Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gabrielcoronel on May 07, 2012, 02:24:31 PM
-
Hola
Las ultimas definiciones me indican virus (TML:Framer-D [Trj]) en archivos de imagenes.
pero estoy seguro que estos archivos no tienen virus, pues comprove con una copia historica en otra PC i son identicos.
que opinan?
-
Please post in english or ask your question in the spanish forum section http://forum.avast.com/index.php?board=25.0
-
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
-
OK
Gracias
thanks
-
Given that there is a 23/40 detection rate in the other topic you were asked to create, http://forum.avast.com/index.php?topic=98115.0 (http://forum.avast.com/index.php?topic=98115.0), I rather doubt it is a false positive.
It wouldn't hurt to send it for further analysis, but given the VT results, it is more likely it is a good detection, why do you feel it is an FP ?
Though it would have been good to post the URL for the VirusTotal results page so we can see what other scanners detect it as.
-
I already asked for the VT URL result and which Avast! shield or scan detected the files.
http://forum.avast.com/index.php?topic=98115.0
-
Yes, they all seem to be detecting the same type of thing iframe malware within the jpg; so it 'seems overwhelming' that the detection is good given so many detections mostly relating to iframe and or redirection.
Also since there are quite a lot in the list of detections in his image of the avast scan results, is a bit strange.
I have checked out the page link given in the other topic and avast alerts on the 3804.jpg (image1) and that is mist certainly infected (image2, shows the inserted iframe and script tags at the end of the file), these certainly shouldn't be in a ,jpg file.
The VT results on that 3804.jpg (captured via avasts proxy) shows a high detection rate 21/41, https://www.virustotal.com/file/9a643d101d5f60cf14f20e8ae9a20e0981e7ddbca3c8688ebc45ed78fedf4e8b/analysis/1336405692/ (https://www.virustotal.com/file/9a643d101d5f60cf14f20e8ae9a20e0981e7ddbca3c8688ebc45ed78fedf4e8b/analysis/1336405692/).
So it looks very like this site has been hacked and that code may well be in many or all of the jpg files on the site.
-
I already informed him of the fact that it is hardly a F/P. Also gave him information passed to me that the web site seems a bit shady. He told me that he is the coauthor of the site and it could not be. I told him to report it to Avast! virus lab and let them decide.
Thanks DavidR.
-
You're welcome.
Yes, the proof is in the content of the .jpg that I captured and examined and (even if not totally malicious, but I can't see that), as far as I'm concerned there really is no legitimate reason to put iframe and script tags embedded into a jpg file. This no doubt is the feeling of the 21 scanners.
So the co-author needs to remove that code if placed there by him or other author, if not then the site has been hacked and the iframe and script tags inserted into the .jpg/s.
-
..... if not then the site has been hacked and the iframe and script tags inserted into the .jpg/s.
That is what Populous told him when explaining why Avast! was detecting the images.
http://forum.avast.com/index.php?topic=98115.msg782386#msg782386