Author Topic: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js  (Read 31480 times)

0 Members and 1 Guest are viewing this topic.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #30 on: January 04, 2013, 12:26:51 AM »
GET Request with Firefox 17.0.1 returns a benign 0/46 here: https://www.virustotal.com/file/147683625bd70ea7029186e4b71a622c8e4f851fd2a3941dd115a2bdddd91259/analysis/1357254590/

Installed DoNotTrackMe on Chrome as Jonny788 suggested, the warning somehow stopped for particular reason. Tested multiple times and it seems to be the perfect solution for now.
It is only natural that "DoNotTrackMe" will prevent the alert, as "Real User Monitoring" is a form of tracking.

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline mehuge

  • Newbie
  • *
  • Posts: 6
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #31 on: January 04, 2013, 12:27:51 AM »
could you attach a screenshot of the avast warning popup...



More Details

I should have mentioned, the following additional details:-

I am using:

Google Chrome   23.0.1271.97 (Official Build 171054) m
OS   Windows
WebKit   537.11 (@136278)
JavaScript   V8 3.13.7.5

Avast 7.0.1474
virus definitions 130103-1

...

As micahwedemeyer has pointed out, its part of the newrelic api for performance monitoring a website.  Hence why its popping up on numerous unrelated websites I guess.

I could access the JS code directly via https variant of the URI and avast does not alert, but accessing the http variant it does, which is a bit odd.  Also it doesn't matter which version? (the /42/ part of the URI) I access, I can change it to a different number, and for the http version avast will alert, for the https version it wont.  The code is identical in both cases.
« Last Edit: January 04, 2013, 12:39:50 AM by mehuge »

Offline dreamspinner3

  • Newbie
  • *
  • Posts: 10
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #32 on: January 04, 2013, 12:29:04 AM »
I updated my AdBlock list on both Chrome & Firefox and it stopped happening if I use Chrome but it still pops up with the warning if I use Firefox on http://www.captureminnesota.com/.

Kim

Offline zebop56

  • Newbie
  • *
  • Posts: 2
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #33 on: January 04, 2013, 12:46:29 AM »
Getting the same error on my PC using Firefox or IE. 

Infection Details
URL:   hXXtp://d1ros97qkrwjf5.cloudfront.net/42/...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   URL:Mal


Offline mike406

  • Jr. Member
  • **
  • Posts: 23
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #34 on: January 04, 2013, 12:48:12 AM »
This script is also present on various wikis on http://www.wikia.com/Wikia

Offline tonyantonio

  • Newbie
  • *
  • Posts: 3
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #35 on: January 04, 2013, 01:26:24 AM »
Guys whenever I go to kongerate a well respected website for games, I get the warning EVERY TIME no jokes, you can test it too, just go to it and you will get it for some reason, never had this happen before

Offline whetzelmomma

  • Newbie
  • *
  • Posts: 5
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #36 on: January 04, 2013, 02:16:37 AM »
Frustrating that no one from Avast is addressing this formally... I don't want to make it stop for MY computer, I want it to stop for any of my visitors that come and get this seemingly bogus warning!!

Offline poppie1234

  • Newbie
  • *
  • Posts: 12
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #37 on: January 04, 2013, 08:36:55 AM »
Still getting the same pop up this morning  :(

Wish someone from Avast would sort this out  >:(

Offline pbishop2010

  • Newbie
  • *
  • Posts: 1
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #38 on: January 04, 2013, 08:38:42 AM »
I too have gotten this infection pop up when i visited a trusted site. Avast get on the roll and DO SOMETHING!!!!!!!!!!!! Tell us wth this script is, whether it is a virus or a false pos.... But fix it, come on this is nuts.  >:(

Offline zebop56

  • Newbie
  • *
  • Posts: 2
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #39 on: January 04, 2013, 09:16:16 AM »
Well, I'm going to uninstall Avast on my laptop and try another anti-virus program for now. 

Maybe someone at Avast will take notice of this and extend the courtesy of an update.    >:(
 

Offline poppie1234

  • Newbie
  • *
  • Posts: 12
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #40 on: January 04, 2013, 11:18:53 AM »
If you google the URL avast is blocking there are now loads of references to it. I am still getting the pop up  >:(

Can't believe Avast haven't been on here to let us know whats going on. If they don't do something soon i am going to uninstall Avast and install a different anti-virus.

Offline Bowdon

  • Jr. Member
  • **
  • Posts: 73
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #41 on: January 04, 2013, 11:26:57 AM »
I updated the fanboy list on adblock plus and its not appearing on the daily mail website. I'm surprised this hasnt been corrected in the latest avast update.

Also because its not a virus is it safe to just ignore the warning, until the situation is cleared up?

Offline poppie1234

  • Newbie
  • *
  • Posts: 12
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #42 on: January 04, 2013, 11:29:19 AM »
I am too hoping it's safe to just ignore the warning as that i exactly what i have been doing.  :-\

Offline dreamspinner3

  • Newbie
  • *
  • Posts: 10
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #43 on: January 04, 2013, 11:32:07 AM »
I emailed Avast about this yesterday & got this response just now:

"Thank you for contacting AVAST Software company with your concerns. My name is Michal and I will assist you today. Sorry for late reply.

I was able to browse the site without any warning being displayed, having avast! set to most sensitive level. Therefore I assume the false alarm was already fixed. Please update your virus database and check if the problem persists."

Since I downloaded Do Not Track Me for Chrome, the warning wasn't happening to me anymore while using Chrome.  I did check http://www.captureminnesota.com/ (the site I was getting the warning on) with Firefox & Avast did not give me the pop-up warning this morning.

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #44 on: January 04, 2013, 11:46:39 AM »
I installed DoNotTrackMe as well for chrome and IE, the alarm hasn't been poped up since the installation, DoNotTrackMe is the way to go before any official update i guess.