False Positive on Jemsite?

system · September 5, 2011, 4:17pm

wxw.jemsite.com]www.jemsite.com

A lot of people are getting a blocked js file on every page but it only occurs with Avast. No other AV software seems to be picking it up. Possible false positive.

The exact file my logs are showing is:
wxw.jemsite.com/components/com_jreviews/jreviews/views/js/jquery/jquery-1.2.6.pack.js

Pondus · September 5, 2011, 4:21pm

Edit the links you posted so that they are not clickable, like this wxw.jemsite.com

Sorry - INFECTED - see screenshot (click to enlarge)

Malware entry: MW:ANOMALY:SP7
http://sucuri.net/malware/malware-entry-mwanomalysp7

polonus · September 5, 2011, 5:05pm

Hi gideond,

Make that url non-click-through like wXw etc. or -www etc.
Here is what is being scanned: http://www.virustotal.com/file-scan/report.html?id=8eb5b7e43c307e37d86dbb02f691ff16d08147a6fbe59686f99dcb0268429c97-1315241118
It is a heuristical find and the packer is being flagged…
Here found benign: http://siteinspector.comodo.com/public/reports/303481
The binairy analysis for the logfile you give is:
http://anubis.iseclab.org/?action=result&task_id=10051d85769240dd48d43255923e092c1
code also found for Fake AV/KatushaC.gen malware…keyboard key monitoring mutex
like CritOpMutex,

polonus

system · September 5, 2011, 5:47pm

Sorry about that. I didn’t realize the forums auto linkified the address without the URL tags.

Thanks for the input. I’ll refer the site owner to this thread.

False Positive on Jemsite?

Announcements