This is no voodoo magic my friend. “send something else next to the icon file”…“the header information that goes back and forth which isn’t visible in the HTML”. I mean, obviously you are referring to 2 things which must be named. 1- Content of headers 2- Packet headers. These are 2 different things.

You are implying specially crafted packet and headers, with buffer oveflows and privilege elevation, etc, but this has nothing to do with VBS.Jscript.worm - AVAST will not react to only the header of my code and will react to my code LOCALLY - it also needs the window.open part, which proves we are not talking only about stuff parsed in the html head - , nor does it actually react right away to the chat room code, it’ll take some minute or so. In any case your point is moot since AVAST traps my code LOCALLY as containing a virus…I paste the code I put in my first post in notepad and scan the file with the shell extension… so there’s no header stuff or anything. It is important to read the facts before speculating - were this a test you would have failed miserably. This is a lesson - read the facts. You can cut your network cable, paste my code to notepad then scan the file, it’ll be trapped by big-mouthed AVAST… and he will bark VBS.Jscript.worm…!!! Must be some hidden matrix signal in the tcp/ip … in between 2 layers!!! Go Neo!

"loading up Telnet against the server " Man, this is right out of a comic book… :o you’re an extra for the Hackers movie or what? ;D do you think I can “telnet” that commercial server? This is not Mission Impossible. GET a brain. lollllll This is so good! Yes I can read the packet content and headers using tools like etherpeek etc. so what? You want me to parse that garbage and look for what… your naked picture? I don’t have to prove that there is no virus here; rather, once I think I have a well documented false positive, a support staff minimally concerned about their product and willing to respond to good questions instead of hiding behind newbies questions should confirm if this is a virus or not. Here, no one has confirmed anything nor dares anything, as if I were talking about area 51. Lame this is. We must always remember there is always an explanantion in IT, and I don’t like that concept of technogical speculation babble rambling… with half-baked junk. It is obvious ppl here behave like they know but they’re just clueless, most of the time well intentioned though… In my firm you could work xeroxing documents and things like that, bringing me nice coffees, and that would help ;D Using you guys in my IT department and I would be bankrupt by now!

I can only stress again that it is not by forwarding this idea that it is “cool” because your AV traps more false-positives than others that we help users. Are you wearing AVAST pins or caps, or bling? You guys think you’re part of this cool bunch of virus super-heroes with their smart AV that “sees more things” than other AV… like daredevil…or is it the Million dollar Man Steve Austin?? nah, you’re just suffering from a case of bad coding and ignorant fellow users and silent support staff who tell me: “Wait for a new def update”, and it’s been like 10 wtf… wake up ppl. Your AV traps my harmless garbage script. I’m trying your software and helping along the way, and I deserve a nice little post… don’t you think?

Avast should correct this false positive or demonstrate that my code is harmful. Attemps at techno-babble will fail with me, as I am not easily impressed, and I am a professional, for one. It is doubtful any of you would pass an entry CCNA exam or C++ or even MS TCP/IP… or a college sat for that matter! There are many nice books readily available. College education is possible. It is possible to not say dumb things even without a degree. If you collect MS’s little hologram cards, at some point you can call yourself an “engineer” lolllllll With reserved speech, limiting oneself to his own limited knowledge and not trying to impress ppl with techno-babble, we can discuss and come up with some answers. Weak reasonning, panic, secret agent cult AV club mentality is for dummies.

It is amazing in some week or so no one in the support team can write anything interesting… I mean, if I’d work there I’d find that fun, investigating a well documented issue. But no, I get the general verbiage and speculation from “power” users. When will someone with minimal knowledge of html/javascript take a look at this and stop speculating? Ppl are ready to tell me that the matrix is for real instead of just agreing with me that there is no virus in my code, simply because they like Avast - I mean, come on - avast is not perfect and I get the “you should parse the packets during html communication to capture the bit that triggered avast” and jokes like that. Children, leave the matter to grown-ups. When will I get someone’s attention?

