Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on July 10, 2018, 12:49:56 PM
-
Good morning,
After running an anti-virus scan yesterday, Avast picked up this possible threat HTML:Paypal-B [Phish] see link below for more.
I'm not sure if it's a real threat, or a False Positive?
Using the search facility above others have found this to be a False Positive in the past, although their issues were not the same as mine, they didn't pick this threat up from an A/Virus scan.
If I "Send for Analysis" will I hear back?
Also if I send it for analysis will I be sending a copy of this file or the actual file?
https://postimg.cc/image/4x4bjz9kb/
Any advice or help would be appreciated.
-
your link does not work. attach screenshots here, see below the box you write in here > Attachments and other options
at what location was it found ... full file path
If I "Send for Analysis" will I hear back?
Usually only for false positive requests
Also if I send it for analysis will I be sending a copy of this file or the actual file?
Copy
-
The link worked for me.
-
Paypal security is not optimal to say the least, see from these scan results: https://www.htbridge.com/websec/?id=ekedIL6b
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: X-PP-SILOVER
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing Secure flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: AKDC
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
Not-secured connection- htxps://23.194.182.174/ with PHISHING threat... (no third party tracking seen?).
Whenever the site is brought up as a fake phish from inside a mail-link, avast may detect HTML:Paypal-B [Phish].
polonus
-
your link does not work. attach screenshots here, see below the box you write in here > Attachments and other options
at what location was it found ... full file path
If I "Send for Analysis" will I hear back?
Usually only for false positive requests
Also if I send it for analysis will I be sending a copy of this file or the actual file?
Copy
Pondus,
I'm sorry the link didn't work for you, although it worked for DavidR, rather strange. I did try posting a screenshot yesterday, but for some reason or other I could only get a link to work, or not as the case may be ;)
I'll have another go to show the location:-
(http://i68.tinypic.com/106zzuq.jpg)
Rather odd that, it worked first time today!
The red bits if you're wondering are just covering my name which I added.
Paypal security is not optimal to say the least, see from these scan results: https://www.htbridge.com/websec/?id=ekedIL6b
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: X-PP-SILOVER
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing Secure flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: AKDC
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
Not-secured connection- htxps://23.194.182.174/ with PHISHING threat... (no third party tracking seen?).
Whenever the site is brought up as a fake phish from inside a mail-link, avast may detect HTML:Paypal-B [Phish].
polonus
Polonus,
I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?
Thanks to all who replied.
-
I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?
Only avast lab can answer that
-
I'm assuming by that it may not necessarily be a False Positive, but possibly a potential threat, so good to have it removed ?
Only avast lab can answer that
Pondus,
Your probably right.
I let VirusTotal scan the file, only 2 out of 59 detected a problem, Avast and AVG. I believe Avast and AVG are now one IIRC.
(http://i67.tinypic.com/nh1ftj.jpg)
(http://i67.tinypic.com/2lvo00w.jpg)
(http://i66.tinypic.com/2rrwejd.jpg)
(http://i63.tinypic.com/2zhjpy0.jpg)
If I send it for analysis do I send it as Potential Malware or a False Positive?
-
Hello,
use https://www.avast.com/false-positive-file-form.php
Milos
-
Hello,
use https://www.avast.com/false-positive-file-form.php
Milos
Thank you for the link, now sent to Avast.
-
Update.
I heard back from Avast on the 16th July 2018 which I though was quite quick. Their reply is below in Blue text.
I didn't post up here a day or so later as Avast A/V was still detecting it as a threat. Now however Avast A/V doesn't detect any problem with it.
It's good to know it was a False Positive.
Many thanks to Avast for checking this out and updating your database.
Hello,
Thank you for reporting this false positive.
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
For future reference you might also find the following article to be useful: Avast Clean Guidelines.
Best regards,
Avast Customer Care