Avast WEBforum
Other => Viruses and worms => Topic started by: solidsnake44 on July 03, 2011, 07:35:29 AM
-
Hello.
I use Avast 6 on my new PC (Yesterday was the first use). I install Avast 6. I wanted to update all my drivers and I went on XXX.pilotespc.com for my DVD recorder. But Avast showed an alert message which said: Avast has blocked ... . It was a Trojan.
The complete URL is hXXp://www.pilotespc.com/cstrack.js.
The threat is classified in HIGH and the threat is called JS:Kryptik-B [Trj].
Is it a false positive ?
If it's a virus, are you sure that my PC is clean and safe ?
-
If it's a virus, are you sure that my PC is clean and safe ?
Avast's WebShield has blocked the threat even before it entered your PC. Your PC is safe.
Is it a false positive ?
Generally avast is precise in catching such scripts on website. But, we may have to wait for someone to chime in if its a false positive.
But if you think its a false positive, you can report it here: http://www.avast.com/contact-form.php?loadStyles by selecting the appropriate subject and also putting a link to this topic in the message part.
-
only if u want to check ur pc
download malwarebytes from here:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
do a update and perform full scan and remove wht it finds.
try norton power eraser download link:
http://us.norton.com/support/DIY/index.jsp
also try this:
ownload AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront-1.jpg)
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
now remove whatever it finds.
[/quote]
(http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/)
-
I don't see any reason for a scan with the all the scanners out there since it is a webscript that has been detected and blocked.
-
Thank you. I'm delighted.
I check up with antivir and malwarebytes. No anomaly. I check with active scan today.
I wait for a reply from a member who has the same problem to know if it is a false positive.
Thank you again and sorry for my english (I'm french :) )
-
Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks. Just a matter of course...
This looks like it may be a genuine detection, the js file has a script in it which uses an array to generate an image. At least that is what results from analysis from malzilla
avast isn't the only one either:
http://www.virustotal.com/file-scan/report.html?id=d79ad53a0a608daa27a1eb29ef798ee01f1a16743c2d15275a551e89ecd6f53e-1309686657
by the way, your english is fine :)
-
It's Ok, I changed the link.
So for you it's an image which is loading and avast blocked it for security ?
I don't know the term Genuine. What is it ? And "JS" is for Javascript ?
And thank you for your help and for my english :)
-
Hello,
spg SCOTT can you help me again please, to know if I have understood. Because I'm not sure of my translation.
-
Bonjour solidsnake44
Vous prouver poser votre question dans la zone français de avst international
http://forum.avast.com/index.php?board=23.0
Autrement vous prouvez essayer un autre site de Drivers
http://www.touslesdrivers.com/index.php?v_page=30&v_forum=0
Translation English
Hello solidsnake44
You to prove to put your question in the French zone of avst international
http://forum.avast.com/index.php?board=23.0
Otherwise you prove to test another site of Drivers
http://www.touslesdrivers.com/index.php?v_page=30&v_forum=0
-
Apologies, I missed this topic.
As far as I can tell, that javascript file doesn't seem to exist anymore. I get a 404 (not found) error on it. Do you still get alerts?
It's Ok, I changed the link.
Thanks, but there is still an active one though ;)
So for you it's an image which is loading and avast blocked it for security ?
Well, not quite. It is an image link, but it seems to point to an actual page...
I don't know the term Genuine. What is it ?
In this case, by genuine detection, I meant correct. So the detection is correct.
Genuine, generally means real/authentic :)
And "JS" is for Javascript ?
Yes.
And thank you for your help and for my english :)
No Problem, welcome to the forum :)
Scott
-
Hi solidsnake44,
spg SCOTT did a thorough script analysis there. I have to add that the site also has vulnerabilities because of the Web apllications used are not fully up to date and exploitable.
