wd=%E5%8F%A3%E8%A2%8B%E8%81%94%E7%9B%9F mean search word =“口袋联盟” (I clicked into ad link on accidient and it link to this android adware)
Avast must have a bug in dealing with very specific search term in baidu.
Same as before, the detection is “JS:ScriptPE-inf [trj]”
Weird enough it doesn’t block the search sometime.
It seam useless to report it, because it doesn’t fix the detection for all of the search term which have this problem.
Edit: LOL! It even detect on pure ‘?’.
Here is the weird detection avast is giving me:
URL: http://www.baidu.com/s?cl=3&wd=???&ie=utf-8 | {gzip}
Infection: JS:ScriptPE-inf [Trj]
Process: C:\Program Files\Internet Explorer\iexplore.exe
I just checked and avast isn’t blocking/detecting anything.
My guess is that there is sometimes a add on the website/in the search results that is causing the problem.
A other possibility is that the TGF in China is causing the problem.
When it comes to Baidu and other Chinese websites, never “just” trust them.
Well The | {gzip} bit at the end of the URL you gave is normally an indication that a compressed script file is being loaded along with the page/search and the alert indication JS:ScriptPE-inf [Trj] (the -inf, is usually associated with injected code), would tend to support that.
I disagree. baidu.com/s?wd=…
This is the file with the problem: s.htm
I have some past record of this detection in the avast virus chest. They all undetected now.
This IS the same script among every search term, there should be no different between every two of these.
For example, these two:
both are the same script, but 2 is detected while 1 is undetected.
The main problem is that most of the search term have no problem, but only sometime when specific search term is used, avast don’t like the script file.
s.htm is put in temporary internet file most of the time I search using baidu, that explain the | {gzip} part