Avast WEBforum

Other => Viruses and worms => Topic started by: scotthabs on June 20, 2012, 06:47:40 PM

Title: Malware Detected at Notebook Review forums?
Post by: scotthabs on June 20, 2012, 06:47:40 PM

Hi. Whenever I try to access the forums at notebookreview.com, Avast blocks my access and reports that there is a HTML:Script-inf infection. Can anyone else replicate this, and answer if it's a false positive or not?
Thanks.

Title: Re: Malware Detected at Notebook Review forums?
Post by: true indian on June 20, 2012, 07:05:29 PM

Detetion seems alright!
some sort of script tag leading to suspicious website jscriptss.com/gate.php?a=364  is detected

not sure on the redirected site..

jscriptss.com/gate.php?a=364 benign
[nothing detected] jscriptss.com/gate.php?a=364
     status: (referer=http:/twitter.com/trends/)saved 311 bytes ff8c79fb0eb1230786a8a607b988f4cba4729f70
     info: [decodingLevel=0] found JavaScript
     error: undefined function location[_0x3bb1[4]]
     error: undefined variable _0x3bb1
     file: ff8c79fb0eb1230786a8a607b988f4cba4729f70: 311 bytes

U can report a FP here www.avast.com/contacts

Title: Re: Malware Detected at Notebook Review forums?
Post by: Lisandro on June 20, 2012, 07:12:20 PM

Reported to virus analysts to check.

Title: Re: Malware Detected at Notebook Review forums?
Post by: DavidR on June 20, 2012, 07:45:43 PM

It was confirmed to be a good detection by one of the virus labs team (in another topic), Milos I believe.

Title: Re: Malware Detected at Notebook Review forums?
Post by: MrDJ on June 20, 2012, 08:03:36 PM

ive sent a report to support.

heres my thread most probably posted in wrong sub forum DOH! http://forum.avast.com/index.php?topic=99863.0

> DavidR
when you say it was confirmed to be a good detection do you mean harmful or not. 3 independant scans done by the forum moderators all came back clean.
 can i post the links?


edit:

problem solved. just posted on nbr. if you go to the main page of nbr and scrool all the way to the bottom and change dropdown box to default v-bulletin it stops the popup.

Title: Re: Malware Detected at Notebook Review forums?
Post by: scotthabs on June 20, 2012, 08:22:27 PM

Hmm. Still doesn't answer what/why avast is detecting at the site...

Title: Re: Malware Detected at Notebook Review forums?
Post by: MrDJ on June 20, 2012, 08:31:05 PM

true but at least it stops the annoying popups until support get back to me.

Title: Re: Malware Detected at Notebook Review forums?
Post by: true indian on June 21, 2012, 08:03:02 AM

The detection is correct there is a script tag on the site leading to  jscriptss.com/gate.php?a=364 which is malicious..so its correctly blocked...contact webmaster and ask him to remove script tag from his site

Title: Re: Malware Detected at Notebook Review forums?
Post by: polonus on June 21, 2012, 09:24:03 AM

The url involved is fairly random, the file name is identical between the requests, occuring back to back.
Example /gate.php
This leaves analysts with virtually very little to base  a signature on.
Common factor for all flagged sites is that all have outdated versions of the vBulletin software, e.g. 4.0.2,
templates could have been infected,

polonus