I don’t know if I am in the right place for this, but I don’t know how to report a warning I received from Avast, about a possible virus attack by VBS Malware-gen.
I was opening up a link on bunkbedsonly.com. and was alerted by Avast that a virus had been detected. The box told me not to worry, that it had stopped the malware from entering my computer and if I just clicked the abort button it would cancel the connection. I clicked abort and it looked like it canceled the webpage from opening.
This instance has now appeared under my Avast log event viewer file as a warning:
(Be careful of link below, I don’t know if there is a virus there or if it is a false alarm.)
System application 1584
Sign of VBS:Malware-gen has been found in hXXp://www.bunkbedsonly.com/staircase-bunk.html" file
Does anybody know what sytem application 1584 is, what VBS:Malware-gen is and what this virus is capable of doing if it had gotten onto my computer?
I see what your saying, but am not understanding much about wc3 standards and scripts and I apologize, but help me to understand a few things.
When you say it would be considered bad code, could it be just an error when the code was written? If it was hacked does that mean then that it was a legitimate attempt to execute a virus except it was stopped by Avast?
I did not know to break the link properly I was to use hXXp, but it looks like someone named kubecj has beat me to it, edited it, and broke it properly for me.
I tried to break the link by separating the .com from the rest of the link. I thought it was broke, and I put a warning in red for people.
You don’t really have to understand the actual standards, they are there as a guide that when the standards are conformed to browsers display things in the correct way.
Now any professional coder and you would have to say for what is a commercial site you would like to hope that they used professionals to build it and they would stick to the general HTML/wc3 standards.
So when I see code outside the HTML layout it is suspicious and when that script is obfuscated I’m even more suspicious.
I haven’t got a clue what the code does because of the obfuscation (hiding the actions) but this certainly isn’t an error in general coding as someone has gone to lengths to hide what this does.
Hacked means someone has modified the web page, e.g. hacked there way into the site, by passed security, etc. You could report this to the owners if they have a contact us link, etc. and report it. I would make sure you have avast’s web shield on guard as if one page is effected it is possible that others could be too.
If this was legitimate code (which I highly doubt) I would expect it to be within the opening and closing HTML tags, conforming to standards/convention. If they wanted to encrypt/obfuscate or hide this code from view, then it would be so simple just to call a script file in a protected area. But avast would likely detect it there also as it has to be loaded to be run.
Man that’s scary, and to think I was surfing around on that site quite a bit about a month ago but I had the web shield activated. I always keep it enabled and yesterday it protected me.
I must say, I have tried many anti virus products (both paid and free) and this one by far is the best.
That’s the problem a site could well be hacked so up to a point any site could be hacked, but it is normally those using outdated software with weak security. Fortunately it isn’t really common, but avast is right up there on detecting this type of possible attack.
A belated welcome to the avast forums and the avast family and exactly why we are here, we like avast too ;D
