http://aggregateknowledge.net/www/cmd/s/5.0

Hi.
I’m a newbie here.
I keep getting a warning from Avast complaining about this address. Of course I’M not trying to go there, it’s something in the background doing it. It says its a Trojan.
JS: Treffuc-C[Trj] specifically.

See attached screen shot.

It goes off every so often as I surf or get into my hotmail account - but random.

Is it false? I can’t find any info about it out there on the web, nor here. I can’t be the first one if it were truly a Trojan, could I? Anyway, only annoying for now.
So far I have only “aborted connection” when it appears.
The second attachment here is from the log. The items in the yellow box is from a few months ago and hasn’t been warning me.

Thanks

you’re not alone- been getting this for a weeks when reading news on MSN using Firefox.

It seems to be a false positive: http://www.virustotal.com/file-scan/report.html?id=695e269c7cb6389ef051aaaf900edd1830a8abd00e28509ac30c9009ae36f5fe-1285403807

But you should check the running processes.

…and as I see, you have avast! 4.8, upgrade to 5.0 which is better than 4.8

Add me to this list. I get this same exact error all over msnbc.com. Doesn’t matter if I use Firefox 3.6.10 or IE8. Seems like a false positive. Hopefully they’ll fix it soon. It’s annoying.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.

Have you sent the sample to avast for analysis:
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

Edit: I have just tried to visit hxxp://aggregateknowledge.net and I get a blank page, so it looks like they might have taken the site down ?

No I get the same. It merely won’t let you actually go to a site like that. I this its a statistic reporting site or the likes (Like malware?).

I’ll see if I can send from chest.

Hi malware fighters,

TrendMicro also detects it as suspicious, so not only avast and GData…
Then there is this source: http://blearc.newsvine.com/_news/2010/09/24/5173862-trojans-on-newsvine
And this could be a rootkit trojan, according to this source:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t43051.html[/t136502.html
finjan does not detect: The requested URL was analyzed and found legitimate
But when launched with Malzilla redirection is detected…Redirects

From To
htxp://aggregateknowledge.net/www/cmd/s/5.0 htxp://aggregateknowledge.net/www/cmd/s/5.0/

polonus

[quote author=DavidR link=topic=64311.msg543816#msg543816 date=1285429595]

I find no actual file for submission in the chest. This issue is being stopped prior to getting any file from this suspicious web address I guess. A full system AV scan finds no virus on my PC - nor did it ever, in this case.