?
Blocked means you slam the door in its face before it can enter
If so, why is WPS still being detected as a threat periodically?
With the same message?
-
Basically then, 'threat blocked' means that Avast did its job and there is no infection on my system-Correct?
The only webpages that are open are Hotmail and the Avast Forum but the threat blocked pop-up message did not appear on my browser-It was only appearing each time WPS was opened but it is not being displayed anymore
'If' the 'threat blocked' pop-up does keep appearing when opening WPS, what should I do?
-
Hi,
First of all, the correct URL is cdn.adinall[.]com/js/ssp.js. I cannot resolve the host, so I cannot check the file itself, but it seems strange that it loads resources from these two (blocked) URLs:
chushoushijian[.]cn
dsp.jiaju933[.]com
Are you sure this is correct behaviour?
-
HonzaZ-
To summarize: I opened my Word Processing Software (WPS) and the following pop-up appeared even before selecting a file that I created:
Object: Http:\\cdn/adinall.com\js\ssp.\jsl (gZip) (Embedded)
Infection: HTMLScript-inf
Process: C:\Users\User\AppData\Local\Kingsoft\WPSOffice\10.2.0.5820\Office6\wps.exe
A Smart Scan and Malware Scan did not detect anything, Avast and Avast and WPS are updated.
Follow-Up Questions:
a) 'If' a detected threat ever got into my system, what would the pop-up message state instead of 'Threat Blocked?'
b) Why did the VBS.Malware-gen infection in mid Feb (that affected all Avast users) and the IDP Generic infection (that I had in late Feb regarding the Gravis Dialer) get placed into the Virus Vault even though they were 'Blocked Threats' but this HTMLScript-inf infection, also a 'Blocked Threat,' was not placed in the Virus Vault?
-
A Smart Scan and Malware Scan did not detect anything...
That is because the malicious file was blocked while being downloaded to your PC. There is no malicious file in your PC.
a) 'If' a detected threat ever got into my system, what would the pop-up message state instead of 'Threat Blocked?'
I am not the master of GUITM, but the message would be similar. Only the object wouldn't start with "http" but with "C:/" or something similar.
b) Why did the VBS.Malware-gen infection in mid Feb (that affected all Avast users) and the IDP Generic infection (that I had in late Feb regarding the Gravis Dialer) get placed into the Virus Vault even though they were 'Blocked Threats' but this HTMLScript-inf infection, also a 'Blocked Threat,' was not placed in the Virus Vault?
Once again, these are different files:
- If you have a file on your PC, and we detect it (by any detection), it goes to vault so you do not lose it.
- If you try to download a file to your PC, and we detect it (by any detection), the download is interrupted and the "part of the file that was already downloaded" is deleted. We are assuming here that if it was downloaded, there is no reason to fear about "losing" the file, as it can be easily downloaded again.
-
HonZaz:
To Clarify:
a) What is HTMLScript-inf and why was it detected as a webpage threat when the pop-up appeared when opening my installed word processing program (the pop-up was not displayed on my browser?)
b) Since wps.exe 'is' a file on my computer and it was detected as a threat, why wasn't it placed in my Virus Vault?
c) Each time I open WPS, the 'Threat Block' message appears; Should I add it as an Exclusion? If so, how? If not, what step should I take?
d) In general, 'if' a detected threat ever got into my system, I understand that it would start with C:\ (not http') but what would the warning wording be instead of 'Threat Blocked?'
-
a) What is HTMLScript-inf and why was it detected as a webpage threat when the pop-up appeared when opening my installed word processing program (the pop-up was not displayed on my browser?)
This is because the "installed word processing program" tried to run JavaScript that was located on a server (specifically, cdn.adinall[.]com/js/ssp.js). Whether that is correct behaviour or not, I cannot say.
b) Since wps.exe 'is' a file on my computer and it was detected as a threat, why wasn't it placed in my Virus Vault?
wps.exe was not detected as a threat - the JS file it tried to download (cdn.adinall[.]com/js/ssp.js) was.
c) Each time I open WPS, the 'Threat Block' message appears; Should I add it as an Exclusion? If so, how? If not, what step should I take?
As I do not have the WPS, or the JS that is being blocked, it is impossible for me to say if it is a false positive (and we should alter the detections) or if it is a true positive (and it should remain blocked and you should contact your admin for further instructions).
d) In general, 'if' a detected threat ever got into my system, I understand that it would start with C:\ (not http') but what would the warning wording be instead of 'Threat Blocked?'
I think the message would be the same, but I am not skilled enough to tell for sure.
