html:iframe-iv [trj] - False Positive on website?

Whenever I go to this website, Avast pops up a message that it is infected. This website is legitimate. I contacted the Admins for the website last year several times, but never received a response from them.

So I wanted to ask, if this is a false-positive?

htxp://www.thestoryoftexas.com

I have had a look at the menu.js file that is causing the alert, but my knowledge of javascript isn’t good enough to say one way or another if it is a good detection, so I will submit it for further analysis.

Okay thanks, sounds good.

Hello,

Yes, It is the last line in the file that DavirR has been writing about. This line is currently commented, but please this is not enough → remove the line from the document to avoid AV regular detections.

Best Regards

I am not the webmaster of that site. So I can’t edit it. I was just a visitor. I’ve tried contacting the webmaster in the past, but never received a response.

Hi wile_e,

Going there, no alerts now, just visited the site inside a flock browser (with NoScript and RequestPolicy active)
Here it is given clean: http://scanner.novirusthanks.org/analysis/eb81118dd9d5aa6338705d0c683c40fe/aW5kZXg=/
and here: http://wepawet.iseclab.org/view.php?hash=54bfecff0011a101bdde1120564f44af&t=1272227192&type=js

Bad frame detektor gave: No zeroiframes detected!
Check took 2.73 seconds

(Level: 0) Url checked:
hxtp://www.thestoryoftexas.com
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
hxtp://www.thestoryoftexas.com/js/menu.js
Zeroiframes detected on this site: 0
No ad codes identified
Here that is given benign: http://jsunpack.jeek.org/dec/go?report=c839c1f5a7114d2a64b2fa17c13164cc81bbce96
and here:
http://linkscanner.explabs.com/linkscanner/checksite.aspx?NS=ChkOnly&SRC=apps.explabs.com&CS=http://www.thestoryoftexas.com/js/menu.js

(Level: 1) Url checked: (script source)
htxp://www.google.com/coop/cse/brand?form=cse-search-box〈=en
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://www.thestoryoftexas.com/js/menu_init.js
Zeroiframes detected on this site: 0
No ad codes identified

polonus

@ polonus
The alert is still there if you allow the site in noscript as the menu.js is allowed to run and avast alerts.

I checked the menu.js using jsunpack before submitting it as a possible fp which jsejtko said isn’t one.

Hi DavidR,

NS working then, well avast is the only one flagging it and has outstanding detection where these issues are involved,
see: http://www.securelist.com/en/descriptions/old295480
A detection of Iframe dependencies,

polonus