Author Topic: Latest update and Proxomitron  (Read 11007 times)

0 Members and 1 Guest are viewing this topic.

dr_j

  • Guest
Latest update and Proxomitron
« on: January 29, 2006, 07:02:26 AM »
While I was out this evening, I received the latest update on all of my machines (0605-0). Now, whenever I open my browser, I get a malware warning (script). I believe this is due to my use of Proxomitron as my ad blocker of choice.  It appears that Proxomitron is prepending and appending some script code at the start/bottom of each web page that it visits. Note that this was never flagged as an issue before the latest update.

How concerned should I be? If Avast continually flags every web page I visit while Proxomitron is enabled, I see I have several choices: stop using Proxomitron and use an alternative; stop using Avast and use an alternative; tolerate the warnings for every page.

How concerned should I really be? Is Proxomitron really placing malicious code in the web pages, or is it just code to help it block ads and popups?

Thanks!

j

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Latest update and Proxomitron
« Reply #1 on: January 29, 2006, 10:11:27 AM »
What malware is reported, exactly?
On which page?
If at first you don't succeed, then skydiving's not for you.

dr_j

  • Guest
Re: Latest update and Proxomitron
« Reply #2 on: January 29, 2006, 05:34:22 PM »
It's reported as "VBS:Malware [Script]", and it's reported on every web page that is visited (every cached web page as well).

Proxomitron is prepending the following on every page:

<!--//--><script>var PrxLC=new Date(0);var PrxModAtr=0;var PrxInst; if(!PrxInst++) PrxRealOpen=window.open;function PrxOMUp(){PrxLC=new Date();}function PrxNW(){return(this.window);} function PrxOpen(url,nam,atr){ if(PrxLC){  var cdt=new Date();  cdt.setTime(cdt.getTime()-PrxLC.getTime());  if(cdt.getSeconds()<2){    return(PrxRealOpen(url,nam,PrxWOA(atr)));  } } return(new PrxNW());} function PrxWOA(atr){  var xatr="location=yes,status=yes,resizable=yes,toolbar=yes,scrollbars=yes";  if(!PrxModAtr) return(atr);  if(atr){    var hm;    hm=atr.match(/height=[0-9]+/i);    if(hm) xatr+="," + hm;    hm=atr.match(/width=[0-9]+/i);    if(hm) xatr+="," + hm;  }  return(xatr);}window.open=PrxOpen;</script>
<!--//--><script> function NoError(){return(true);} onerror=NoError; </script>
<!--//--><script> function moveTo(){return true;}function resizeTo(){return true;}</script>






and it is appending this on every page:





<!--//--><script>if(document.layers){document.captureEvents(Event.MOUSEUP);}document.onmouseup=PrxOMUp;</script>







I never gave it much thought, as it's such a good ad blocker.  With Avast now reporting every single web page a potentially infected, it's a pain.


j

BlankaM

  • Guest
Re: Latest update and Proxomitron
« Reply #3 on: January 29, 2006, 07:20:00 PM »
I also use Proxomitron and I'm getting exactly the same message, but I only seem to get it in Internet Explorer, not in Firefox.

dr_j

  • Guest
Re: Latest update and Proxomitron
« Reply #4 on: January 29, 2006, 07:31:14 PM »
Interesting ..... I'm using IE.

j

BlankaM

  • Guest
Re: Latest update and Proxomitron
« Reply #5 on: January 29, 2006, 07:33:06 PM »
Nows a good time to switch to Firefox then! ;)

The money spender in the house likes to use IE so I'm kinda stuffed unless it can be sorted. :(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Latest update and Proxomitron
« Reply #6 on: January 29, 2006, 07:37:14 PM »
Nows a good time to switch to Firefox then! ;)

The money spender in the house likes to use IE so I'm kinda stuffed unless it can be sorted. :(
That doesn't mean you have to use IE, firefox and others, Opera, etc. are free ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlankaM

  • Guest
Re: Latest update and Proxomitron
« Reply #7 on: January 29, 2006, 07:39:01 PM »
Oh, I use Firefox, that's not the problem, but you try and retrain a loved one to use a new browser! :D Having said that, I'll go ahead and do it if it's not sorted in the next few days. I'll get Opera on here probably.
« Last Edit: January 29, 2006, 07:41:30 PM by BlankaM »

dr_j

  • Guest
Re: Latest update and Proxomitron
« Reply #8 on: January 29, 2006, 09:16:53 PM »
I can certainly look at using FireFox; it has ad-blocking built in, right? And wouldn't Proxomitron still add it's $0.02 to the html to block ads (if I still used it)? I'm not sure switching browsers fixes the problem ---- looks like a false positive to me.

j

BlankaM

  • Guest
Re: Latest update and Proxomitron
« Reply #9 on: January 29, 2006, 09:20:14 PM »
Oh it's a false positive alright, but whatever the reason, I don't get the problems with Firefox. I'd say use Firefox as a stopgap until the problem gets fixed. You may even move permanently anyway. ;)

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Latest update and Proxomitron
« Reply #10 on: January 29, 2006, 09:42:49 PM »
Hopefully the virus guys will have a look at it shortly.
BTW Blanka I see your based in the UK but your first name (or your nick) looks very Czech. How come? :)
If at first you don't succeed, then skydiving's not for you.

Scott Gilmore

  • Guest
Re: Latest update and Proxomitron
« Reply #11 on: January 29, 2006, 11:52:39 PM »
Interesting ..... I'm using IE.

I'm getting the same problem with every browser I use that connects through Proxomitron.  If I change settings so that the browser doesn't connect through Proxomitron, close and re-launch, I have no more problems.

The behavior is identical with Firefox, my default browser, IE6 SP1, Opera, Mozilla and Avant (which is basically just IE6 with its own shell).  In each case, the cached .HTM and .ASPX files return the same false positives - regardless of browser.  The behavior is always the same.

Very frustrating.  I just spent much of the day trying to figure out what was writting that script code into the top and bottom of those files.

Thank you,
Scott Gilmore

BjMarowitz

  • Guest
Re: Latest update and Proxomitron
« Reply #12 on: January 30, 2006, 12:02:35 AM »
My experience is the same as Scott's -- every browser that connects through Proxomitron.

This is only with the latest updates from Saturday (28 JAN 06).

I REALLY don't want to browse without Proxomitron -- it is an extremely useful tool.

Thanks!
Bj

dr_j

  • Guest
Re: Latest update and Proxomitron
« Reply #13 on: January 30, 2006, 01:56:42 AM »
That's what I would have expected. For now, I've curtailed browsing, and I just "bypass" Proxomitron while I'm on the net. Not ideal .... but at least it doesn't throw the false positive warnings when I'm on the web.

j

BlankaM

  • Guest
Re: Latest update and Proxomitron
« Reply #14 on: January 30, 2006, 09:27:43 AM »
Hmm... I guess it's the way I've got Firefox then that doesn't get it spouting viruses at me all the time... At any rate, I'm not getting them at the moment but it's still a pain in the backside because a few applications, namely Steam in my case, access webpages using IE and I get virus warnings whenever I login...

And Vlk, the nickname comes from many many hours of playing Street Fighter 2! ;) Brilliant game!