Latest update and Proxomitron

While I was out this evening, I received the latest update on all of my machines (0605-0). Now, whenever I open my browser, I get a malware warning (script). I believe this is due to my use of Proxomitron as my ad blocker of choice. It appears that Proxomitron is prepending and appending some script code at the start/bottom of each web page that it visits. Note that this was never flagged as an issue before the latest update.

How concerned should I be? If Avast continually flags every web page I visit while Proxomitron is enabled, I see I have several choices: stop using Proxomitron and use an alternative; stop using Avast and use an alternative; tolerate the warnings for every page.

How concerned should I really be? Is Proxomitron really placing malicious code in the web pages, or is it just code to help it block ads and popups?

Thanks!

j

What malware is reported, exactly?
On which page?

It’s reported as “VBS:Malware [Script]”, and it’s reported on every web page that is visited (every cached web page as well).

Proxomitron is prepending the following on every page:

and it is appending this on every page:

I never gave it much thought, as it’s such a good ad blocker. With Avast now reporting every single web page a potentially infected, it’s a pain.

j

I also use Proxomitron and I’m getting exactly the same message, but I only seem to get it in Internet Explorer, not in Firefox.

Interesting … I’m using IE.

j

Nows a good time to switch to Firefox then! :wink:

The money spender in the house likes to use IE so I’m kinda stuffed unless it can be sorted. :frowning:

That doesn’t mean you have to use IE, firefox and others, Opera, etc. are free ;D

Oh, I use Firefox, that’s not the problem, but you try and retrain a loved one to use a new browser! :smiley: Having said that, I’ll go ahead and do it if it’s not sorted in the next few days. I’ll get Opera on here probably.

I can certainly look at using FireFox; it has ad-blocking built in, right? And wouldn’t Proxomitron still add it’s $0.02 to the html to block ads (if I still used it)? I’m not sure switching browsers fixes the problem ---- looks like a false positive to me.

j

Oh it’s a false positive alright, but whatever the reason, I don’t get the problems with Firefox. I’d say use Firefox as a stopgap until the problem gets fixed. You may even move permanently anyway. :wink:

Hopefully the virus guys will have a look at it shortly.
BTW Blanka I see your based in the UK but your first name (or your nick) looks very Czech. How come? :slight_smile:

I’m getting the same problem with every browser I use that connects through Proxomitron. If I change settings so that the browser doesn’t connect through Proxomitron, close and re-launch, I have no more problems.

The behavior is identical with Firefox, my default browser, IE6 SP1, Opera, Mozilla and Avant (which is basically just IE6 with its own shell). In each case, the cached .HTM and .ASPX files return the same false positives - regardless of browser. The behavior is always the same.

Very frustrating. I just spent much of the day trying to figure out what was writting that script code into the top and bottom of those files.

Thank you,
Scott Gilmore

My experience is the same as Scott’s – every browser that connects through Proxomitron.

This is only with the latest updates from Saturday (28 JAN 06).

I REALLY don’t want to browse without Proxomitron – it is an extremely useful tool.

Thanks!
Bj

That’s what I would have expected. For now, I’ve curtailed browsing, and I just “bypass” Proxomitron while I’m on the net. Not ideal … but at least it doesn’t throw the false positive warnings when I’m on the web.

j

Hmm… I guess it’s the way I’ve got Firefox then that doesn’t get it spouting viruses at me all the time… At any rate, I’m not getting them at the moment but it’s still a pain in the backside because a few applications, namely Steam in my case, access webpages using IE and I get virus warnings whenever I login…

And Vlk, the nickname comes from many many hours of playing Street Fighter 2! :wink: Brilliant game!

How about letting Web Shield ignore local communication (On-Access Protection Control>Web Shield>Basic>check “Ignore local communication”) and monitor Proxomitron? Of course, this is not a conclusive solution but may work.

About the Off Topic, I thought it is spelled Blanca in English…though the setting is Venice, Cassio’s mistress had this name, for example. There are some local variations in Europe but basically, the name sounds feminine to me while the illustration is quite contrary… ;D

I tried the suggestion above but I’m still getting the warning… :frowning:

Did you close Web Shield and restart it after the changes? This ritual may seem to be stupid but needed.

BlankaM, you still get the warning with 0605-1 VPS?

Igor, I can confirm that the problem regarding 0605-0 VPS and Proxomitron was solved in 0605-1 VPS. I could’n t understand, though, why this false alarm appeared randomly. Out of 5 identically PC’s, only one had this annoying problem.

On the other hand, could you explain to me please the logic in numbering the VPS versions ? Other AV products release their updates in a dd/mm/yyyy form. Thanks in advance :slight_smile: