[RESOLVED] FALSE POSITIVE VBS:Malware-gen warning in AVAST Web Shield

[psychojack]

Trying to find out if anyone else has gotten this problem with Avast and Firefox It pops up everytime I try to use firefox. If so how do I resolve it:

download.primawega.com/mta/get_mta_db_url.php?cid
Process:   file://C:\Program Files\Mozilla Firefox\extensions\{9ad67e7a-d9eb-3229-bf50-7b4170033577}\components\i8_vW_8_b.dll
Infection:   url:Mal

[DavidR]

Well based on the information in the alert, this is what is going on:
One of your firefox extensions is trying to connect to download.primawega.com and avast believs that URL to be malicious, e.g. it is on its malicious sites list.

Actions:
Check your firefox extensions, are they all ones that you have installed and why would they be trying to make a connection to that site. Any recently installed add-ons or ones that you aren't familiar with, disable them one at a time and see if you can find which add-in is responsible.

Find that i8_vW_8_b.dll file in the path given and upload it for analysis:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.

Alternative scan:
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1.  MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware (SAS). On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

@@@@
Avast isn't alone in not liking that site, http://www.urlvoid.com/scan/primawega.com and  http://www.mywot.com/en/scorecard/primawega.com.

[intanet]

Here's the problem.  It may be a false positive so we need not worry about being infected, but what if you are the author of the site as I am.  I have 2 websites at Tripod.com.  I used to have them both over at Freeservers but moved to Tripod a few years ago for this very reason, the trojan warning from Avast! at Freeservers.  But today I got that warning at Tripod too.  I've had these websites up at Tripod for years with no problem.  I even got a green check from McAfee Site Advisor.   But today, I not only got the vbs:malware-gen alert at my Tripod webpages but am being blocked from going to the websites at all which also means that anyone with Avast is also being blocked from going to my 2 websites.