Avast does not find JS/Agent.MZT

Ok trying for the second time (Forum went down);
Panda on my Vista machine found JS/Agent.MZT in img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js (called from Godaddy.com).
Avast on my XP does not.

It might be a false positive by panda,

check the wepawet results here : http://wepawet.iseclab.org/view.php?hash=b72051ceb71b30b891c5ddc87eb9db1c&t=1258640200&type=js

this js is a huge one. I can’t go through fully. someone might post.

nmb

or Avast is still working on it like Symantec: http://www.symantec.com/connect/forums/jsagentmzt (includes a Panda link)

Hello margunnarsson,

Never in the panda security link says img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js is infected. sorry, we are talking about avast! here.

panda detects JS/Agent.MZT it doesn’t mean img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js is that. it might be a fp. and it also doesn’t mean avast detects it or doesn’t detect it. by this time, someone from avast! team might be analyzing the file. they might come up with a sol’n. you may have to wait.

also,

send the file password protected zip file to virus@avast.com , with the subject as active malware and in the body put the link to this topic and the password of the zip file.

nmb

hi nmb and thanks for reply

no, my log does:
JS/Agent.MZT 19-11-2009 15:37:15 http://img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
JS/Agent.MZT 19-11-2009 15:08:30 http://cdn.code.haymarket.com/injector/deliver/pistonheadsforums.haymarket.haymarketanalytics_js.ashx
JS/Agent.MZT 19-11-2009 14:48:55 http://img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
JS/Agent.MZT 19-11-2009 13:31:02 http://img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
JS/Agent.MZT 19-11-2009 13:08:10 http://img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
JS/Agent.MZT 19-11-2009 12:28:52 http://img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js
JS/Agent.MZT 18-11-2009 18:02:27 C:\Users*my computer name*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5HP7MSX\jquery-1.3.1.min[1].js

yes, i know we are talking about avast, and i would probably also have it this computer, if i would have been able to install it, it has been working very well on my laptop, and i wanted to find why i dont get a warning from Avast when i go the godaddy.com site, which calls img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js

Avast recently found two viruses - one is named A0017998.exe and was located under system volume information; the other is named photobackpluginsetup and was found under HP Photosmart Essential. Has anyone else received these, and if so, what do I do with them? For now, they are in the virus chest. The virus description for both is Win32: Trojan-gen.
Thank you.

Is the log from avast! ?.. or is it panda’s?

why i dont get a warning from Avast when i go the godaddy.com site, which calls img1.wsimg.com/AtlantisScripts/jquery/jquery-1.3.1.min.js

why should you get if the js is not infected.

edit : just tried to run in my testing software. it contains a eval(). may be beacuse of that panda is detecting.

someone from avast has to reply.

nmb

its the Panda log from my Vista Desktop (its only 2 months old).
I have Avast on my XP laptop ( 5 years old ).
and here is a pop-up (which i had forgotten all about, course i havent seen one in years, on my machines) which came when i click on a link on a godaddy.com hosted domain i just bought - this was on my Vista/Panda machine!:
cdn.optmd.com/V2/41865/160979/ skipping parameters

oki here is wot rating : http://www.mywot.com/en/scorecard/cdn.optmd.com

wot uses panda. may be because of that cdn.optmd.com is also detected as suspicious.

nmb

Hi margunnarsson,

I downloaded the jQuery.JS and uploaded it to virustotal: http://www.virustotal.com/nl/analisis/be45fd69b1da07c2180a65cf291453a0ab17f7859cdc5eae9d07f218256cd4ed-1258662253
Checked the file also with ScriptSentry- no problems found.
I think you encounter this flags because of having two resident av solutions on one machine, or it is/was just a Panda FP,

polonus

Indeed false alarm from Panda, giving me this problem today.
http://www.symantec.com/connect/forums/jsagentmzt
FYI: I have only Panda on my Vista machine (course I could not install Avast), and only Avast on my XP.
Thanks for resonses.

Hi,
pack the files to archive with password “infected” and send to virus@avast.com with “False positive” in subject or send from chest as false positive to analyze.
Next time create new topic, please.

Thank you,
Milos