-
All I know is that WPS is the equiv of Microsoft Word, WPS is installed on my computer, and I have never had an issue opening documents before now.
a)To be clear, the Javascript file that WPS attempted to download, not Wps.exe itself, was a threat, and my computer is not infected because the threat was blocked-Correct?
b) If so, I still do not understand why Javascript has to be downloaded each time I open my Word Processing software.
c) Before yesterday (Wed), the 'Threat Blocked' message had not appeared but now it appears periodically when the software is opened-What would you suggest?
-
a)To be clear, the Javascript file that WPS attempted to download, not Wps.exe itself, was a threat, and my computer is not infected because the threat was blocked-Correct?
Correct.
b) If so, I still do not understand why Javascript has to be downloaded each time I open my Word Processing software.
Me neither. I am neither familiar with WPS, nor can I access the file it is trying to access.
c) Before yesterday (Wed), the 'Threat Blocked' message had not appeared but now it appears periodically when the software is opened-What would you suggest?
I would suggest calling your admin to ask why WPS is accessing cdn.adinall[.]com/js/ssp.js at all, and if that is normal, why there are 2 chinese URLs loaded from that JS.
-
Call what Admin!? I am at home using a personal computer.
WPS is a free packaged bundle of three individual WPS Writer (equiv of Microsoft Word), WPS Presentation (equiv of Powerpoint), and WPS Spreadsheet (equiv of Excel). I opened WPS Presentation and WPS Spreadsheet and the 'Threat Blocked' message appears.
-
maybe switch over to Libre office?
LibreOffice >> https://www.libreoffice.org/
-
I like WPS because it is small, compact, and the three programs service my needs.
I am emailing their technical support now and seeing what they can do about it.
Each time any of the three software programs are opened, the pop-up appears and it is displayed under 'Notifications.'
-
I like WPS because it is small, compact,
So is libre office
Video https://www.youtube.com/watch?v=S64aPmRPGTY
-
I am not sure why an Office clone should retrieve content from chinese domains, but I am not knowledgable enough about WPS to tell if it is really malicious or not. It is definitely very suspicious.
-
HonzaZ:
I 'might' install Libre Office but I would like to resolve the WPS/Avast conflict first because, up until last night, there was not an issue. The latest versions of Avast and WPS are installed.
I emailed officesupport@wps.com and will provide an update once I receive a response from them. Maybe HonzaZ wants to email them as well since he understands my issue and could probably provide a better description of this issue? :)
-To be clear about a detail, even though Avast is displaying a pop-up 'Threat Blocked' message each time WPS is opened, I can still access my individual files without any issues so what exactly is being 'blocked?'
-I wonder if uninstalling and reinstalling the software will resolve the conflict?
-
I am not sure why an Office clone should retrieve content from chinese domains, but I am not knowledgable enough about WPS to tell if it is really malicious or not. It is definitely very suspicious.
Well WPS office is made by Kingsoft that is Chinese
-
I can still access my individual files without any issues so what exactly is being 'blocked?'
on avast popup Object: xxxxxxxxxx is whats blocked
What is this HTMLScript-inf Infection?
https://www.im-infected.com/virus/htmlscript-inf.html
-
HonzaZ:
I 'might' install Libre Office but I would like to resolve the WPS/Avast conflict first because, up until last night, there was not an issue. The latest versions of Avast and WPS are installed.
I emailed officesupport@wps.com and will provide an update once I receive a response from them. Maybe HonzaZ wants to email them as well since he understands my issue and could probably provide a better description of this issue? :)
-To be clear about a detail, even though Avast is displaying a pop-up 'Threat Blocked' message each time WPS is opened, I can still access my individual files without any issues so what exactly is being 'blocked?'
-I wonder if uninstalling and reinstalling the software will resolve the conflict?
-
HonzaZ: Are you around to respond to my latest posting? :)
-
I 'might' install Libre Office but I would like to resolve the WPS/Avast conflict first because, up until last night, there was not an issue. The latest versions of Avast and WPS are installed.
That is another suspicious thing - why didn't it try to connect to those domains earlier than yesterday?
I emailed officesupport@wps.com and will provide an update once I receive a response from them. Maybe HonzaZ wants to email them as well since he understands my issue and could probably provide a better description of this issue? :)
I do not plan to, but feel free to quote my posts if you want to.
-To be clear about a detail, even though Avast is displaying a pop-up 'Threat Blocked' message each time WPS is opened, I can still access my individual files without any issues so what exactly is being 'blocked?'
Once again, a Javascript file at this location: cdn.adinall[.]com/js/ssp.js
-I wonder if uninstalling and reinstalling the software will resolve the conflict?
There is always a possibility, and you lose nothing by trying.
-
Does Avast, WPS, or both have to provide a patch/update in order to resolve this conflict?
Since the threat is blocked each time, is it safe to keep using WPS while waiting for their Tech Team to respond?
Is it odd that the path to WPS.exe is C:\Users and not either C\Program Files or C:\Program Filesx86 (Since I am using Windows 7 x64 and have both folders)?
-
Does Avast, WPS, or both have to provide a patch/update in order to resolve this conflict?
For us (Avast) to do anything, I need either the file, or at least a reason - why does it connect to (long time blocked) websites when it opens? why is the website normally not accessible?
Since the threat is blocked each time, is it safe to keep using WPS while waiting for their Tech Team to respond?
I personally wouldn't risk it. The fact that we block "something" doesn't mean there is "something else" that could be malicious and that we don't detect.
Is it odd that the path to WPS.exe is C:\Users and not either C\Program Files or C:\Program Filesx86 (Since I am using Windows 7 x64 and have both folders)?
No.
-
After reinstalling WPS, Avast again blocked it as a threat so I will uninstall it and install another Microsoft Office-type software and post an update shortly.
-
HonzaZ:
I installed Open Office (which contains the components that I want) and it works like a dream-When opened, Avast does not detect it as a 'Blocked Threat.'
-
In case you are interested
OpenOffice vs. LibreOffice: What’s the Difference and Which Should You Use?
https://www.howtogeek.com/187663/openoffice-vs.-libreoffice-whats-the-difference-and-which-should-you-use/
-
HonzaZ:
Thanks again for all of your support and expertise-If issues arise with Open Office and Avast conflicting, I will create add to this thread.
-
For your information, you can open a pdf file in the Chrome browser.
-
Thanks Bob but I do not use Google Chrome.
I would rather wait for HonzaZ's response.
-
For your information, you can open a pdf file in the Chrome browser.
Also Opera and Edge browser
-
Pondus:
Thanks for the advice but I would rather use a self-contained program, not a browser, to access PDF Files.
-
HonzaZ:
WPS Support responded this morning (Fri) stating that they were made aware of the issue today (Fri) and will contact Avast for more information and to ensure that their program is unblocked.
-Does that mean that Avast, WPS, or both have to provide a patch/update in order to resolve this conflict?
-If so, will you let me know once WPS Support (Kingsoft) has been in touch with Avast and found a resolution (patch/update/solution)?
In the meantime, I uninstalled OpenOffice because, although suitable for creating and viewing word documents, it does not allow imaged PDFs (that I have scanned and received from trusted sources) to be opened and viewed. WPS had PDF capability, which is one reason that I initially installed the software (along with word processing features), so I would prefer to reinstall WPS when a solution has been found.
-
Just to chip in as a user here, I am using WPS v10.2.0.5820 (latest) and I have no blocked alerts from Avast on the said scripts.
Did you download the office software from Kingsoft themselves?
-
AntiVirusASeT:
Thank you for posting a comment.
Did you install WPS Office 2013, 2016, or an individual piece of software (Writer, Spreadsheet, or Presentation) and when was it installed?
-
AntiVirusASeT:
Thank you for posting a comment.
Did you install WPS Office 2013, 2016, or an individual piece of software (Writer, Spreadsheet, or Presentation) and when was it installed?
He stated he's using the latest version.
-
AntiVirusASeT
Are you using WPS Office 2016 (or is there a newer version?) and what Operating System are you using?
-
Why aren't you answering his question as to where you downloaded the installation file from ???
-
Yes, I installed WPS Office 2016 directly from the Kingsoft website but apparently it is an older version: http://www.kingsoftstore.com/kingsoft-office-freeware.html
Where was Version 10.2.0.5820 downloaded from?
-
Yes, I installed WPS Office 2016 directly from the Kingsoft website but apparently it is an older version: http://www.kingsoftstore.com/kingsoft-office-freeware.html (http://www.kingsoftstore.com/kingsoft-office-freeware.html)
Where was Version 10.2.0.5820 downloaded from?
http://www.kingsoftstore.com/
-
No, the newest version is not listed on the left side of http://www.kingsoftstore.com/.
The latest version on that specific website is 10.1.0.5671, which is what I have installed.
How large is the Version 10.2.0.5820 download?-I cannot find any information on it.
-
From what I've found that is a beta version.
-
Filehippo >> http://filehippo.com/download_wps-office-2016-personal-edition/
-
The reason that WPS was conflicting with Avast is because an older free version (10.1.0.5671) was installed that I had downloaded from the Kingsoft Store website several months ago.
After AntiVirusASeT mentioned that the latest free version was 10.2.0.5820, I went back to the Kingsoft Store website but the latest version is not yet listed. I did a Google search and found it in another section of the Kingsoft website.
I installed version 10.2.0.5820 and it runs like a dream without Avast blocking it.
Thanks for everyone's support in resolving this issue.