HTML:RogueIframe [Trj]

I keep getting this alert when I go to (hxxp://www.barackobama.com/index.php) Is this a false positive?

Hi nancat357,

Nothing happening here, McAfeeSiteAdvisor green, finjan green, scandoo green, DrWeb’s av hyperlink scanner plug-in green. Watched the link with Firefox with NoScript active. How did you visit this link with IE 7? Read here: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=132x5122330
Break the link put xxx in stead of com. please, so that ignorants won’t click it!

polonus

Yes I use IE7 and have done virus cleaner and pick up nothing.

Hi nancat357,

Avast has protected you there. Use firefox with the NoScript addpon, you surf better protected there, download a copy from:
http://www.mozilla.com/en-US/firefox/
NoScript download: https://addons.mozilla.org/nl/firefox/downloads/file/25306/noscript-1.5.2-fx+mz+sm.xpi

polonus

This is a false positive. We’re working on a fix.

In the meantime you may visit John McCain’s website 8)

Hi nancat357,

You got it from the highest authority here now, it is a False Positive.

polonus

I clicked on the link with Opera, but didn’t get any alert. I don’t get to have any fun with Opera! ;D ;D ;D Maybe this time it’s because the fp has been fixed ???

Opera is so safe & secure that I don’t get to have any excitement. I’m not complaining, I don’t want that kind of excitement!!! ;D I like my surfing boring-ly safe. :wink: :slight_smile:

Oh yeah, I have to give credit to avast! & ZoneAlarm, also. :slight_smile:

I’m not gloating, it’s just that most of the time that someone gets infected, their using IE. When will the world learn not to use IE ???

Hi rdmaloyjr,

She was not infected going to the barackobama site, because it was a false positive, and that means a false positive for IE7 = a false positive for Opera = a false positive for Firefox = a false positive for Flock.
We know that Opera is a great browser, and the browser of sorts for search experts, go here to read about Opera’s glory: http://www.searchlores.org/tuttiope.htm

polonus

Just for the record, these false positives are happening all over the place.

It does just happen with the-browser-which-should-not-be-named (pun intended), because it again does “something”. That’s why it did not appear in our tests - on the downloaded files it does not false.

Please update manually and re-test. It should be gone.

Hi kubecj,

This was a false interpretation of an adware.php script, also a lot of FP’s happen with autoIt scripts lately, and not only avast, also prevx, and other scanners, but in FF with NoScript I did not have an alert going to the barackobama.site while ashWebSv.exe service is running all the time,

polonus

I get an Avast alert every time I log into Yahoo before I open any mail. Each time, it tells me Avast stopped the trojan and no action is needed. I wonder if Yahoo knows?

I manually updated as advised and then retested this site:
hxxp://www.grc.com/default.htm
and still got the same warning.

I’ve gotten this warning also. I just tried to login to Juno.com’s main page and received it. Will wait to see if another update will help. Manually updated a few minutes ago and still getting the warning.

Do a manual VPS update as the latest 080318-0 VPS resolves the problem, no alert now on grc.com or Juno.com.

update is out (080318-0)

, manualy update your avast and retest. Please ppl with “Yahoo”, try it again and let us know.

Regards

Thanks so very much David, I’m fine now. Thanks so very much to kubecj for resolving the issue. Much appreciated for sure! :wink:

Grc.com is also fine now. Many thanks to all Avast support personnel that took ownership of this problem and provided an expedient resolution. Thank you so much…

Gustavio