false positive

Hello,

I have installed a plugin to get advanced features when consulting a particular website (hXXp://www.seloger.com/).

Now avast display a Trojan alert when I try to connect to this site. It’s a well known real estate website, and I am surprised

http://www.unmaskparasites.com/ and Google’s Safe Browsing diagnostics do not find any problem to the site

Here is the alert I get:
filename: hXXp://www.seloger.com/{gzip}
Name of the malware: HTML:IFrame-FA [trj]
Malware type: Trojan
VPS version: 090516-0 16/05/2009

Here is the firefox extension I have installed http://www.petitscailloux.com/ExtensionManual.html

I have submitted the .xpi file to http://www.virustotal.com/ and no virus has been found.
(http://petitscailloux.com/download/petitscailloux.xpi)

What do you think about this alert, what should I do if it is a false positive ?

Thanks for your advices

There are two suspicous blocks of encrypted javascript - I think the site is infected.

Hi malware fighters,
@igor
There are not two, but there are three pieces of script outside of HTML :
3 suspicious inline scripts found.

Script outside of HTML


eval( unescape( "%69%66%28%21%6d%79%69%6b%29%7b%0d%^^0a%76%61%72%20%72%3d%64%^^6f%63%75%6d%65%6e%74%2e%..

Script outside of HTML

/* 6m]lcjn8c`"egsc[#u^i]og_hn(qlcn_"oh_m][j_"!-]03001,0+0^0/,*0_0+0^0/-^0--.-,,*...

and Script outside of HTML

 var A2F2CDC66F90D0F55E2C = -61+55;var D227380BD63BF942C7F8 = document.getElementById('c42A4999197A3...

@fcoavast
Definitely infected site, report to the website owner his site has been injected with malcode,
Make that the links in your posting are non-clickable using either hxtp:// or wxw,

polonus

Generally, avast detection is accurate in these cases.
In your particular case too.
Maybe you could contact its webmaster.

Thanks a lot I have reported the problem to the website owner, I hope it will be rapidly analyzed as it is a big “commercial” site.

bye and thanks again

You’re welcome. Feel free to come back any time you need help or just to change experiences 8)

Hello,

The site has been cleaned (I received a response from the webmasters), I have no warning any more, you were right

Thanks