Author Topic: (Not a) False Positive - MySpace.com surfing - Win32:SDBot-gen44 [Trj]  (Read 6515 times)

0 Members and 1 Guest are viewing this topic.

overcoffee

  • Guest
Hi!

(Searched, can't find this anywhere).



Surfing MySpace profiles,
I'm getting,
and reproducing (but perhaps under random page/surfing conditions, perhaps not)
reproduced/experienced over several days,
all on MySpace pages only,


the following avast response.

False Positive? 
Naturally, it's disconcerting, and I came here because at some point, ignoring my antivirus seems not too sharp *smiles*

I hesitate to think there's really anything on those pages, that MySpace knows about anyway...

And it's on various pages-not just one or two or six or any one group of profiles etc.

I'll feel better if you guys confirm it's a false positive I think :)

Thanks for any insight, and wishing you all a wonderful week ahead!



« Last Edit: September 10, 2006, 04:42:28 PM by overcoffee »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: False Positive? (My Space surfing)
« Reply #1 on: September 10, 2006, 03:45:49 PM »
Are you sure it's a false positive?
Dr Web found a virus either...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: False Positive? (My Space surfing)
« Reply #2 on: September 10, 2006, 03:53:15 PM »
My first thoughts are MySpace has been the subject of a number of bad media articles mainly about the protection of youngsters, but because of its massive membership an obvious target for the malware writers. I too got the alert when I input the url, so it wasn't just you effected, the wmf image format is one which can be infected so it at least has the potential to be a virus.

I have submitted the url to the VirusTotal multi engine scanner (it's in a big queue) unfortunately it won't accept urls only hard drive locations.

Personally it is an advert image if it isn't in fact infected so it would be no loss.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: False Positive? (My Space surfing)
« Reply #3 on: September 10, 2006, 04:11:38 PM »
Downloaded the file and submitted it to VirusTotal and without exception all the scanners find it suspicious or a virus. So it is absolutely NOT a false positive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

overcoffee

  • Guest
Re: (Not a) False Positive (My Space surfing)
« Reply #4 on: September 10, 2006, 04:39:45 PM »
Thanks to all you guys!

(See, good thing I came here-
and if avast had said anything at all about not being able to stop it from entering, I'd have come lots sooner naturally-great to know it stopped it!  By my way of thinking-false positives are never a bad thing, because they can be addressed right away and are by conscientious programmers, because clearly there's nothing getting through that program or those programmers without confidence first.   It's when av programs identify when scanning, so little as questionable (so as to avoid false positives) that the real problems -- and rip off av progs imho -- begin.  False positives = flags to me and not flaws -- when I used the phrase false positive, I hope no one took it to mean that I thought the prog was flawwed.    Shoot, to the contrary I brag about this av to everyone that'll listen for years now -- thought I should perhaps be clear on that one so there's no misunderstanding.)


So this is a new variant of something, or an in-the-wild thing?  Or an oldtimer lurking in the shadows?  I ask that out of curiosity-because I'm always reminding friends that avast catches itw things, which friends av progs don't...



And
is that something that MySpace would want to know-
or have any control over?


Great avast caught it - many many thanks!
« Last Edit: September 10, 2006, 04:50:47 PM by overcoffee »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: (Not a) False Positive - MySpace.com surfing - Win32:SDBot-gen44 [Trj]
« Reply #5 on: September 10, 2006, 05:29:28 PM »
Glad we could help, welcome to the forums.

No new variant, as it was detected and it most certainly is in the wild with so many AV detecting it. The web shield is a very good tool as it scans the content before it gets to your HDD (temp internet files) and can be activated, so not something lurking on your system.

I don't know anything about myspace other than the various articles I see about most adverse. If the let you have web space to put stuff on it that is outside their control to a certain extent. Yes they may well be able to scan the web site for viruses, etc. but this wasn't on their site, rather a link on a web page to download/load this virus masquerading as an wmf image.

I would hope that it is something that myspace would want to know, and what they would also want to know is the web page you were at when this link tried to load.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security