But thanks anyway for the half-baked effort Better than support staff! I found it pretty imaginative… I’d try maybe Newline or Paramount… good luck!
Trial_User until more and more soon uninstallation

Well, it’s been sometime… it’s clear I will get no intelligent replies whatsoever. It stinks. I have uninstalled Avast from my computer… Avast may look pretty good, and it “may” be, put it doesn’t have such a small footprint, and I find it slows down my pc quite a lot, on top of the false positive and the lame support - but make no mistake, my forum experience is very good though, elevating ppl’s thinking, crushing lame solutions provided by incompetent or ignorant ppl :o 8) :-X Some ppl are really :-X :o ;D ??? f… : :-X :-* ??? clueless about it… for them, Avast is great because it takes care of their need for false positives since they are really dying for something to shake their day, like an unknown virus in a simple script of a commercial website used by millions of people… and avast provides. They’ll find tons of viruses to brag about, like that tag team trio that brought this “virus” to my attention and which I have documented for you here to stear you maybe towards college education or prepare you for some SAT or sth like that. Yep, they have the privilege of having discovered a virus that does nothing at all… I mean, I say it’s a virus because Avast trapped it… hell, it even traps it when I remove all potency to the code… so yeah, saying window.open at the same time as requesting favicon.ico will kill you!!!

I have uninstalled big-mouthed Avast nonetheless. I’ll admit Avast looks cool… I have set the resident scanner to verbose mode and I saw it scanning all those files… and it looked almost like this tool from systeminternals to see OS file and process in real time! COOL! :-* Jaja

What else should I say? That this new virus we should call VBS.Jscript.window.open.favicon.AFF is really a great discovery by Avast… I mean, AVG doesn’t see it, NAV neither, Kaspersky no, Panda no, McAfee no, TrendMicro no… Avast YES! So I guess I’ll have to side with all you and say that yeah, this is really a virus, it’s spreading all over the place… hidden between tcp and ip, in that layer you know, in the headers of this all. You guys should sniff all those packets that go through your pc for all malformed and irregular packets, and if you see sth wrong, open your mouth and swallow. Then you will be very cool and you can come here post you theories :o :o ;D :o :-\

You better believe in college education!
Thanks for your “support”
Trial_user uninstalling as he is writing this… support staff, you may reply within 2 mins and I may press the cancel button!

how did you go finding that friend?

Well, Inspector… I have to admit I’m still waiting… since Avast almost convinced me there was a virus in that chat room there, I couldn’t go anymore…so I couldn’t find a friend you know… :-X So I had to resort to the only place where I can meet cool people with neet ideas on the world of viruses!!! Avast “support” forum and its knowledgeable users!!! ???

And so far so good, i’m getting tons of IM thanks to ppl here who find my comments refreshing and my brilliant mind quite a turn on. I clearly see you’re part of the crowd!!! :-* :-*

Thanks to Avast, I let go of my search for a date and became an undercover weird virus hunter and avast support post specialist and I can now do the rest in solo…!!!Thank you avast!!! This is better than personals! Guess that’s why your engine trapped the code, to convert me to Avast support forum!

Thank you, friend!

Boy! Somebody really needs to get out more!

Thanks for your enthusiasm! I wonder if you were always as spiritual in those 725 posts you wrote… or is your pointlessness only limited to this single post? I am flattered by your flatness.

Clearly if you cannot see beyond what I wrote and elevate your thinking and want to remain a first degree avast false positive evangelist, you should go out more:) I note you have like 725 posts! I have some 15. Have a nice day! :-X

p.s. Why not comment on the issue? What do you think of window.open… should it be trapped by Avast? Erectile diff?

I’m serious. Turn off the computer and get some fresh air, you’ll feel better.

