Author Topic: Me Too HTML:ChaseBank-A [Phish] False Positives ?  (Read 1144 times)

0 Members and 1 Guest are viewing this topic.

Offline Amgeek

  • Jr. Member
  • **
  • Posts: 36
Me Too HTML:ChaseBank-A [Phish] False Positives ?
« on: October 22, 2018, 11:14:41 PM »
Started forme this afternoon (10/22/18 5 PM EST) for me when I started restoring Wordpress and Joomla! backups on my server using Akeeba backup and kickstart.

10/22/2018 3:42:10 PM   http://www.control.xxxxx.net/installation/index.php?view=setup [L] HTML:ChaseBank-A [Phish] (0)
10/22/2018 3:47:54 PM   http://www.control.xxxxxx.net/installation/index.php?view=setup [L] HTML:ChaseBank-A [Phish] (0)
10/22/2018 3:53:42 PM   http://www.control.xxxxxx.net/installation/index.php?view=setup [L] HTML:ChaseBank-A [Phish] (0)
10/22/2018 4:44:01 PM   http://www.yyyyyy.xxxxxx.net/installation/index.php?view=setup [L] HTML:ChaseBank-A [Phish] (0)
10/22/2018 4:59:43 PM   http://www.yyyyy.xxxxxx.net/installation/index.php?view=setup [L] HTML:ChaseBank-A [Phish] (0)

I also use Ublock (as others with this issue) so I disabled it - no change
Tried both Chrome and Firefox

So..... Am assuming they are false positives.

Can anyone at avast confirm.

Thanks
Amgeek

Online Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35588
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline FrostBitten

  • Newbie
  • *
  • Posts: 2
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #2 on: October 22, 2018, 11:26:42 PM »
How to report  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Except that in my situation, I can't report my router's URL or any associated files, because there is none.  Believe me, I tried.  Here's the CopyPasta from the other thread I accidentally posted in.  Oh, and BTW, if your bad sig files are detecting this router as defective, there's only a few dozen MILLION other Comcast Customers around the US that might be having the same problems.

Quote
I just installed a brand new out of box Arris SVG2482AC router and Avast is telling me that it (The Router) is infected with HTML:ChaseBank-A [Phish] and blocks access to it.  These are generally considered DNS hijacking situations, but the router reports legitimate Comcast DNS numbers.

I called Arris, and they said that it is not possible to infect one of these routers. It has essentially the same firmware as Xfinity's routers. The problem didn't show up until I rebooted my machines after the new router install and (I assume) it updated Avast's virus files.

Since 192.168.0.1 is not a valid URL or a file, I can't submit this via the "Report False Positives" Page.

I can't even access the router configuration and to try the suggestions Avast provides without first disabling Avast.  Even the internet is iffy without disabling avast.

You need to Fix this.  Now.


Online Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35588
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #3 on: October 22, 2018, 11:32:19 PM »
Quote
Except that in my situation, I can't report my router's URL or any associated files, because there is none. 
It is still possible to report and describe the problem ..

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31291
  • malware fighter
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #4 on: October 22, 2018, 11:46:27 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline medvid

  • Avast team
  • Jr. Member
  • *
  • Posts: 27
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #5 on: October 22, 2018, 11:49:18 PM »
This FP was fixed in new VPS, please update manually.

Offline Jay Scott ANDERSON

  • Newbie
  • *
  • Posts: 1
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #6 on: October 23, 2018, 12:09:57 AM »
Today I received two reports of people getting blocked from particular pages on our password protected site—same reason: HTML:ChaseBank-A [Phish]

I reported on the Avast false positives report page.

How can I check our site for problems?

Do I need to tell each end user that gets blocked to manually update their Avast software?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81175
  • No support PMs thanks
Re: Me Too HTML:ChaseBank-A [Phish] False Positives ?
« Reply #7 on: October 23, 2018, 01:24:51 AM »
Today I received two reports of people getting blocked from particular pages on our password protected site—same reason: HTML:ChaseBank-A [Phish]

I reported on the Avast false positives report page.

How can I check our site for problems?

Do I need to tell each end user that gets blocked to manually update their Avast software?

First, you are posting after an avast team member has acknowledged this is an FP (False Positive) so you shouldn't need to check your site for problems.

Second, the Virus Definitions Updates happen automatically during the course of the day (several of them).  In instances like this where people are actually experiencing this and reporting it in the forums, the advice would be to manually update the virus definitions.  For those not experiencing it first hand (haven't visited your site recently) will get the update automatically.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.4.2374/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/