potential false positive (JS:Agent-PV [Trj])

Hello,

The below Javascript was flagged as JS:Agent-PV [Trj], however the provider of this JS is a trusted partner and we suspect this is a false positive. Is there any clarification that can be given here?

Many thanks.

Removed the actual code, here is a link (though this may rotate and change), and screenshot attached:

hxxp://www.kqzyfj.com/placeholder-5791062?target=_top&mouseover=N

DO NOT post Potentially malware code in the forum as every one with a AV detecting this will get a warning when entering the forum

take a screenshot of the code and attach

VirusTotal - 2/43
https://www.virustotal.com/file/6b11f0e5bba1948abbbc3d9092812cf7c7ca580f55c1364f7864b2fd709887a5/analysis/1331051093/

As Pondus says remove script code immedeately or present it as an image link. If the malcode is not a FP, it is a spyware TT-exploit, and especially dangerous when opened with Internet Explorer,

polonus

Here is a screenshot of the ad that comes up when it is wrapped in java script. This is a legitimate Verizon campaign from CJ.

Use this form to report a false positive directly to the virus lab:
http://www.avast.com/contact-form.php?loadStyles

Hi adfms,

Do as spg SCOTT proposes, also because of these risk scan results: http://zulu.zscaler.com/submission/show/2c1a6601f456d7cfe1bd44a7fd2d7419-1331033142
and this http://zulu.zscaler.com/submission/show/aca6e4edc6118539bf25e74eb17271a2-1331056998

polonus

Hello,
false positive will be fixed in next VPS update.

Milos

Bringing up a very old thread to say this has NOT been fixed. I’ve already reported it via the “Contact Us” about false-positives form on this site.

I just got this JS:Agent-PV [Trj] false-positive from this site:

http://www.alicepaul.org/ alicepaul.htm

To see it, take out the spaces in the above url, or just go to the main page and click on “Alice Paul” in the bar across the top.

BTW, this is so annoying that I joined this forum just now just to report this.

This asp site certainly has some server security issues as you can view here: https://asafaweb.com/Scan?Url=www.alicepaul.org%2Falicepaul.htm
Custom errors are not correctly configured ; by default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers; it doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a click-jacking attack.
Earlier malware from IP: http://support.clean-mx.de/clean-mx/viruses?id=8678620
A pinpoint evaluation was blocked by avast shield detection. JS:Agent-AYC[Trj],
If that was inserted into your JS files you must remove the code and search for the door which allowed the hacker to insert the code.
If you want to report a FP go here: www.avast.com/contact-form.php‎

polonus