Author Topic: [RESOLVED] FALSE POSITIVE VBS:Malware-gen warning in AVAST Web Shield  (Read 14393 times)

0 Members and 1 Guest are viewing this topic.

Offline psychojack

  • Newbie
  • *
  • Posts: 1
Re: [RESOLVED] FALSE POSITIVE VBS:Malware-gen warning in AVAST Web Shield
« Reply #15 on: August 11, 2011, 10:39:21 AM »
Trying to find out if anyone else has gotten this problem with Avast and Firefox It pops up everytime I try to use firefox. If so how do I resolve it:

download.primawega.com/mta/get_mta_db_url.php?cid
Process:   file://C:\Program Files\Mozilla Firefox\extensions\{9ad67e7a-d9eb-3229-bf50-7b4170033577}\components\i8_vW_8_b.dll
Infection:   url:Mal

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84586
  • No support PMs thanks
Re: [RESOLVED] FALSE POSITIVE VBS:Malware-gen warning in AVAST Web Shield
« Reply #16 on: August 11, 2011, 01:22:17 PM »
Well based on the information in the alert, this is what is going on:
One of your firefox extensions is trying to connect to download.primawega.com and avast believs that URL to be malicious, e.g. it is on its malicious sites list.

Actions:
Check your firefox extensions, are they all ones that you have installed and why would they be trying to make a connection to that site. Any recently installed add-ons or ones that you aren't familiar with, disable them one at a time and see if you can find which add-in is responsible.

Find that i8_vW_8_b.dll file in the path given and upload it for analysis:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.

Alternative scan:
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

@@@@
Avast isn't alone in not liking that site, http://www.urlvoid.com/scan/primawega.com and  http://www.mywot.com/en/scorecard/primawega.com.
« Last Edit: August 11, 2011, 01:26:05 PM by DavidR »
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline intanet

  • Jr. Member
  • **
  • Posts: 30
Re: [RESOLVED] FALSE POSITIVE VBS:Malware-gen warning in AVAST Web Shield
« Reply #17 on: April 29, 2013, 08:13:12 AM »
Here's the problem.  It may be a false positive so we need not worry about being infected, but what if you are the author of the site as I am.  I have 2 websites at Tripod.com.  I used to have them both over at Freeservers but moved to Tripod a few years ago for this very reason, the trojan warning from Avast! at Freeservers.  But today I got that warning at Tripod too.  I've had these websites up at Tripod for years with no problem.  I even got a green check from McAfee Site Advisor.   But today, I not only got the vbs:malware-gen alert at my Tripod webpages but am being blocked from going to the websites at all which also means that anyone with Avast is also being blocked from going to my 2 websites.