« previous next »
Pages: [1]   Go Down

Author Topic: False Positive?  (Read 2953 times)

0 Members and 1 Guest are viewing this topic.

toormore

  • Guest
False Positive?
« on: June 05, 2009, 09:51:08 AM »
Hi

I know this issue has been mentioned before on the forum but I didn't get a solution to my particular problem.
On a few of the sites that I am working with I am getting an Avast virus alert saying that a virus has been detected. I have contacted my host company and they suggest that this is a "false positive". The problem is I am continuing to receive the same messasge.
I am not sure what actions to take?

Regards

Toormore

Sign of "JS:Cruzer-C [Trj]" has been found in "hXXp://ruralresilience.com/wp-admin/css/dashboard.css?ver=20081210" file.  
Sign of "JS:Cruzer-C [Trj]" has been found in "hXXp://ruralresilience.com/wp-admin/admin.php?page=wp-gbcf/wp-gbcf_form.php" file.  
Sign of "JS:Cruzer-C [Trj]" has been found in "hXXp://www.housedesignonline.com/wp-admin/favicon.ico" file.  
Sign of "JS:Cruzer-C [Trj]" has been found in "hXXp://www.ruralresilience.com/" file.  
Logged

cinchez

  • Guest
Re: False Positive?
« Reply #1 on: June 05, 2009, 10:20:58 AM »
Generally, avast! is really accurate in these cases^^

Pls wait for avast! evangelists for further analysis of the sites u mentioned^^

-AnimeLover^^
Logged

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1777
  • Thinking with Portals
Re: False Positive?
« Reply #2 on: June 05, 2009, 11:19:23 AM »
The said links have been detected by Link Scanner to be a form of:

Infection:          JavaScript Obfuscation (type 501)]
Detail:               Exploit: Javascript Obfuscation [This web site has JavaScript that has been used to obfuscate known exploit techniques.]
Risk Category:   Exploit
Description:      XPL's Intelligence Network has detected an exploit. An exploit is a piece of malware code that takes advantage of a vulnerability in a
                      software application, usually the operating system or a web browser to infect a computer. Exploits usually target a computer by means
                      of a drive-by download – the user has no idea that a download has even taken place. XPL recommends not visiting this web site
                      regardless if your computer has been patched for the vulnerability.

-= Though avast did not trigger me of any threats..
« Last Edit: June 05, 2009, 11:34:06 AM by -= Fenrir =- »
Logged
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

kubecj

  • Guest
Re: False Positive?
« Reply #3 on: June 05, 2009, 02:32:50 PM »
We've encountered this multiple times.
could you please do such a test:
a) download all files from the web using FTP (must not use http)
b) compare them to the original files on your computer.

Check the differences. This looks like if there's some randomizer sending the infections on random.

One more thing - you need to check all them .htaccess files and also modified error message pages (not only 404 page).
« Last Edit: June 05, 2009, 02:44:49 PM by kubecj »
Logged
Pages: [1]   Go Up
« previous next »