Author Topic: potential false positive (JS:Agent-PV [Trj])  (Read 5908 times)

0 Members and 1 Guest are viewing this topic.

tbd_appn

  • Guest
potential false positive (JS:Agent-PV [Trj])
« on: March 06, 2012, 05:19:51 PM »
Hello,

The below Javascript was flagged as JS:Agent-PV [Trj], however the provider of this JS is a trusted partner and we suspect this is a false positive. Is there any clarification that can be given here?

Many thanks.

Removed the actual code, here is a link (though this may rotate and change), and screenshot attached:

hxxp://www.kqzyfj.com/placeholder-5791062?target=_top&mouseover=N

« Last Edit: March 06, 2012, 05:27:26 PM by tbd_appn »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #1 on: March 06, 2012, 05:23:27 PM »
DO NOT post Potentially malware code in the forum as every one with a AV detecting this will get a warning when entering the forum


take a screenshot of the code and attach



VirusTotal - 2/43
https://www.virustotal.com/file/6b11f0e5bba1948abbbc3d9092812cf7c7ca580f55c1364f7864b2fd709887a5/analysis/1331051093/
« Last Edit: March 06, 2012, 05:26:26 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33928
  • malware fighter
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #2 on: March 06, 2012, 05:36:25 PM »
As Pondus says remove script code immedeately or present it as an image link. If the malcode is not a FP,  it is a spyware TT-exploit, and especially dangerous when opened with Internet Explorer,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

adfms

  • Guest
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #3 on: March 06, 2012, 06:11:23 PM »
Here is a screenshot of the ad that comes up when it is wrapped in java script. This is a legitimate Verizon campaign from CJ.

spg SCOTT

  • Guest
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #4 on: March 06, 2012, 06:59:01 PM »
Use this form to report a false positive directly to the virus lab:
http://www.avast.com/contact-form.php?loadStyles

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33928
  • malware fighter
« Last Edit: March 06, 2012, 07:04:51 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2296
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #6 on: March 07, 2012, 08:06:39 AM »
Hello,
false positive will be fixed in next VPS update.

Milos

The Redneck Hippie

  • Guest
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #7 on: February 13, 2014, 04:16:50 PM »
Bringing up a very old thread to say this has NOT been fixed.  I've already reported it via the "Contact Us" about false-positives form on this site. 

I just got this JS:Agent-PV [Trj] false-positive from this site:

http://www.alicepaul.org/      alicepaul.htm

To see it, take out the spaces in the above url, or just go to the main page and click on "Alice Paul" in the bar across the top. 

BTW, this is so annoying that I joined this forum just now just to report this. 

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33928
  • malware fighter
Re: potential false positive (JS:Agent-PV [Trj])
« Reply #8 on: February 13, 2014, 04:51:37 PM »
This asp site certainly has some server security issues as you can view here: https://asafaweb.com/Scan?Url=www.alicepaul.org%2Falicepaul.htm
Custom errors are not correctly configured ; by default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers; it doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a click-jacking attack.
Earlier malware from IP: http://support.clean-mx.de/clean-mx/viruses?id=8678620
A pinpoint evaluation was blocked by avast shield detection. JS:Agent-AYC[Trj],
If that was inserted into your JS files you must remove the code and search for the door which allowed the hacker to insert the code.
If you want to report a FP go here: www.avast.com/contact-form.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!