How do I report a false positive for a website which is consistently tagged by avast! (free, v5.0.677 on WinXP SP3) as a Trojan Horse because of its Javascript menu? I’ve posted a query to the webmaster of the site to verify that it is a false positive (I suppose there’s some chance it was hacked and poisoned), and when that’s affirmed I’ll incorporate an exclusion in the various computers I have which run avast!.

FYI, The website is for the Texas State History Museum, and the pop-up reference box identifies the offending element as “HTML:lFrame-IV [Trj]” with the “object” of http://www.thestoryoftexas.com/js/menu.js and an action which is to abort loading of the page.

VirusTotal - menu.js - 5/43
http://www.virustotal.com/file-scan/report.html?id=bfdeb11410c1c12752a07aff097277e663e434c40ce3d820c581d076bab04951-1293736891

Click the dropp down menu http://www.avast.com/contact-form.php?loadStyles

Jim, send a mail to virus@avast.com with as much as information as you can. Mention clearly that you think it is a false positeve.

And please use the search option next time before asking.
Your question has been answered many times before on this webboard.

If I remember rightly this was picked up before (in the viruses and worms forum) and it isn’t only avast alerting on this file, hXXp://wXw.thestoryoftexas.com/js/menu.js.

Given that I don’t see anything obvious in the file, but I’m not too familiar with javascript. I have submitted it for further analysis.

• There is a new on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

avast! is alerting on a script at the end of the javascript file.
It is one line of what looks to be obfuscated script?

I am not sure what it contains, but it doesn’t look quite right to me…

Scott