Author Topic: JS: Popupper-Y [Trj] possible false positive (Read 3947 times)

ConditionOne · « **on:** January 27, 2013, 03:04:05 PM »

fourteen mht files were created long ago with Microsoft IE suddenly test positive for JS: Popupper-Y [Trj]. These files have not been accessed since their created except for scanning with Avast and other programs with no indication of infection.

A sample has been submitted.

jefferson sant · « **Reply #1 on:** January 29, 2013, 01:09:18 AM »

Do the virus scan on the file of the virus Total

https://www.virustotal.com/

posts the reports with results

compress the file in zip or rar format with password
send the sample

virus@avast.com

1234ava · « **Reply #2 on:** April 21, 2015, 11:44:05 PM »

Bumping this thread as I have a similar issue. An mht file created long ago with Microsoft IE suddenly tests positive for JS: Popupper-Y [Trj]. But according to VirusTotal, only Avast detects it as a (false?) positive. I zipped it with password and sent it to virus@avast.com

Tondah · « **Reply #3 on:** April 22, 2015, 10:36:50 AM »

Hello, it is not FP. Same infection as here: http://www.virusview.net/report/detail/2C00BAFDDA3F3980C2A117E65A942460/18ADAA92

1234ava · « **Reply #4 on:** April 22, 2015, 10:52:39 AM »

@Tondah
Thanks for you reply, but how can you tell it's "same infection"? Have you analysed the .mht file I sent to virus@avast.com , together with VirusTotal report?
Detection ratio: 1 / 57
https://www.virustotal.com/en/file/6c0a206faf3af5b65440d70548689752d79f99d4b96ae5dd066a69e98460cedf/analysis/1429649700/

BTW, I haven't got any reply from virus@avast.com so far, not even an automated response.

Tondah · « **Reply #5 on:** April 23, 2015, 09:52:26 AM »

Hi i analysed several files containing this infection and they all work as adware/spyware. Its just standalone file packed into many bundled software packages.

1234ava · « **Reply #6 on:** April 23, 2015, 05:53:33 PM »

I am glad to tell you that I got a response to my file submission, from Honza Zíka of the Avast viruslab.
In short, he said he will not disable the detection. What he dislikes about the script is that it opens a 1x1 px window on exit, which is hidden off the screen. He also pasted the code that does it.

REDACTED · « **Reply #7 on:** December 24, 2016, 09:34:12 PM »

Bumping.
It appears Box Sync (mac) is giving me false-positives for this trojan? feature?
As I understand it, some software pops up a single pixel occasionally for tracking (?) of your activity, and Avast flags it as a Trojan. Or maybe it is a Trojan.

Regardless, I find it really annoying that when Box is syncing, I get an endless flow of red warning popups from Avast, telling me about them, with no advise on how to make it stop. Is there a solution, or is it something I just have to endure with impotent rage?

Pondus · « **Reply #8 on:** December 24, 2016, 10:34:25 PM »

1. you are posting in a topic from 2013

2. post screenshot of avast warning pop-ups

Author Topic: JS: Popupper-Y [Trj] possible false positive (Read 3947 times)

ConditionOne

JS: Popupper-Y [Trj] possible false positive

jefferson sant

Re: JS: Popupper-Y [Trj] possible false positive

1234ava

Re: JS: Popupper-Y [Trj] possible false positive

Tondah

Re: JS: Popupper-Y [Trj] possible false positive

1234ava

Re: JS: Popupper-Y [Trj] possible false positive

Tondah

Re: JS: Popupper-Y [Trj] possible false positive

1234ava

Re: JS: Popupper-Y [Trj] possible false positive

REDACTED

Re: JS: Popupper-Y [Trj] possible false positive

Pondus

Re: JS: Popupper-Y [Trj] possible false positive