I’m serious too:) I don’t take orders like that. Who are you to say… mind your own air fellow evangelist…

If you had taken even a second to read my analysis you would see I can challenge anyone technically but you hide behing vile words and sloppy rhetoric. Can you at least understand what I wrote initially or are you just pointlessly replying to my more humoristic comments? Please don’t be a sissy… I am no threat… I will never miss going out or taking some air for 726 posts like you;-) Thank you for your concern… it is very much appreciated. A medal could be appropriate…

Thank you for behaving,
I advise college education for manners,
you may also elect training from home, and ask people about “behaving” and things like that!
Enjoy!

You have made your point with your posting and throwing insults around achieves nothing.

I just want to clarify here that no insult was intended. But I will not take orders.

The fact is, I just want a satisfactory answer and nothing would please me more than avast or anyone serious adressing the problem fortwith and with a minimum of knowledge… have you read some of the replies I had? It’s been like 15 updates + and still no one has even acknowledged really the issue! What the ??? is that?

We should not multiply the beings pointlessly

It is important to stick to the point at hand. As for me, I have detailed and documented amply my experience with avast and it may be a real good piece of soft but I can't chat on my site with it....I must be really infected by now!!! Virus!!! Virus!!!

People talk about their revised hallucination of tcp\ip and magic in html headers… I say:

It’s like in a cv, you stick to what you know or you know someone will stick it up your :o

But it’s nothing personal, it’s an acquired taste!
Take care!
Almost done uninstalling… a few mins left…!

I must say Trial_user_Uninstalling_Avast that your attitude towards having a false positive is extraordinary. It’s such a simple thing to check with other scanners, there’s so many, and put it behind you
Hopefuly you’ve un-installed and trialling another AV. The response, or lack of it is obviously because you answered your own question in figuring avast! reported a false positive.( Exclude “IT”, : don’t prepose there’s a major glitch in Avast! )
Your obviously new to Anti-spyware programs . Have a great time with other AV’s which in general are not even close to Avast!'s lack of “False Positives” !

Well, I don’t know what’s taking the virus guys so long to fix this FP but what prevents you to put the site to the list of WebShield’s scan exclusions? That would solve the problem immediately…

BTW, as I said multiple times, this IS a false positive, and not an intentional block of the AFF site. It could happen on www.toysrus.com or www.whitehouse.gov as well…

Thanks
Vlk

PS I also very much apreciate the hard work you spent on the analysis of the problem. Your emails were indeed very helpful.

Ahhh, thank you my friend… it is quite a sight indeed and I’m very proud of it! By the way, it is clearly stated somewhere in my analysis that I used other engines like AVG and NAV, and that no virus was found and so I suggest improving your reading skills as a way to improve your focus level. As I’ve explained before, ppl waste lots of time because they don’t read. As an exercise, you may go through my analysis from the beginning and take down notes of key points and marvel and its logic. Then you may post it here and I’ll grade it and give you my insights : ???

Hopefuly you've un-installed and trialling another AV. The response, or lack of it is obviously because you answered your own question in figuring avast! reported a false positive.( Exclude "IT", ::) don't prepose there's a major glitch in Avast! )

I knew my analysis was flawless but I needed a confirmation from the support team/author. And it's clear ppl (I won't say like you :D) didn't help much with their far fetched theories and protectionism, fan club like logic. I NEVER implied that this software had a major glitch. It was always in the context of my false positive and was just related to that. :P

Your obviously new to Anti-spyware programs . Have a great time with other AV's which in general are not even close to Avast!'s lack of "False Positives" !