Wordpress version: Wordpress
Wordpress version from source: 3.0.1
Wordpress Version > 2.9 for: -http://www.pilotespc.com/wp-includes/js/wp-ajax-response.js
Wordpress Version == 3.0.x for: -http://www.pilotespc.com/wp-includes/js/autosave.js
Wordpress directory: -http://www.pilotespc.com/wp-content
Wordpress theme: -http://www.pilotespc.com/wp-content/themes/universum/
Wordpress internal path: -/home/pilotesp/public_html/wp-content/themes/universum/index.php *
Wordpress internal path: -/home/pilotesp/public_html/wp-content/themes/default/index.php *
* vulnerable
This must have created the road in for the malcode. Well for the script links "cufon-yui.js" is exploitable as well and could also lead to malcode in the form of trojan backdoors,
polonus
-
Thank you all for you help.
Bonjour Jeepava. Merci du conseil. Je pensais que c'était ce site là http://forum.avast.com/fr/index.php le forum français de Avast.
Merci pour les drivers. Je connais mais je ne trouvais pas le driver pour lecteur DVD, du coup je suis allé voir ailleurs, mais malheureusement le site était à priori infecté.
Hello and Thank you spg SCOTT. I try again and I have the same message from Avast which he blocks the site but the page loads.
Sorry I forgot the other link. I changed it.
Ok But it's strange that only Avast finds the Trj and no paying security like Nod32,Kaspersky,Bitdefender...
http://www.virustotal.com/file-scan/report.html?id=d79ad53a0a608daa27a1eb29ef798ee01f1a16743c2d15275a551e89ecd6f53e-1309686657
Gdata, I think, has the same data base that avast.
Hello polonus. Thank you for the explanation.
-
Bonjour solidsnake44
Il y a deux forums
Le forum français de Avast international
http://forum.avast.com/index.php?board=23.0
Le forum crée par un québécois français
http://forum.avast.com/fr/index.php
Driver de lecteur DVD
Pouvez vous mettre :
la marque de l'ordinateur et la référence
la marque du DVD et la référence
Je ferais une recherche
Translation English
Hello solidsnake44
There are two forums
The French forum of international
Avast http://forum.avast.com/index.php?board=23.0
The forum creates by a French inhabitant of Quebec
http://forum.avast.com/fr/index.php
Driver of reader DVD
Can you put:
the mark of the computer and the reference
the mark of the DVD and the reference
I would make a research
-
D'accord, merci pour l'info.
J'ai trouvé le driver mais après avoir "visité" le site infecté hélas. Merci de votre proposition en tout cas, c'est très gentil.
C'est un SAMSUNG Sh-S223C pour information.
Translation:
Thank you for the information.
I have found the driver after visited the infected web site. Thank's for you help.
-
Voila se que j'ai trouver
SAMSUNG Sh-S223C
Ces pas pilote ni driver mais Firmware
WORLD WIDE
http://www.samsungodd.com/eng/Firmware/FWDownload/FWDownload.asp
PRODUCT MODEL OEM
DVD-Writer Half Height SH-S223C SB
Code FirmWare Ver.
Firmware Version SB07 Date 06 07 2011
http://www.samsungodd.com/eng/Firmware/FWDownload/FWDownload.asp?FunctionValue=view&no=733&SearchWord=&SearchMode=&PageNumber=1&product_code=&os_no=
téléchargement
http://www.samsungodd.com/korLib/popup/Download.asp?path=FWDownload&fname=SH-S223C_SB07.exe
Sa pourra servir en qu'a de mise à jour
Translation English
Here are that I have to find
SAMSUNG Sh-S223C
These steps control nor driver but Firmware
WORLD WIDE
http://www.samsungodd.com/eng/Firmware/FWDownload/FWDownload.asp
PRODUCT MODEL OEM
DVD-Writer Half Height SH-S223C SB
Code FirmWare Ver.
Firmware Version SB07 Date 06 07 2011
http://www.samsungodd.com/eng/Firmware/FWDownload/FWDownload.asp?FunctionValue=view&no=733&SearchWord=&SearchMode=&PageNumber=1&product_code=&os_no=
download
http://www.samsungodd.com/korLib/popup/Download.asp?path=FWDownload&fname=SH-S223C_SB07.exe
Its could be useful in that has of update
-
Merci beaucoup.
Que penses-tu du fait que les anti virus payants ne détectent pas le problème d'après virustotal ?