Author Topic: Web Shield FP? -> Solved (Read 1942 times)

mbrowne · « **on:** July 30, 2014, 10:45:41 PM »

Avast Free v8 Web Shield has recently begun alerting on www.sweetmarias.com with:

7/30/2014 1:14:43 PM http://www.sweetmarias.com/store/|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)

I've run the page through Securi SiteCheck and virustotal and it comes up clean. Defs version 140729-0

Thanks for any help.

Eddy · « **Reply #1 on:** July 30, 2014, 10:47:04 PM »

You are using a real old avast version.
Update to the newest one then check again.

Pondus · « **Reply #2 on:** July 30, 2014, 11:06:35 PM »

VirusTotal
https://www.virustotal.com/en/file/c1a15a37b443daf5c546cb11edf0b452b69138d9d87e181788120ca736c5c6bd/analysis/1406754318/

Tondah · « **Reply #3 on:** July 31, 2014, 10:03:13 AM »

Hello, there is javascript function called "timedCount()" that does not seems too legit.
This function collects informations from shipping/registration form and send them to internet every 40 miliseconds.

mbrowne · « **Reply #4 on:** July 31, 2014, 06:52:53 PM »

Quote from: Tondah on July 31, 2014, 10:03:13 AM

Hello, there is javascript function called "timedCount()" that does not seems too legit.
This function collects informations from shipping/registration form and send them to internet every 40 miliseconds.

Thanks for checking that. When I made the site owner aware of the alert 2 days ago, he said he was referring it to his "IT guy."

And I'm still getting the alert after updating to Avast v9.

mbrowne · « **Reply #5 on:** August 02, 2014, 07:38:08 PM »

Thanks for the help Tondah. The site has been fixed and the owner tight-lipped as to whether is was sloppy code or injection. Nothing but Avast found it.

Author Topic: Web Shield FP? -> Solved (Read 1942 times)

mbrowne

Web Shield FP? -> Solved

Eddy

Re: Web Shield FP?

Pondus

Re: Web Shield FP?

Tondah

Re: Web Shield FP?

mbrowne

Re: Web Shield FP?

mbrowne

Re: Web Shield FP?