VBS:Malware-gen

[kubecj]

Does not alarm for me either. Could it be you got installed something bad on your computer? Please, start another thread if you want to get more help.

[DavidR]

I can visit that page without an alert, I can't see anything in the page source that might trigger it, perhaps the webmaster found the script and removed it. Or as kubecj said perhaps something on your system.
 

[foto]

 Same here hxxp://www.live-magazine.eu/
 Can you check it, please. Thanks

[kubecj]

Mega-obfuscated script at the end of the page. Not a fp.

[NLT]

Hello,

I was looking at my "warning" log, and found the following from 6/23/2008:

"VBS Malware-gen has been found in "http://www.yahoo.com/\unp 113810025 file"

I never received any other notification of this problem, other than just noticing it in the log.  I have had no problems, whatsoever, so I am proceeding under the assumption there is nothing to be concerned about.  Am I correct?  Thank you for any replies and corrections.

[polonus]

Hi foto,

The live-magazine dot eu link is also flagged by finjan as having malicious code,

polonus

[theefxman]

I am also getting a VBS:malaware-gen message when visiting what I believe to be a safe company website.

hXXp://www.thelawrencegroup.com/

Filename hXXp://www.thelawrencegroup.com/AC_RunActiveContent.js
VBS:Malware-gen
Virus/Worm
090109-0, 01/09/2009

Please let me know if this is a false positive.

[DavidR]

There is a big chunk of obfuscated document write (javascript) at the bottom of the script.

I have no idea what that is intended to do or why it would be obfuscated in that way or even if it is meant to be there. Since javascript is meant to be a plain language scripting language when obfuscated in this way I get suspicious at what they have to hide.

So it may well be a legit detection but you could submit it (as a possible false positive) for further analysis.

[statikuz]

I'm getting this same warning for hXXp://ssbresins.com/. It has the same line of compressed/weird JS as some of these other pages. Just thought I'd chime in.

[DavidR]

Well if it is your site or one you regularly visit it has probably been hacked.

Considering its location just before the closing Body and HTML taks it certainly looks like code injection into the page.

Please modify your post, changing the http tp hXXP so the link isn't active, avoiding accidental exposure, e.g. hXXp://ssbresins.com/.

[REDACTED]

Getting Malware-gen for hXXp://icamaxi.se, any idea if it's a FP?

Thanks

[kubecj]

Not a false.

[DavidR]

Getting Malware-gen for hXXp://icamaxi.se, any idea if it's a FP?

As kubecj said not a false positive, a big chunk of javascript (which I have edited to make it easier to see in the image) trying to look like an advert script, but it has an obfuscated link at the end of it. There should be no legitimate reason to do that, e.g. what are they trying to hide.

So it looks like the site has been hacked.

Please modify your post change the http to hXXp to break the link to avoid accidental exposure (as in the quoted text above).

[chaz4j]

I plugged in my digital camera and the virus notification came up and said I had VBS:Malware-gen, so I put it in the virus chest and scanned it and it said it was in this file AutoRun.inf. I just had to completely wipe, format and reinstall vista the other day due to not having an antivirus and the first thing I did when I got it running was download avast. I know for sure theres nothing up with my laptop...

If anyone could help me please do!

[DavidR]

This is somewhat different to what is covered here, hacked web sites and is for a different malware name.

- Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help. 
- Go to this link, http://forum.avast.com/index.php, scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.