Avast and grc.com

Hi,
Thank you for your very good antivirus!!!
I’ve a problem: if I go to grc.com, avast detect a trojan in the home page!!
The trojan is: http://www.grc.com/iframe.htm\unp195131448 (HTML:RogueIframe [trj])

Is this right???

Thank you

Please, do not post live links to malware or false positives.
Can you edit the link (adding spaces into its name)? Thanks.

Dr. Web shows www.grc.com as being clean… but I couldn’t scan the iframe.htm page itself.

I am getting a similar warning when I visit www.chase.com and after trying www.grc.com.

HTML: RogueIFrame (trj)

I only get the warning on the Windows XP pro machines. The SBS2003 Server and the Vista clients do not get any warning.

I’ve also experienced the same warning. I tried to open the forum on the grc.com site but I get the same trojan warning again.

The iframe.htm page is called from the iframe tag (see code below) in the grc.com\intro.htm page, I thought that DrWeb was now scanning deeper.

<iframe id="zerosize" src="/iframe.htm" scrolling="no"></iframe>

The above doesn’t seem very dangerous, however the code in the iframe page, has yet another iframe tag and that calls another page, http :// www . grctech.com/c5mctohclsuvh/iframe1.htm. So this circular calling may be suspicious. Note the total content of the called pages is just an iframe tag. To all intents and purposes they appear benign, but I gave up after the 4th page, but I can imagine it goes on for some time. Why is the 64,000 dollar question.

<iframe src="http://www.grctech.com/_c5mctohclsuvh_/iframe1.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>

Which calls yet another page from an iframe tag

<iframe src="http://www.grc.com/iframe2.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>

Which calls yet another page from an iframe tag

<iframe src="http://www.grctech.com/_3mg42bcq3evok_/iframe3.htm" width=0 height=0 frameborder=0 marginwidth=0 marginheight=0 scrolling="no"></iframe>

This page call seems to end the cycle as the only code on the called page is:

<html></html>

I don’t know what is going on but it is strange to say the least, but appears benign.

yes i am too getting this warning from avast webshield.
I am used to test sometimes my ports but never before i got this warning.
Tevion

You can still submit a false positive email to virus @ avast . com (without the spaces) and obviously no file to attach. Give the URL and malware name and a link to this topic so they can get more information.

Same virus alert when visiting:
http://www.autotrader.co.uk

thanks DavidR, just done.

got the same warning from going to grc.com and never did before…

http://i27.tinypic.com/mszzgw.gif

FP. Please update, it should be gone.

just did and it’s still giving the warning ???

http://i25.tinypic.com/sqii3n.jpg

Hi Dan,

You heard it from the man, you are vulnerable to a False Positive,

Damian

P.S. Click pic for animation

thanks kubecj :slight_smile:
and isn’t that so cute damian 8)

click on box to see my animation :wink:

No VPS update available, 080317-0 is current and still getting the alerts.

(current version 080317-0) same here davidr my friend :wink:

(current version 080318-0) and going to grc.com is fine now…thank you!!

Both Chase and GRC.com are fine for us aswell, Thanks!