Avast WEBforum
Other => Viruses and worms => Topic started by: scotthabs on June 20, 2012, 06:47:40 PM
-
Hi. Whenever I try to access the forums at notebookreview.com, Avast blocks my access and reports that there is a HTML:Script-inf infection. Can anyone else replicate this, and answer if it's a false positive or not?
Thanks.
-
Detetion seems alright!
some sort of script tag leading to suspicious website jscriptss.com/gate.php?a=364 is detected
not sure on the redirected site..
jscriptss.com/gate.php?a=364 benign
[nothing detected] jscriptss.com/gate.php?a=364
status: (referer=http:/twitter.com/trends/)saved 311 bytes ff8c79fb0eb1230786a8a607b988f4cba4729f70
info: [decodingLevel=0] found JavaScript
error: undefined function location[_0x3bb1[4]]
error: undefined variable _0x3bb1
file: ff8c79fb0eb1230786a8a607b988f4cba4729f70: 311 bytes
U can report a FP here www.avast.com/contacts
-
Reported to virus analysts to check.
-
It was confirmed to be a good detection by one of the virus labs team (in another topic), Milos I believe.
-
ive sent a report to support.
heres my thread most probably posted in wrong sub forum DOH! http://forum.avast.com/index.php?topic=99863.0
> DavidR
when you say it was confirmed to be a good detection do you mean harmful or not. 3 independant scans done by the forum moderators all came back clean.
can i post the links?
edit:
problem solved. just posted on nbr. if you go to the main page of nbr and scrool all the way to the bottom and change dropdown box to default v-bulletin it stops the popup.
-
Hmm. Still doesn't answer what/why avast is detecting at the site...
-
true but at least it stops the annoying popups until support get back to me.
-
The detection is correct there is a script tag on the site leading to jscriptss.com/gate.php?a=364 which is malicious..so its correctly blocked...contact webmaster and ask him to remove script tag from his site
-
The url involved is fairly random, the file name is identical between the requests, occuring back to back.
Example /gate.php
This leaves analysts with virtually very little to base a signature on.
Common factor for all flagged sites is that all have outdated versions of the vBulletin software, e.g. 4.0.2,
templates could have been infected,
polonus