Javascript file in SRWare Iron detected as malcode...

Hi malware fighters,

This was where it was found up: C:\ProgramFiles\SRWare Iron\resources\content\Security.JS
These are the jotti results: http://virusscan.jotti.org/nl/scanresult/2cb3202ff66fbf74155a4e32e3dd4d52474276d6
an older scan for this:
http://www.virustotal.com/nl/analisis/e2fcbb2330182eaa72b3317e2375f9a5668216c950d5b1026596b201d0fb4fa9-1247000993
DrWeb’s scan:
Checking: Security.JS
Engine version: 5.0.0.12182
Total virus-finding records: 651197
File size: 43.90 KB
File MD5: 1e3261612f743a261a96a6df3e7cc2c1

Security.JS - Ok
Is this a heuristic find for something harmless?

polonus

Have you not tried the http://www.jsure.org/ javascript checker, if they can unescape it to check it.

Hi DavidR,

I am almost certain that it is a heuristic find. I have it so long now and never saw a flag for it. Also used Script Sentry (Jason’s toolbox) and there the script was considered harmless and not possibly malicious.
Uploaded the file to Sophos’s to have it analyzed. So report back on that one.

File size: 44950 bytes
File type: Little-endian UTF-16 Unicode character data, with very long lines, with CRLF line terminators
MD5: 1e3261612f743a261a96a6df3e7cc2c1
SHA1: faa1c8c27380adcdab4a1545c4b81074711f5dd0

polonus

Hi polonus.Maybe this link can help you
http://forums.informaction.com/viewtopic.php?f=8&t=1461#p5115

Didn’t you also have a similar problem back in may with a squared detecting security.js?

pol,

can you send that js to me? , please.

nmb