Trojan?

go to tesco.com and when I try and log in I get flagged a trojan, is it Firefox as I cant see why a site like Tesco would do this?

Infection Details
URL: http://HXX.tesco.com/groceries/UIAssets/
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: JS:Blacole-AV [Trj]

Please break the link by changing http to hxxp as we dont want anyone to click on infected links.

Happening to me too, same trojan

There was an upgrade to Avast this morning and then I started getting this on my own website.

I then went to the main DotNetNuke website and had the same issue (Both are complaining about Telerik)

Looks like a false positive to me. SiteFinity triggers it as well…

Telerik.Web.UI.WebResource.axd in regards to a hidden field

All telerik enabled sites trigger this. Local development on the telerik components is not possible now with Avast enabled…

I have the same blocked trojan notice on - https:\www.wffcuonline.com
I get the same notice on 3 computers since this morning.
I ran Avast, Malwarebytes & MS Malicious Removal and nothing found.
Hoping for posting on fix - I cannot get to my banking. Thx

I have the same message from Avast. I was accessing my banking online. I can get into anything else I have tried so far but not Bangor Savings Online.

Is this something attached to ME or the bank???
I ran quick scan and it did find JS:Blacole-AV [Trj] in one file.

How do I remove it? And should I tell my bank?

I have the same problems with all my DNN site after the update of Avast.

What to do ???

submit to virustotal for checking would be a good start.

how do I submit? Avast would like to shut down and scan boot then restart. btw the woman I spoke to at the bank (local branch) had no issues getting in to her account. She has given my info to customer service but they haven’t called me yet.

do we always have to do captcha? I can’t read half of them. :confused:

same problem here. Starting this morning every time I open firefox I get the Avast alert. It’s got to be a false positive. WOuld like to hear from Avast or have them patch it.

This is most likely a false positive, I am a web developer and have been using Telerik products for years, there is no way that they contain trojans. Telerik provide professional class developer tools for web (and other) applications.

Also, it seems like Avast only has this false positive in Firefox. I have been checking my production websites in Chrome and IE8+, no trojans detected.

PLEASE AVAST PROVIDE QUICK UPDATE before our customers start complaining. Telerik products are WIDELY used in web development and having a false positive in such a context is not a good thing AT ALL.

Hi,

All of us in the office who have ran Avast cannot now access any web sites - we keep getting the message Trojan Horse Blocked

c/programmefiles(*86)mozilla firefox/firefox.exe - we have tried internet explorer and other internet providers but the same message appearing.

Is there any way we can get rid of the error message ?

None of us techies and we have all come to a standstill

thanks

Doesn’t look like a false positive to me.

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FBlacole.AV

I got the same error trying to access my bank. Microsoft says it’s real.

It would appear that AVAST is picking up compressed javascript and falsely reporting it as JS/Blacole.AV trojan ::slight_smile:

Avast triggers a warning for every website that uses a CMS and gzip-compressed JS

It is causing major problems at the game I moderate, unless there has been a major global infestation which no one else has picked up this is an AVAST issue not a genuine trojan.

/uninstalled until fixed

I can do this on all my machines quicker than adding realtime / webshield / scriptshield exceptions for every site I need to visit

The trojan is real - I doubt this detection is :wink:

OK. UNINSTALLING AVAST!!! No time for rubbish. They need to fix this ASAP.

I am detecting a Java script on the site … I have downloaded it and edited it… (after closing Avast ) I can see nothing there at the moment but I am not to hot on Java

Edit : Submitted to virus labs for analysis