Author Topic: Virus in Yahoo mail? False positive?  (Read 59480 times)

0 Members and 1 Guest are viewing this topic.

Elrogos

  • Guest
Virus in Yahoo mail? False positive?
« on: December 27, 2009, 12:56:36 PM »
Hi,

Im getting a virus alert when login to Yahoo Mail. The malware name is HTML:Iframe-inf, and Im using Avast Personal fully updated. There is no infection on my side, as the program blocks the connection; and as far I can tell, there is neither an infected mail there (havent seen this alert, ever, and I use that account every single day) nor a new mail on the inbox which may be infected.

I hope it is a false positive, because I need to access that account. If you need more info just tell me.

possumman

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #1 on: December 27, 2009, 01:11:31 PM »
I am also getting virus alerts when I log in to Yahoo Mail - they weren't there last night, but are there now.
EDIT - It's on Yahoo answers too. It seems to be from one of the adverts which is on the screen.
« Last Edit: December 27, 2009, 01:16:12 PM by possumman »

elaineC

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #2 on: December 27, 2009, 01:19:49 PM »
I am experiencing the same problem.

This is happenning when I try to access a Yahoo email account I have had for years and use practically every day.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: Virus in Yahoo mail? False positive?
« Reply #3 on: December 27, 2009, 01:25:57 PM »
Same thing here on  www.yahoo.no ( HTML:Iframe-inf )


* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Saturday, December 26, 2009 3:34:59 AM
*


27.12.2009 13:23:23   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:23:33   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:24:50   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:25:56   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:27:02   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:28:17   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
27.12.2009 13:37:10   hxxp://no.yahoo.com/|>{gzip} [L] HTML:Iframe-inf (0)
« Last Edit: December 27, 2009, 03:07:13 PM by Pondus »

spg SCOTT

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #4 on: December 27, 2009, 01:27:03 PM »
Hello all, welcome to the forum :)

I have taken a look at some of the pages, and I can't seem to find any references to malware (but that could just be my inability...)

What I would suggest to do:
When an alert appears, in the bottom right of the alert, please click on 'Report as a False Positive' as this is the best way to alert ALWIL.

I have also emailed them this info...

-Scott-

EDIT:

Same thing here on  wXw.yahoo.no ( HTML:Iframe-inf )

Strange...no alert first time I visited...then an alert second time...
« Last Edit: December 27, 2009, 01:32:12 PM by spg SCOTT »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: Virus in Yahoo mail? False positive?
« Reply #5 on: December 27, 2009, 01:33:55 PM »
Quote
What I would suggest to do:
When an alert appears, in the bottom right of the alert, please click on 'Report as a False Positive' as this is the best way to alert ALWIL.
no such thing in Avast 5 Scott ? but if you have emailed then i guess it will be gone soone
EDIT: jepp the function is there but does`t show on every detection


Quote
Strange...no alert first time I visited...then an alert second time...
Same her, does not happen every time, when i am logged in there is a different detection ( URL:Mal )
« Last Edit: December 27, 2009, 02:52:39 PM by Pondus »

spg SCOTT

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #6 on: December 27, 2009, 01:38:54 PM »
I don't know about avast! 5, but I have also reported it like described above, so hopefully we will find out.

-Scott-

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: Virus in Yahoo mail? False positive?
« Reply #7 on: December 27, 2009, 01:44:23 PM »
No i am having Warning in Avast forum also, click on the pic in Mike Buxton post
 
http://forum.avast.com/index.php?topic=52586.msg446148#msg446148

spg SCOTT

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #8 on: December 27, 2009, 01:48:01 PM »
No i am having Warning in Avast forum also, click on the pic in Mike Buxton post
 
http://forum.avast.com/index.php?topic=52586.msg446148#msg446148

No alert with avast! 4.8, what is the actual alert on? Remember hXXp ;)

