Avast is alerting on www.msn.com

Viruses and worms
1

Avast is alerting on www.msn.com for me and other Microsoft properties. I have avast 11.1.2253 and virus definitions 161022-0. When I load msn it’s alerting me on http://72.21.91.8/moth-min.js If I try onenote.com I get an alert for http://72.21.91.8/js/6499203142.js with URL:mal It seems to be flagging the content delivery network //cdn.optimizely.com/js/. Bad web-site anti-virus signatures? I ran a full virus scan from a different account on the machine and it came up clean.

2

Seems the file, checked as gruntfile.js, is safe to be used: https://www.virustotal.com/nl/file/17b3914195ad4aae3f4486a351fe9172aada062dad7fcc78bca5894221a6c019/analysis/1476415341/

IF it is flagged it is a PUP coming with an installer. PUP is not a virus but a potentially unwanted program.

moth-min[1].js file information:

This file is part of unknown product process designed by unknown company, This file not necessary for your system, Keep this file running unless you suspected that this file cause problems to your system

moth-min[1].js Security analysis
is moth-min[1].js Virus NO
is moth-min[1].js Trojan NO
is moth-min[1].js Spyware NO
Total Security Risk PUP…

The alert came probably while you were updating firefox browser. Am I right?
This as the flagged PUP is part of that installer among other things.

polonus

3

No, this is a vanilla Windows 7 installation with just IE. No other browsers installed. I navigate to www.msn.com in IE and I get the alert for moth-min.js. I navigate to www.onenote.com and I get the alert for the other .js file. I downloaded one of the files to another computer and copied it over. Avast didn’t do anything, and if I do a virus scan on that file it comes up clean.

4

I think it’s a false positive in the malware URL database. Pretty much everything from http://cdn.optimizely.com is causing a security alert on my system. If I put any URL containing that website in IE, I get an Avast alert. For example http://cdn.optimizely.com/foo.bar → alert. If I turn off Block Malware URLs in avast, I can download the .js file with no problem.

5

I rebooted my system and now it’s working properly. I guess I had a bad update.

6

Great you mitigated that false positive this way and reported back on it.

polonus