Author Topic: False Positive? (JS:Poweliks-A[Trj]) (Read 1231 times)

REDACTED · « **on:** October 10, 2015, 07:16:10 AM »

Hello!
I wasn't sure where else to report this, so I am posting it here. I believe I received a false positive alert today while researching Poweliks:

The URL in question is simply a removal guide for Poweliks, found on BleepingComputer. It comes up clean when scanned with VirusTotal (scan report HERE).

Can anyone verify whether or not this is a false positive?

Thanks!

polonus · « **Reply #1 on:** October 11, 2015, 01:28:58 AM »

This is a typical example of a false positive on a false positive that isn't. Avast blocks because just too much of the real code is shown to make the alert work and final effect the blocking. A human being would never have made such a mistake. So yes in your case a false positive/not a false positive as Avast detection experiences or detects it. You could ask Avast Team for an exclusion for such detections coming from the bleeping computer malware removal URL. We cannot as we are just volunteers with relevant knowledge. Exclusions for detection definitions can only be made by Avast Team Members, and we here are not.

Have a nice day,

polonus (volunteer website security analyst and website error-hunter)

HonzaZ · « **Reply #2 on:** October 14, 2015, 10:01:29 AM »

Exactly as Polonus says. There is code in the webpage, which is why Avast detects it. If it was at least escaped, Avast would not block it.
The detection will remain.

Author Topic: False Positive? (JS:Poweliks-A[Trj]) (Read 1231 times)

REDACTED

False Positive? (JS:Poweliks-A[Trj])

polonus

Re: False Positive? (JS:Poweliks-A[Trj])

HonzaZ

Re: False Positive? (JS:Poweliks-A[Trj])