Author Topic: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?  (Read 16032 times)

0 Members and 1 Guest are viewing this topic.

Kwigybo

  • Guest
www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« on: December 27, 2009, 02:01:07 PM »
Hello,

I've installed and ran avast home for the first time today, and noticed that when I surf to www.yahoo.com, avast often reports this Trojan Horse warning:

File name: http://m.www.yahoo.com/\{gzip}
Malware name: JS:ScriptIP-inf [Trj]
Malware type: Trojan Horse
VPS version: 091227-0, 12/27/2009

Using Firefox 3.5.6 on Vista Ultimate SP2.

Is this a false positive or does Yahoo! have some hacked content?

Thanks

Kwigybo

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #1 on: December 27, 2009, 02:10:02 PM »
Just noticed I have this in the wrong forum, sorry.

spg SCOTT

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #2 on: December 27, 2009, 02:13:22 PM »
Hi Kwigybo, welcome to the forum :)

This is getting wierd indeed... the site you reference, does not give me a webhield alert, but a network shield alert, which is on one of the ads conatained in the page...

There is already a discussion on yahoo at the moment though...
http://forum.avast.com/index.php?topic=52692.0

-Scott-


p.s. for future reference, when posting suspect urls, please could you modify them to disable the link... change www to wXw for example. Thanks

bobo1

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #3 on: December 27, 2009, 02:57:48 PM »
YES Happening to me when i access yahoo site another false positive annoying stopped network shield just normal web shield running!

RuralGuy

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #4 on: December 27, 2009, 03:04:46 PM »
I'm getting something like this on my yahoo fantasy football page! I've never had any trouble before. Why is this happening?  ???

bobo1

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #5 on: December 27, 2009, 03:06:53 PM »
False positive Just pause or turn off network shield untill avast updates the vps file!

YoKenny

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #6 on: December 27, 2009, 03:08:06 PM »
Block Yahoo ad tracking server with a HOSTS file:
http://hosts-file.net/?s=ad.yieldmanager.com&x=24&y=10

spg SCOTT

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #7 on: December 27, 2009, 03:10:13 PM »
Happens to be FP, which will be fixed.

http://forum.avast.com/index.php?topic=52692.msg446420#msg446420
Hello guys,

this false positive will be corrected in new vps update in about 30 minutes. We are blocking ads from yieldmanager.com (by mistake because they were in our stats as distributor of Fake Antivirus websites).

Thank you for information you have provided.
Regards

rspero

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #8 on: December 27, 2009, 04:35:30 PM »
I am getting this too.

chalupes

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #9 on: December 27, 2009, 04:44:59 PM »
so getting this on many sites is not a huge issue then?

molson mike

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #10 on: December 27, 2009, 05:03:34 PM »
I am getting the "js:scrpt...." as well, but only on my local cable website - roadrunner.com  - in Livonia Michigan.  The Avast pop-up that comes up with the site address is // cdn.at.atwola.com/_media/uac/tcode3.html(gzip) everytime I attempt to access that e-mail account or home site.  This is all greek to me. Any assistance would be appreciated. This problem is new and the last time I was on that site was 10 days ago.

bobo1

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #11 on: December 27, 2009, 05:05:29 PM »
New VPS Out now hopefully fixed

raceonusa

  • Guest
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #12 on: August 18, 2010, 12:10:09 AM »
I'm also getting a trojan virus error: JS:ScriptIP-inf

on my website http://www.raceonusa.com

but I'm pretty sure it doesn't have a virus.

http://www.virustotal.com/file-scan/report.html?id=2fa5db5fd783fbbba00fa5aaed1fcbf27500d997001d9ac3ca79a9ded95c84f6-1282072010

Avast   4.8.1351.0   2010.08.17   JS:ScriptIP-inf
Avast5   5.0.332.0   2010.08.17   JS:ScriptIP-inf
GData   21   2010.08.17   JS:ScriptIP-inf

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #13 on: August 18, 2010, 10:57:58 AM »
Hello,

Your website is currently hacked and used to distribute malware -> that's why we started to block your domain. You will have to remove malicious scripts which was added into your website - php/exe/java/etc (It would be nice, if you can collect them and send them in password protected archive to virus@avast.com).

All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
Code: [Select]
hxxp://www.raceonusa.com/Home/exemple.com/
Regards

PS: We will not remove your domain from blocklist until you fix the problem.
PPS: You should start your own thread.
« Last Edit: August 18, 2010, 10:59:36 AM by jsejtko »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: www.yahoo.com JS:ScriptIP-inf [Trj] false positive?
« Reply #14 on: August 18, 2010, 11:14:15 AM »
Quote
PPS: You should start your own thread.
he already have.... here http://forum.avast.com/index.php?topic=62891.0