Author Topic: False Positive at Tudou.com (Read 8758 times)

hihikaren · « **on:** December 10, 2008, 10:13:06 AM »

Avast is detecting the website of Tudou.com (http://www.tudou.com/) and states it has found a virus of "Other:malware-gen" and offers me the choice of: "Abort connection", so I click it and I can contiune in viewing this website normally. Later for the safety reason, I perform the standard virus scan for all my local non-removable disks and the result is no files was infected.
In my Log viewer, there had something in the warning section, and the description is Sign of "Other:Malware-gen" has been found in "http://js.tudouui.com/bin/other/indexslide_1.swf " file.
My virus datebase version is 081209-1 and Avast version is 4.8.1296
Furthermore, I want to say that the website of Tudou.com was viewed by me everyday and it's normal in the past except today....
Therefore is it a false positive? Can I continue in viewing this Tudou.com website just only click "abort connection" everytime is OK (If the warning window exist in alerting me)or report as false positive!!
Thanks for kindly attention....

From hihikaren

misak · « **Reply #1 on:** December 10, 2008, 10:46:38 AM »

Thank you for attention. False positive alert will be fixed in VPS 081210-0

hihikaren · « **Reply #2 on:** December 10, 2008, 11:38:06 AM »

Thanks for help.....

This means that I can continue to view the website of Tudou.com now and click the choice of "Abort Connection" before False positive alert will be fixed in VPS 081210-0.....?(i.e. VPS now is 081209-1)

Lisandro · « **Reply #3 on:** December 10, 2008, 02:38:36 PM »

Quote from: hihikaren on December 10, 2008, 11:38:06 AM

Thanks for help.....
This means that I can continue to view the website of Tudou.com now and click the choice of "Abort Connection" before False positive alert will be fixed in VPS 081210-0.....? (i.e. VPS now is 081209-1)

Yes.

DavidR · « **Reply #4 on:** December 10, 2008, 03:38:45 PM »

Quote from: hihikaren on December 10, 2008, 11:38:06 AM

Thanks for help.....
This means that I can continue to view the website of Tudou.com now and click the choice of "Abort Connection" before False positive alert will be fixed in VPS 081210-0.....?(i.e. VPS now is 081209-1)

I would have to say No, you can't continue to view the site after Aborting the connection.

If the VPS hasn't been corrected, avast would continue to detect what it finds (it may find that on other pages in the site), unless you exclude that site form the web shield scan.

Web Shield, Customize, Exceptions tab, Add and type or paste this into the entry *.tudou.com/* see image.

However, if there isn't any urgency I would wait until the release of the next VPS update as that Exception would leave a rather large hole in your security relating to that site, all sub-domains and all files on the tudou.com site.

newbie7 · « **Reply #5 on:** December 10, 2008, 04:57:35 PM »

Quote from: hihikaren on December 10, 2008, 11:38:06 AM

Thanks for help.....
This means that I can continue to view the website of Tudou.com now and click the choice of "Abort Connection" before False positive alert will be fixed in VPS 081210-0.....?(i.e. VPS now is 081209-1)

http://www.siteadvisor.com/sites/tudou.com (please Use this site to check site safety before visiting)

BrBrasil · « **Reply #6 on:** December 10, 2008, 04:59:20 PM »

I dont understand... Here is part of his statement:

"...and offers me the choice of: "Abort connection", so I click it and I can contiune in viewing this website normally."

How can he continue to view the site normally, if he aborted the connection? Shouldnt avast block this site after he choose to abort the connection?

Thanls for your time,

BrBrasil

DavidR · « **Reply #7 on:** December 10, 2008, 07:18:22 PM »

The abort connections drops what avast finds objectionable and it entirely depends what that is and we haven't got that information. In some cases the page won't display at all in others the rest of the page may load other page elements, this may also depend on your browser. avast! doesn't block the site it only scans an alerts to infected content.

Based sollely on the OPs comments in:
a) first reporting this it appears he can continue browsing with what remains after aborting the connection.

Quote

and offers me the choice of: "Abort connection", so I click it and I can continue in viewing this website normally.

b) in his second reply if he wasn't able to continue (on first detection) after the abort connection then he wouldn't have asked if it was OK to do so.

The VPS has just been updated so this should now be resolved if the OP has received this update.

Quote

- Vps: Updated
(previous version: 081209-1, updated version: 081210-0)

hihikaren · « **Reply #8 on:** December 11, 2008, 09:52:36 AM »

Thanks for the help again.....
Last night, after the VPS was updated to version of 081210-0, the warning window of malware not appeared when I viewing the website of Tudou.com, and the false positive is fixed.

With many thanks
by hihikaren

CharleyO · « **Reply #9 on:** December 11, 2008, 10:22:16 AM »

***

Welcome to the forums, hihikaren.

We are happy that all is well for you now.

Please come back often, learn more, and maybe help others.

***

DavidR · « **Reply #10 on:** December 11, 2008, 02:43:42 PM »

Glad we could help, welcome to the forums.

Author Topic: False Positive at Tudou.com (Read 8758 times)

hihikaren

False Positive at Tudou.com

misak

Re: False Positive at Tudou.com

hihikaren

Re: False Positive at Tudou.com

Lisandro

Re: False Positive at Tudou.com

DavidR

Re: False Positive at Tudou.com

newbie7

Re: False Positive at Tudou.com

BrBrasil

Re: False Positive at Tudou.com

DavidR

Re: False Positive at Tudou.com

hihikaren

Re: False Positive at Tudou.com

CharleyO

Re: False Positive at Tudou.com

DavidR

Re: False Positive at Tudou.com