I would like to use hxtp://shiftedit.net/ to edit my website.
This site looks great, but when I access my account Avast alert me, it detected an exploit.
I saw another peoples report this action as a false positive in this page hxtp://www.webpagescreenshot.info/img/852107-382012105621PM
How can we make sure this is truly false positive or real exploit ?
Hello, Pondus
thank you for reminding me.
please kindly check at my attachment. The warning window appear when I try to access http://shiftedit.net/home after successfully login.
It isn’t actually that unusual for avast to be the only one to detect and yet still be correct.
But since you are the webmaster you can say what this massive javascript file name is all about (1.6MB is somewhat large/unusual for javascript file) ?
The MD5/SHA2 of the file you uploaded doesn’t match the one I pulled down from the site.
VirusTotal is a better bet than Jotti, having 43 different scanners, but that only has 3 hits (excluding GData as that also uses avast as one of its two engines.
The js file is large because it contains the combined, minified libraries of what is a complex web-based application.
Can avast pinpoint which part of the code it believes to be infected?
Allthough the site is now no longer flagged by avast, just consider this part of the code there:
shiftedit dot net/js/plugins.js suspicious
[suspicious:2] (ipaddr:93.91.23.111) (script) shiftedit dot net/js/plugins.js
status: (referer=shiftedit.net/)saved 759 bytes b7e5602ce0a3f2a8a39fbe2b9eac3609229c1d52
info: [decodingLevel=0] found JavaScript
suspicious: but I have no reason to believe that script is other as benign,