False positive: google analitycs

[Demian75]

Hello,
I recently upgraded from Avast Free at Avast internet security, and now
I receive false positive alarms on every site where is installed google analitycs,
both on firefox and IE browsers.
I already reinstalled the software and updated to last virus defintion, how
could I stop this very annoyng problem?

thanks in advance,
Demian

[essexboy]

Google analytics is a pain in the posterior unless you are running a web site

You can set google analytics to go to a system loop - this will stop the alerts

[DavidR]

It would have nothing to do with the change/upgrade of program as essentially the scanning engines and signatures are the same.

Can you attach a screenshot of just the avast alert window or give the full details of the alert, full path/url and malware name and an example of the site you were visiting when this occurred ?

If posting the url, change the http to hXXp to prevent the link being active.

Personally I don't allow google-analytics (NoScript add-on, it can also be blocked using AdBlockPlus)) and the spelling in your Subject isn't correct for google-analytics, so I'm hoping it is a typo as there are many such instances of different spelling to confuse the user. 

This is a commonly used urn for it hXXp://www.google-analytics.com/ga.js running a javascript file in pages you may visit. I believe there have been instances of the legit google-analytics being hijacked, so we do need more information.

EDIT - Note: actually blocking google-analytics can cause some sites not to work completely, but for the most part it doesn't effect them.

[Demian75]

Hello,
the problem is just "hxxp://www.google-analytics.com/ga.js"
for almost all site I open.
The strange that I had Avast free for years and never report that...
This happen only after I bought the Internet security, not a good sign.

So is there not any possibility to fix Avast?
I will try to put on Adblock, but seem a bit absurd.

It would have nothing to do with the change/upgrade of program as essentially the scanning engines and signatures are the same.

Can you attach a screenshot of just the avast alert window or give the full details of the alert, full path/url and malware name and an example of the site you were visiting when this occurred ?

If posting the url, change the http to hXXp to prevent the link being active.

Personally I don't allow google-analytics (NoScript add-on, it can also be blocked using AdBlockPlus)) and the spelling in your Subject isn't correct for google-analytics, so I'm hoping it is a typo as there are many such instances of different spelling to confuse the user. 

This is a commonly used urn for it hXXp://www.google-analytics.com/ga.js running a javascript file in pages you may visit. I believe there have been instances of the legit google-analytics being hijacked, so we do need more information.

EDIT - Note: actually blocking google-analytics can cause some sites not to work completely, but for the most part it doesn't effect them.

[DavidR]

As I said there have been instances of the google-analytics link being hijacked for malicious purposes. Something like a DNS style hijack redirecting the legit connection to google-analytics to a malicious site, which is why I asked for more information.

I have just allowed google-analytics on the forum.avast.com site and I'm not getting any alert. See image of google-analytics script in the page source for this page.

So are you getting any alerts when visiting the forums ?
EDIT: Mind you the above call goes to https not http google-analytics and that may not be covered by the http scanning of the web shield, which is even more reason for my asking for more details about the detection.

[DonZ63]

If you use IE8 or above and you turn on In-Private Filtering, it will auto block all the tracking google-analytics.com sites. Better yet, perform a simple registry hack to always turn on In-Private Filtering when IE starts up. Then set it to Auto mode and you are set.

[1010101010101010101010101]

Hello,
I recently upgraded from Avast Free at Avast internet security, and now
I receive false positive alarms on every site where is installed google analitycs,
both on firefox and IE browsers.
I already reinstalled the software and updated to last virus defintion, how
could I stop this very annoyng problem?

thanks in advance,
Demian

This is the only tool I have found to remove this extremely deep infection, I have tried avast / malwarybytes / avg / super antispyware NOTHING would even come close to finding the dns/VIRUS problem let alone fix it..

The good news is this tool by norton is amazing but the funny thing is I can't stand norton BUT this little tool is highly aggressive and should fix this problem you are talking about!!

I had to use it recently on a clients computer and it worked perfectly when all others failed!!

NORTON POWER ERASER >>> http://security.symantec.com/nbrt/npe.aspx?lcid=1033

[DonZ63]

Here is some more info on this: http://en.wikipedia.org/wiki/Measure_Map

First, tracking cookies are not malware per se. Adware or spyware would be a better definition.

If you want to eliminate crud like this, allow your browser to only store cookies from trusted web sites that require them. I only allow session cookies in my IE browser and I delete everything; temp files, session cookies, etc. when I close IE. IE and most other browsers have settings to do this automatically at browser close. Again the first line of surfing security is to properly configure your browser for safe surfing.

As far as Norton PowerEraser goes, make sure you note the bold print about potentional loss of valid files when using. The Norton people only recommend its use in extreme malware situations. At least do an image backup or minimally create a system restore point before use.

[Demian75]

Thanks for the info guys,
I'm using above all firefox 9, but even installing adblock plus the problem is
always present!!! even in IE9 and chrome!
I'm speaking of secure sites, like newspapers etc...
So could to be my PC infect? someone other is experimenting this problem with google
analityc and Avast?
others advices to avoid this annoyng alarm popups?
Is sad pay for a software who doesn't work properly!
(is maybe better the free version?)

Demian

[DavidR]

Installing AdBlockPlus won't make a blind bit of difference unless you actually block google-analytics.

If we were experiencing the problem we would have mentioned it and in my case as I said, even with google-analytics allowed I don't get any alert from avast.

EDIT: Did you install NoScript (?) as that by far is the most effective at blocking google-analytics. You don't have to do anything to block it as all scripts are blocked unless you explicitly allow it.

[1010101010101010101010101]

Thanks for the info guys,
I'm using above all firefox 9, but even installing adblock plus the problem is
always present!!! even in IE9 and chrome!
I'm speaking of secure sites, like newspapers etc...

Code: [Select]

So could to be my PC infect? someone other is experimenting this problem with google
analityc and Avast?others advices to avoid this annoyng alarm popups?
Is sad pay for a software who doesn't work properly!
(is maybe better the free version?)

Demian

I had this exact issue, I used NORTON POWER ERASER to fix MY problem.

I am not positive you are infected but like I said I had the avast/ google analitycs problem and the norton tool fixed it.

I have already mentioned this in your thread, if you are not sure about running the tool and seeing if it finds something because people are paranoid to use it then try using it to just see if it FINDS something then take a screen shot of what it finds if anything then DON'T follow thru with the fix and just close out power eraser, post the screen shot here for people to see what it found then maybe people can tell you that YES you can safely remove that.

Then you can run the tool again and this time follow thru with what norton power eraser wants to do with the results.

I hope that made sense.

[Demian75]

Hello guys,
thanks for replies, I tried to use NORTON POWER ERASER like suggested,
but it doesn't resolve my problems...
Always while open websites with google analitycs installed I receive a false positive
red message from avast!

Any other advices?
Don't understand why a common script like GA could cause this false positive with all browsers, I have already reinstalled it...

[deyani]

Hmm... Try CCleaner, this helps sometimes and if you want to reinstall, do clean install. Delete all old files.