Avast WEBforum
Other => Viruses and worms => Topic started by: street_lethal on December 03, 2008, 04:29:32 AM
-
Went to a coupon site for my GF on her laptop using Firefox and Avast blocked it. Reloaded the site and Avast didn't pop up with anything the second time, I left the site. Any info on this?
-
Could you give us the link to the site please? but de-activate it by replacing "http" with "hxxp"
thank you
-Justin
-
Don't remember what site it was. I'll have to check the logs this week if she brings her laptop back over. I did run a few scans before she left with different scanners and picked up nothing.
-
It's possible that detection was related to banner rotation on that site. Happened first time with specific loaded banner, but did not happen second time because something else was loaded as banner second time.
-
It's similar what this guy posted on this forum he got the same complaint from Avast. I did a search for Avast JS:Packed T [trj] on Google and found this.
http://www.curse.com/forums/t/69161.aspx
This is what he posted:
"I was looking at GridManaBars when Avast popped up a virus, 3 times. Twice on the addon's page, and once on the download page. I just viewed the page again, but nothing there.
Here's Avast's log.
12/2/2008 7:11:31 PM SYSTEM 1132 Sign of "JS:Packed-T [trj]" has been found in "hxxp://76.74.154.110/zv00108/pdf.php?id=9702&vis=1" file.
12/2/2008 7:11:31 PM SYSTEM 1132 Sign of "JS:Packed-T [trj]" has been found in "hxxp://76.74.154.110/zv00108/pdf.php?id=9702" file.
12/2/2008 7:11:50 PM SYSTEM 1132 Sign of "JS:Packed-T [trj]" has been found in "hxxp://76.74.154.110/zv00108/pdf.php?id=9702&vis=1" file. "
Url looks similar from what I recall, it's traced back to valuepromo.net. Ad banners I assume?
-
nm
-
Getting 404. JS:Packed-T are hidden inside PDF files and hide scripts which exploit Acrobat. It's really loose detection, so we did expect some falses, but right now, we don't have any samples.