JS Detected...

hi everyone can anyone show me where is a malicious code here?:

/** * @version $Id: caption.js 5263 2006-10-02 01:25:24Z webImagery $ * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. * @license GNU/GPL, see LICENSE.php * Joomla! is free software. This version may have been modified pursuant * to the GNU General Public License, and as distributed it includes or * is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See COPYRIGHT.php for copyright notices and details. */

/**

  • JCaption javascript behavior
  • Used for displaying image captions
  • @package Joomla
  • @since 1.5
  • @version 1.0
    */

REMOVED

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;

	var images = $$(selector);
	images.each(function(image){ this.createCaption(image); }, this);
},

createCaption: function(element)
{
	var caption   = document.createTextNode(element.title);
	var container = document.createElement("div");
	var text      = document.createElement("p");
	var width     = element.getAttribute("width");
	var align     = element.getAttribute("align");

	if(!width) {
		width = element.width;
	}

	//Windows fix
	if (!align)
		align = element.getStyle("float");  // Rest of the world fix
	if (!align) // IE DOM Fix
		align = element.style.styleFloat;

	if (align=="") {
		align="none";
	}

	text.appendChild(caption);
	text.className = this.selector.replace('.', '_');

	element.parentNode.insertBefore(container, element);
	container.appendChild(element);
	if ( element.title != "" ) {
		container.appendChild(text);
	}
	container.className   = this.selector.replace('.', '_');
	container.className   = container.className + " " + align;
	container.setAttribute("style","float:"+align);

	container.style.width = width + "px";

}

});
document.caption = null;
window.addEvent(‘load’, function() {
var caption = new JCaption(‘img.caption’)
document.caption = caption
});

It is detected by Avast as JS malware…
I think it is a false alarm…

I can’t, but I can tell you that the Avast webshield will not load all items from your post.

what is the URL?

scanning this part gives

VirusTotal - 4/42
http://www.virustotal.com/file-scan/report.html?id=1b5664125f4220ff70dde72f3c7e924b673420a333cbbc3ae3a79a90ccd73583-1281772949

..........code removed............

http://forum.avast.com/index.php?topic=62794.new;topicseen#new and right now, on clicking “reply”, http://forum.avast.com/index.php?action=post;topic=62794.0;num_replies= and I am sure that when this is posted it will pop up again.

It did. From the log:

  • avast! Real-time Shield Scan Report
  • This file is generated automatically
  • Started on: Saturday, August 14, 2010 8:51:28 AM

14/08/2010 7:56:53 p.m. http://forum.avast.com/index.php?topic=62794.0;topicseen|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 7:57:17 p.m. http://forum.avast.com/index.php?topic=62794.0;topicseen|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 7:57:48 p.m. http://forum.avast.com/index.php?action=post;topic=62794.0;num_replies=0|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 7:58:23 p.m. http://forum.avast.com/index.php?topic=62794.new|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 8:02:45 p.m. http://forum.avast.com/index.php?topic=62794.new;topicseen|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 8:03:38 p.m. http://forum.avast.com/index.php?topic=62794.new;topicseen|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 8:03:50 p.m. http://forum.avast.com/index.php?action=post;topic=62794.0;num_replies=2|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 8:04:51 p.m. http://forum.avast.com/index.php?topic=62794.new|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)
14/08/2010 8:05:08 p.m. http://forum.avast.com/index.php?action=post;msg=530276;topic=62794.0;sesc=2bde04422858fb7d80c57188da999e9b|>{gzip} [L] JS:ScriptXE-inf [Trj] (0)

but there’s no code of that js harm my pc…

I removed the obfuscated part - it’s… erm, a strange idea to post a detected block on a forum where it would be detected again.

ahhh ok I disabled avast so that it will not block hahaha,… sorry sir…

It is detected by Avast as JS malware... I think it is a false alarm...
avast shield was correct again..... ;)

+1
Never ever post code to a forum…!! ::slight_smile:
asyn

at least when it was blocked by avast nobody could read this nonsensical topic…

Unless of course you post it as an image.

That way it is safe and can show the offending code without causing everyone to have avast alert.