Author Topic: False Positive Need Help Please..  (Read 4858 times)

0 Members and 1 Guest are viewing this topic.

Davecom

  • Guest
False Positive Need Help Please..
« on: June 15, 2013, 11:23:18 PM »
My website   hxxp://www.dpandassociates.net    uses this for galleries   hxxp://www.magichtml.com/javascriptslideshow/index.html    says infected with Infection:

JS:Agent-BYJ [Trj] every website that use it same thing have used it for a while with no problems.....Thanks for any Help
« Last Edit: June 15, 2013, 11:40:56 PM by igor »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: False Positive Need Help Please..
« Reply #1 on: June 16, 2013, 12:42:54 AM »
is it the first or second url you posted that is the problem?

quttera report on first url
http://quttera.com/detailed_report/www.dpandassociates.net

Davecom

  • Guest
Re: False Positive Need Help Please..
« Reply #2 on: June 16, 2013, 01:04:28 AM »
Mine is the first site the second is the company that sales the product. Any suggestions.....Thanks
« Last Edit: June 16, 2013, 01:07:55 AM by Davecom »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: False Positive Need Help Please..
« Reply #3 on: June 16, 2013, 01:15:29 AM »
Well it is being alerted here: http://urlquery.net/report.php?id=3143426
IDS comes in the RBN ruleset and as a webclient rule
Also Bad customer experience reported on WOT
This for the main site I get no avast alerts in Google Chrome,
and I get this
Code: [Select]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /javascriptslideshow/js/undefined was not found on this server.</p> </body></html> This javascriptslideshow/js/ can come spyware infected or with a keygenerator, also can come via WP infection via default-filters.php, etc
Also protect against dovecot vulnerabilities....f you don't use imap or pop3, then remove dovecot...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: False Positive Need Help Please..
« Reply #4 on: June 16, 2013, 01:33:14 AM »
For what Quttera reports
Quote
/js/mhgallery.js
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details see image attacked..
File size[byte]: 24447
File type: ASCII
MD5: E38D25E777A922D1294816C93D580E74 - same as here: http://www.quttera.com/detailed_report/www.dptvng.com
 
Hick-ups in this code but benign: http://jsunpack.jeek.org/?report=fe1176a126d3f962516bd5f5c3c6bf2dedb99766

polonus
« Last Edit: June 16, 2013, 01:38:20 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Davecom

  • Guest
Re: False Positive Need Help Please..
« Reply #5 on: June 16, 2013, 01:37:41 AM »
Thanks for the help. But im thinking the company will come out with a fix, I don't know what else to do. I wrote them and let them know about it. heck it even does it on their website. Still any more suggestions would be appreciated....

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: False Positive Need Help Please..
« Reply #6 on: June 16, 2013, 01:46:44 AM »
This is the alert that I get scanning the javascript slideshow download url with DrWeb's URL checker (giving it as clean), see image attached

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Davecom

  • Guest
Re: False Positive Need Help Please..
« Reply #7 on: June 16, 2013, 02:05:43 AM »
I'm stuck dont know what to do............

Davecom

  • Guest
Re: False Positive Need Help Please..
« Reply #8 on: June 16, 2013, 05:05:14 AM »
Thank you.....Pondus and polonus. The company got it fixed. But wanted to thank you for your help. :) :) :) :) :) :) :)

groundguide

  • Guest
Re: False Positive Need Help Please..
« Reply #9 on: June 17, 2013, 11:52:16 PM »
Dave,

Could you please let me know how it was fixed, did the company provide an updated mhgallery.js file? It is just that I have the same problem on my website but no one from the company (Magic Hills) has replied to my email.

Duncan

twilightangel12

  • Guest
Re: False Positive Need Help Please..
« Reply #10 on: June 18, 2013, 05:47:43 PM »
Hi i really need help with this same issue!! I run a website for someone and use the same Javascript Slideshow Maker and my computer keeps blocking the slideshows when i try to check them to make sure i did it right. I dont want them to be infected by looking at their own website (they dont have up to date software) I already tried over writing it with a new one from my comp, and scanning it shows it is clean on my end, it must be on the site. Can someone advise HOW this was solved??

groundguide

  • Guest
Re: False Positive Need Help Please..
« Reply #11 on: June 18, 2013, 10:49:12 PM »
The company HTML 5 Box (Magid HTML) have upgraded the software and javascript files, they can be downloaded from:

http://www.magichtml.com/download.html

These updated files cure the problem.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: False Positive Need Help Please..[SOLVED]
« Reply #12 on: June 18, 2013, 10:57:22 PM »
Hi Davecom,

Well great that our explorations helped towards a solution. That is why this forum is great,

Stay safe and secure,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!