JS: Popupper-Y [Trj] possible false positive

fourteen mht files were created long ago with Microsoft IE suddenly test positive for JS: Popupper-Y [Trj]. These files have not been accessed since their created except for scanning with Avast and other programs with no indication of infection.

A sample has been submitted.

Do the virus scan on the file of the virus Total

https://www.virustotal.com/

posts the reports with results

compress the file in zip or rar format with password
send the sample

virus@avast.com

Bumping this thread as I have a similar issue. An mht file created long ago with Microsoft IE suddenly tests positive for JS: Popupper-Y [Trj]. But according to VirusTotal, only Avast detects it as a (false?) positive. I zipped it with password and sent it to virus@avast.com

Hello, it is not FP. Same infection as here: http://www.virusview.net/report/detail/2C00BAFDDA3F3980C2A117E65A942460/18ADAA92

@Tondah
Thanks for you reply, but how can you tell it’s “same infection”? Have you analysed the .mht file I sent to virus@avast.com , together with VirusTotal report?
Detection ratio: 1 / 57
https://www.virustotal.com/en/file/6c0a206faf3af5b65440d70548689752d79f99d4b96ae5dd066a69e98460cedf/analysis/1429649700/

BTW, I haven’t got any reply from virus@avast.com so far, not even an automated response.

Hi i analysed several files containing this infection and they all work as adware/spyware. Its just standalone file packed into many bundled software packages.

I am glad to tell you that I got a response to my file submission, from Honza Zíka of the Avast viruslab.
In short, he said he will not disable the detection. What he dislikes about the script is that it opens a 1x1 px window on exit, which is hidden off the screen. He also pasted the code that does it.

Bumping.
It appears Box Sync (mac) is giving me false-positives for this trojan? feature?
As I understand it, some software pops up a single pixel occasionally for tracking (?) of your activity, and Avast flags it as a Trojan. Or maybe it is a Trojan.

Regardless, I find it really annoying that when Box is syncing, I get an endless flow of red warning popups from Avast, telling me about them, with no advise on how to make it stop. Is there a solution, or is it something I just have to endure with impotent rage?

  1. you are posting in a topic from 2013

  2. post screenshot of avast warning pop-ups