Author Topic: FP or real malware? [Now solved]  (Read 3354 times)

0 Members and 1 Guest are viewing this topic.

12-es_csaj

  • Guest
FP or real malware? [Now solved]
« on: February 09, 2011, 08:01:28 PM »
INF:AutoRun-BJ [Wrm] on hxxp://prohardver.hu/tema/avg_antivirus_2/friss.html
« Last Edit: February 09, 2011, 09:00:33 PM by 12-es_csaj »

REDACTED

  • Guest
« Last Edit: February 09, 2011, 08:27:58 PM by Dim@rik »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87645
  • No support PMs thanks
Re: FP or real malware?
« Reply #2 on: February 09, 2011, 08:32:16 PM »
INF:AutoRun-BJ [Wrm] on hxxp://prohardver.hu/tema/avg_antivirus_2/friss.html

What are you trying to do in visiting this URL ?

Whilst it is only avast and gdata alerting on this page it might well be an FP.
But it is a strange malware name to be detected on a web page, it is this bit that makes me ask the first question (/avg_antivirus_2/). If you happened to be trying to run an on-line virus scan it may be detecting something to autorun that scan.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

12-es_csaj

  • Guest
Re: FP or real malware?
« Reply #3 on: February 09, 2011, 08:36:47 PM »
What are you trying to do in visiting this URL ?
Whilst it is only avast and gdata alerting on this page it might well be an FP.
But it is a strange malware name to be detected on a web page, it is this bit that makes me ask the first question (/avg_antivirus_2/). If you happened to be trying to run an on-line virus scan it may be detecting something to autorun that scan.

No, it's a Hungarian PC forum, and I tried to visit the AVG topic, but I failed.
I already saw the VPS history, and this worm is in the database for several days.

Since that, a member answered on that forum's antivirus topic. There is an autorun.inf malware code "printed" on one of the posts, and avast! alerts because of this.


Sorry for my bad English.

spg SCOTT

  • Guest
Re: FP or real malware?
« Reply #4 on: February 09, 2011, 08:40:49 PM »
Actually, not quite a FP...

The page has a script posted in plaintext, which will exist in the source code, hence avast detects it.

This is why I, and others post scripts in image form, as this will happen. First image is the actual page, second is the source code, where it exists. avast! alerts on that code when isolated.

EDIT: http://www.virustotal.com/file-scan/report.html?id=95fffb050f4eb6695fc419c3a85910e48f59528fb92822fa70b4c96b75373a15-1297280530

The isolated script, sent to VT
« Last Edit: February 09, 2011, 08:44:17 PM by spg SCOTT »

12-es_csaj

  • Guest
Re: FP or real malware?
« Reply #5 on: February 09, 2011, 09:00:00 PM »
Moderators deleted the problematic post.
So, this wasn't FP.
And now, it is solved