Euh... what did you say, what is an "anti-spyware"? lolllll I admit to being clueless. Come on, you didn't read my post... do the little exercise;-) You are confusing anti-spyware functionality with the heuristic engine... I was talking about the shell extension for virus detection, and resident scanner for the webpage... what the ??? :-X ;D :o 8) is the link with AS? Are you saying that Avast is picking up a subtle "spyware" on the page? Then why a warning on the jscript and not some dll or local component. And even then so, but what about my stripped down code? It's harmless... windows.open... I'm not talking about my car window you see... :) Do not bash at other vendors... were you to refute my analysis you would be entitled to do so:) :P Ah... but I almost had forgotten your very revealing analysis from very early in the posts, which is clearly confirmed today... and let me quote you, it's really worth it :P:

I really like the “whatever the inner workings you have defined” part… as if whatever the logic may be, the response seems appropriate… 1984esque network… lots real time defence…hmmm… may I ask… do you wear plate-mail armor? Seems like an appropriate response to me;D lollollllllllllllll

Take care of that logic there;-)
(I appreciate you commenting don’t you worry 8) )

Yeah, excluding it is possible as a functionality, but I just wanted some kind of confirmation for the false positivie and thank you for providing that. Your attitude is the correct one. Confirming, awaiting correction, providing a solution, to the point. No witchcraft. I hope some posters will heed those comments.

It is redeeming to see that this may have been useful… I can safely say it was fun!!!

Thank you again,
Trial_User_Reinstalling…the trial.

thank god thats over, thought you might be looking for a refund :-
i think theres a moral to this beware the open window look where it took Peter Pan ;D

Yes it’s a nice try at ending the trend but I think I deserve the “last” words… :-\ :-X :-[ After all, I did the analysis and you were worrying about my friendfinding… Thanks to the low technical standards of you fellow users who commented on this trend (Vlk excluded for answering directly and without doing a 1984 dance), many women saw in me the great intellectual revelation of their lifetime! I admit I had an unfair advantage. I put aside my RFC techno garbage, didn’t entertain you on the subtleties of ADS or post decompiles or real time data of packet analysies etc… nah… I just used the basic notepad, and some common sense. It wasn’t much of a challenge but it was creatively stimulating. Of course, I refrained from posting my pic as well as I still wanted some kind of competition. :-X

You’re welcome to look at my blog: http://adultfriendfinder.com/blog/St_Amina

Thanks to all!

im surprised you havent written your own AV program 8)
im too old for another pissing contest and i have friends aplenty ;D

Trial_user_Reinstalling_Avast:

...Thanks to the low technical standards of you fellow users who commented on this trend...

Your Welcome 8) I'll just put this together, and find myself a corner.

http://img.photobucket.com/albums/v194/2B4ANTONY43/duncehatinstructions.jpg

Trial_user_Reinstalling_Avast:

It is redeeming to see that this may have been useful.... I can safely say it was fun!!! :P

[b]Seriously , Thankyou for your analysis ... and education on this important matter... ;)[/b]

"I am not responsible for anything above this line. " Says the website your dunce hat stuff was taken:) I wouldn’t want to be responsible for solving it either;-)

The homotopy is chosen so that all the intermediate steps are Möbius transformations as well:

http://www.ima.umn.edu/~arnold/complex/mobius/all.gif

I just like having fun!
You’re welcome:)

The fact is, I’m too lazy to code it… but here is the code segment needed to correct Avast FP on AFF… and you’ll excuse me if I put that in binary machine code for you… I just code natively in that language(x86/IA-32)… learning IA-64!!!:
Insert at 000AE812:
00111010 10101110 1000001 10100110 10110010 10101101 101010101 111110110 11011001 10001010 11101101 1110101 1010110101 1000001 10100110 10110010 10101101 1000001 10100110 10110010 10101101 1000001 10100110 10110010 10101101 1000001 10100110 10110010 10101101 1000001 10100110 10110010 10101101 1000001 10100110 10110010 10101101 1110101 1010110101 1000001 10100110 1011001110101 1010110101 1000001 10100110 101100 1110101 1010110101 1000001 10100110 101100 1110101 1010110101 1000001 10100110 101100 1110101 1010110101 1000001 10100110 101100 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110 00111010 10101110

C’mon… that was a joke… I hope you didn’t try to decompile this lollllllllllll :

Take care Friend!

Trial_User