avast! claims there’s something called ‘JS: Redirector/ga.js’ on each and every one of the webpages with Google Analytics, which seems to be a false-positive.
(File Name: http://www.google-analytics.com/ga.js)

:

It seems that avast! wouldn’t show alerts when downloading hxxp://www.google-analytics.com/ga.js straight away.
Here’s the scan report from VirusTotal: http://www.virustotal.com/file-scan/report.html?id=a5511fd969bab9f8c5f4f08940fe805384a80847479598e143da9df82375c531-1282133169
Only four (including avast! 4.8, 5.0 and GD ) out of the 41 AVs asserted it was ‘infected’.

Haozip.exe is an RAR manager, in case you don’t know about it.
This file is extracted from a machine running avast! which blocked the js. Let me know if you want a copy of the file.

Well I have just downloaded that file and no alert by avast.

Also, refer to these links: http://zhidao.baidu.com/question/175037246.html?push=ql
and http://forum.avast.com/index.php?topic=62876.0 .Use google or yahoo! or whatever you like to translate his post into English.

fp on another website

Hi ziucqea,

I cannot find anything when I go to where you get the alerts. So it must be something in your browser cache that is being alerted, or in the profile of this. Cleanse your firefox browser and then try again,

polonus

It is screen shots I found on another forum. Also, have you seen the links I posted? The poster of the second link seems to be a staff from a Chinese enterprise, Kingsoft, whose official website is also blocked by avast!.
There are hosts of guys having the same issue. Neither could I get alerts when opening the link directly, though. But since it’s claimed to be a ‘redirector’, perhaps it would be blocked only by Webshield or whatever.

There have been instances of the script tag for Google Analytics being hacked, but I can’t recall if this also indicated the ga.js file (I don’t think so). Given the masses of script tags out there pointing at this ga.js file is this file was infected or even an FP there would be a flood of posts on the forums about it and we aren’t seeing that.

See this avast blog, which also points to a forum post about it, http://blog.avast.com/2010/07/07/are-you-a-nerd/.

It should be OK now.
Best regards
Jan Sirmer

[modified][Official Google Analytics code is OK, this sample is not a false]

No, it IS NOT OK

Hello,
i wrote you yesterday on email. Could you send me content of js if you are still performing any problem? Becouse i can’t find this detection on http://www.google-analytics.com/ga.js
Do you have VPS up-to-date?
Best regards
Jan Sirmer

Hello,
thanks for a sample. This sample is not a false positive.
Thanks David.
Script is in David’s post

Best regards
Jan Sirmer

@ ziucqea
Certainly looks like a hacked google-analytics script tag/file, this has included a call to another site 17bbj.com, which is most likely suspect in a similar way to the reference I made to the blog post. See image of the decoded script with the inclusion/insertion of the call to the 17bbj.com site.

@ Jan
It is possible that this script could be detected by avast which would kind of defeat the purpose of displaying it, I always display script example as images to ensure there is no possibility of avast alerting in the forums.

Avast is still reporting a virus with Google analytics code embedded…I do wish it would get fixed.

www.samslobsterbakes.com

The company website that hosts the site also triggers a virus alert on my machine, I wonder if the virus alerts are related.

www.superwebhost.com

Strange that another site I manage with google analytics script does not trigger the alert. Its hosted by Maine Hosting Solutions.

www.shapefabrication.com

Any insight/solutions would be appreciated.

Thanks, Mike

Note: You posted to a three year old topic.

3 years old…gotta pay more attention to detail I guess. Your comment made me smile a little, but a little miffed?

Why does the problem still exist after 3 years. or is the current version of the Google script “clean”. Thinking about re-registering the site with google and using
the latest(?) script. Does that make any Sense?

thanks, Mike

Hi Mike,

Please do try that and report the results. They did update the script over the past few months.

Thanks,
~!Donovan