We have a recurrence of a false positive using Avast with Firefox on the newegg.com site. Had this same issue last fall which was resolved with a definition update. Avast gives a JS:Pdfka-TD warning and aborts the connection. This only happens with FIREFOX, I can use IE all day on newegg and there’s not a problem. This started a couple of days ago, Friday or Saturday and has been pestering since. Firefox is version 3.6 and adblock plus, better privacy, download helper a/k/a video download helper, flashgot, FEBE, java console 6.0.17, java console 6.0.16, microsoft.net framework assistant 1.1 and WOT installed as Add-Ons.
All add-ons are up to date. OS is Win7 64 bit (both premium and professional). Got the same issue on multiple computers (of course I have the same firefox setup on all).
If you can give some of the URLs where the alert happens as I get no alerts on the home page, being on dial-up I don’t fancy rummaging around in the hope of bumping into it. When posting, ‘modify’ the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
I tried the suggested add-ons, NoScript and RequestPolicy extensions, and of course NoScript stops EVERYTHING, once you “allow” newegg then the warning comes.
I removed NoScript, I’d rather deal with a virus than it, I had tried it a few years ago, same overhead burden on user.
Also, though I was sure that it was a false positive I ran both Avast and Malwarebytes and the system is clean (both of them). My laptop with WinXP (32) is at the office with the same extensions, so I can’t test if Win7 64 is adding to the problem or not, which could be the difference.
And again, I can use IE w/o any warnings on newegg.com
Had this same problem with Win7 64, Avast, FireFox and newegg last fall for a few weeks, then an update fixed it. I believe it was an Avast update/definition, but it could have been a firefox one.
We have this thing in logs, but I’m unable to replicate. This could be time limited, or, what’s worse, served by ad companies they use.
If you ever got the warning, let it on the screen, find what is your temp dir, subdir avast4 and there will be the offending file. Then just copy it somewhere else and dismiss the warning. And send us the sample, please.
@ ponder1999
Are you still getting this as I don’t get any alerts on the home page nor on a few clicks on some products. So I can’t replicate it either. I don’t know why it would only happen on FF and not IE as the web shield should act in the same way for both.
I’m using FF3.6 with, NoScript, RequestPolicy and but I have temporarily allowed the site so I can see if there are any hits
What avast version are you using and what VPS number (see image for current #s) ?
There’s nothing in the temp avast 5 directory. And the message I get is “exploit blocked” and it terminates the connection. I’m not given a choice of allowing or saving the file.
And I get the warning EVERY time I go to newegg.com now, so it’s easy to replicate.
I’ll try that this evening when I get home, here at the office I have a similar system as far as Firefox and Apps on my laptop, but with Win XP I’m not getting any warnings. So it definitely has something to do with Win 7 64 bit.
No, that’s highly unlikely (at least on avast!'s side).
The difference is that the computer is different - different IP, different cookies possibly… so it may get served different content from the web server.
You may also check your hosts file, just for sure… if it doesn’t contain any redirection.
The new definition 100301-1 has “fixed” the problem.
I’ve got 2 computers at home with Win 7, a Phenom II with Pro on it and a Core2Duo with Home Premium 64 bit. The last time I used them previous was last night and both gave same warning for all newegg.com pages. As I turned each on this evening I immediately went to newegg and got the same warning, then after Avast updated the definition no warning.
I wonder exactly what changed in the definition file. Well, whatever the ghost has left the building.