VPS: 091214-0, 14/12/2009
Is this a false positive?
Thanks.
VPS: 091214-0, 14/12/2009
Is this a false positive?
Thanks.
Generally avast is very accurate on these detections.
The data.js file is full of obfuscated code, functions and document commands, because of the obfuscation I can’t say what it is trying to do. But since javascript is a plain language scripting tool I don’t see why there is a need for this level of obfuscation, what have they got to hide and for me is suspicious.
However, a recent scan at virustotal gives 9 detections of 41, so that is further suspicion it isn’t an FP, as many AVs aren’t even looking for this sort of thing.
My upload has just finished being scanned and the result is 10/41 so 1 more than the last scan.
Hi hm2k,
Consider this here: http://forum.avast.com/index.php?topic=51941.msg439644#msg439644
polonus
My upload has just finished being scanned and the result is 10/41 so 1 more than the last scan.It is actually 8 David, since f-secure and GData are using Bitdefender engine
Hi hm2k, DavidR and Pondus,
We should be glad for these Webshield findings. But I can understand that users are reluctant to believe these are genuine and there is really a major threat luring visiting the site. I will demonstrate it with an example where MacAfee’s SiteAdvisor gives a site as all green, while unmasked parasites gives it as ridden with malware. The example site I mention also has (had) HTML:IFrame-KT [Trj].
Site nandableeker dot nl
Part of this site during the previous 90 days was noted thrice for suspicious activities.
What happened when Google visited this site?
Of 40 pages that we tested on the site 7 pages without user’s consent have been downloading and installing malcode. Last time suspicious content was found on the site was on 2009-12-07.
Malicious software includes 40 scripting exploits, 3 Trojans, 2 exploits. Successful infection resulted in an average of 3 new process(es) on the target machine.
Malicious software is being hosted on 10 domains, e.g. gabtibbgtwe.com/, toshiba4u.ca/, cardemil.dk/.
4 domains seem to function as redirecting to spread malicious software to visitors, i.e. frostep.com/, tradeservise.com/, dominchikis.com/.
This site was hosted on 1 network(s) including AS21155 (PROSERVE),
polonus
Well depends, if you want to also consider GData also uses avast, though in this case it is using the bitdefender signature, so theoretically it could be two ;D
However that doesn’t matter too much as it is basically confirming suspicion about that file and the probably good detection by avast.