Wait...it is the ad banner at the top...
Code: [Select]
27.12.2009  12:48:06  Network Shield: blocked access to malicious site ad .yieldmanager .com/imp?Z=728x90,468x60&s=692800&t=2 [ C:\Users\Scott\Portableapps\FirefoxPortable\App\firefox\firefox.exe ( 4088 ) ]
« Last Edit: December 27, 2009, 01:53:03 PM by spg SCOTT »

Elrogos

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #9 on: December 27, 2009, 01:58:38 PM »
This isnt exclusive of Yahoo, found it on gamefaqs too ( wXw.gamefaqs.com , might have some ads). I wonder if someone with the Yahoo problem could check: go to the search bar, write anything, "asd" for example, and click on the "Go" button, if you dont get it, click back and "Go" again ... voilá, Avast alert, HTML:Iframe-inf.

I didnt get it with the Mike Buxton image thought.

At least im not the only one  >:(

EDIT: Got the Mike Buxton's post alert, AdBlockPlus was preventing me from seeing the offending banner.
« Last Edit: December 27, 2009, 02:14:42 PM by Elrogos »

Kamakzie

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #10 on: December 27, 2009, 02:10:16 PM »
Getting the error here too..

iowac

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #11 on: December 27, 2009, 02:44:59 PM »
Started this morning when I started to us my computer, at 1am last night was not doing this.  I do notice that at 6:29am this morning the virus database was updated, there was a update also on 12:26 however at 6:29 pm and I used my computer last night and it was not doing this.  I am thinking the 6:29 virus database update this morning is the culprit.  Anybody else with thinking?

Foxyrobin

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #12 on: December 27, 2009, 02:47:41 PM »
Im getting it  trying to access my yahoo groups, but one of them isnt infected.

I can access Yahoo search engine no problem. But it affects my yahoo mail account from being accessed too.

I noticed with Yahoo some of my mail arrives displayed incorrectly. it come sas a long list of pathways the mail has traveled, in which somewhere the message is burred!.

Goldscooby

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #13 on: December 27, 2009, 02:49:37 PM »
Hello,
By no means an expert here, I am also getting a virus message on my Yahoo Home page. Mine is different though. It is js:scriptip-inf[trj]. I am running my avast now and I ran it earlier and it came up with no virus. Any suggestions anyone?

Thanks,
John

iowac

  • Guest
Re: Virus in Yahoo mail? False positive?
« Reply #14 on: December 27, 2009, 02:54:42 PM »
Here is what shows in my network log


27.12.2009  08:15:41  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=600633&t=2 [ C:\Program Files\Internet Explorer\iexplore.exe ( 2704 ) ]
27.12.2009  08:16:53  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=600633&t=2 [ C:\Program Files\Internet Explorer\iexplore.exe ( 2792 ) ]
27.12.2009  08:17:06  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=166558&t=2 [ C:\Program Files\Internet Explorer\iexplore.exe ( 2792 ) ]
27.12.2009  08:23:24  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=600633&t=2 [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 4848 ) ]
27.12.2009  08:41:03  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=600633&t=2 [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 4780 ) ]
27.12.2009  08:41:17  Network Shield: blocked access to malicious site ad.yieldmanager.com/pixel?id=500443&t=2 [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 4780 ) ]

here is the warning log info --------  **PLEASE NOTE THE TT IN HTTP AND X IN WWW DONE SO AS NOT CLICABLE**


12/27/2009 8:40:53 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxtp://m.wXw.yahoo.com/\{gzip}" file.  
12/27/2009 8:38:55 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxp://m.wXw.yahoo.com/\{gzip}" file.  
12/27/2009 8:27:19 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxp://m.wXw.yahoo.com/\{gzip}" file.  
12/27/2009 8:23:43 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxp://m.www.yahoo.com/\{gzip}" file.  
12/27/2009 8:15:27 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxp://m.wXw.yahoo.com/?r947=1261919727\{gzip}" file.  
12/27/2009 8:15:27 AM   SYSTEM   1492   Sign of "JS:ScriptIP-inf [Trj]" has been found in "hxxp://m.wXw.yahoo.com/\{gzip}" file.
« Last Edit: December 27, 2009, 02:57:44 PM by iowac »