Avast WEBforum
Other => Viruses and worms => Topic started by: 12-es_csaj on February 09, 2011, 08:01:28 PM
-
INF:AutoRun-BJ [Wrm] on hxxp://prohardver.hu/tema/avg_antivirus_2/friss.html
-
INF:AutoRun-BJ [Wrm] on hxxp://prohardver.hu/tema/avg_antivirus_2/friss.html
http://www.unmaskparasites.com/security-report/?page=http%3A//prohardver.hu/tema/avg_antivirus_2/friss.html
http://www.virustotal.com/url-scan/report.html?id=80a26c0b415c0698a1b328df3adb29e9-1297275292
FP :(
-
INF:AutoRun-BJ [Wrm] on hxxp://prohardver.hu/tema/avg_antivirus_2/friss.html
What are you trying to do in visiting this URL ?
Whilst it is only avast and gdata alerting on this page it might well be an FP.
But it is a strange malware name to be detected on a web page, it is this bit that makes me ask the first question (/avg_antivirus_2/). If you happened to be trying to run an on-line virus scan it may be detecting something to autorun that scan.
-
What are you trying to do in visiting this URL ?
Whilst it is only avast and gdata alerting on this page it might well be an FP.
But it is a strange malware name to be detected on a web page, it is this bit that makes me ask the first question (/avg_antivirus_2/). If you happened to be trying to run an on-line virus scan it may be detecting something to autorun that scan.
No, it's a Hungarian PC forum, and I tried to visit the AVG topic, but I failed.
I already saw the VPS history, and this worm is in the database for several days.
Since that, a member answered on that forum's antivirus topic. There is an autorun.inf malware code "printed" on one of the posts, and avast! alerts because of this.
Sorry for my bad English.
-
Actually, not quite a FP...
The page has a script posted in plaintext, which will exist in the source code, hence avast detects it.
This is why I, and others post scripts in image form, as this will happen. First image is the actual page, second is the source code, where it exists. avast! alerts on that code when isolated.
EDIT: http://www.virustotal.com/file-scan/report.html?id=95fffb050f4eb6695fc419c3a85910e48f59528fb92822fa70b4c96b75373a15-1297280530
The isolated script, sent to VT
-
Moderators deleted the problematic post.
So, this wasn't FP.
And now, it is solved