Avast WEBforum
Other => Viruses and worms => Topic started by: Flopy on March 17, 2008, 07:45:39 PM
-
Hi,
Thank you for your very good antivirus!!!
I've a problem: if I go to grc.com, avast detect a trojan in the home page!!
The trojan is: http://www.grc.com/iframe.htm\unp195131448 (HTML:RogueIframe [trj])
Is this right???
Thank you
-
Please, do not post live links to malware or false positives.
Can you edit the link (adding spaces into its name)? Thanks.
Dr. Web shows www.grc.com as being clean... but I couldn't scan the iframe.htm page itself.
-
I am getting a similar warning when I visit www.chase.com and after trying www.grc.com.
HTML: RogueIFrame (trj)
I only get the warning on the Windows XP pro machines. The SBS2003 Server and the Vista clients do not get any warning.
-
I've also experienced the same warning. I tried to open the forum on the grc.com site but I get the same trojan warning again.
-
The iframe.htm page is called from the iframe tag (see code below) in the grc.com\intro.htm page, I thought that DrWeb was now scanning deeper.
<iframe id="zerosize" src="/iframe.htm" scrolling="no"></iframe>
The above doesn't seem very dangerous, however the code in the iframe page, has yet another iframe tag and that calls another page, http :// www . grctech.com/_c5mctohclsuvh_/iframe1.htm. So this circular calling may be suspicious. Note the total content of the called pages is just an iframe tag. To all intents and purposes they appear benign, but I gave up after the 4th page, but I can imagine it goes on for some time. Why is the 64,000 dollar question.
<iframe src="http://www.grctech.com/_c5mctohclsuvh_/iframe1.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>
Which calls yet another page from an iframe tag
<iframe src="http://www.grc.com/iframe2.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>
Which calls yet another page from an iframe tag
<iframe src="http://www.grctech.com/_3mg42bcq3evok_/iframe3.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>
This page call seems to end the cycle as the only code on the called page is:
<html></html>
I don't know what is going on but it is strange to say the least, but appears benign.
-
yes i am too getting this warning from avast webshield.
I am used to test sometimes my ports but never before i got this warning.
Tevion
-
You can still submit a false positive email to virus @ avast . com (without the spaces) and obviously no file to attach. Give the URL and malware name and a link to this topic so they can get more information.
-
Same virus alert when visiting:
http://www.autotrader.co.uk
-
You can still submit a false positive email to virus @ avast . com (without the spaces) and obviously no file to attach. Give the URL and malware name and a link to this topic so they can get more information.
thanks DavidR, just done.
-
got the same warning from going to grc.com and never did before......
(http://i27.tinypic.com/mszzgw.gif)
-
FP. Please update, it should be gone.
-
just did and it's still giving the warning ???
(http://i25.tinypic.com/sqii3n.jpg)
-
Hi Dan,
You heard it from the man, you are vulnerable to a False Positive,
Damian
P.S. Click pic for animation
-
thanks kubecj :)
and isn't that so cute damian 8)
click on box to see my animation ;)
-
FP. Please update, it should be gone.
No VPS update available, 080317-0 is current and still getting the alerts.
-
(current version 080317-0) same here davidr my friend ;)
-
(current version 080318-0) and going to grc.com is fine now...thank you!!
-
Both Chase and GRC.com are fine for us aswell, Thanks!