Virus on forum or false positive

I get a virus warning when trying to view this link. I guess it’s a false positive on the page?

http://forum.avast.com/index.php?topic=7557.0\PxB1AB8

Win32:Mhtplo-26 [Trj]

Well, that is surely strange. I also got the virus warning. :o ???


Well the DrWeb browser extension doesn’t show anything. So it could well be an FP.

Strange thing my browser extension for firefox now displays the info in Russian!

Got the same there Filesize 39220 bytes
PxB1AB8 archive HTML
, Javascript.0 - OK
, Javascript1.2.1 - OK
, OK

Yep, that can be you just have to look for OK or the colour of the Spider green = OK. When the servers are busy sometimes you get the messages in Russian (in that case just reload or scan again), some lucky ones can have their messages in French even. It means it is rush hour there on their servers.

Wait until the Spider blushes in pink ;D ;D

polonus

AntiVir
Found HTML/Exploit.Mhtml script-virus
ArcaVir
Found nothing
Avast
Found Win32:Mhtplo-26
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found Exploit.HTML.MHTRedir-8
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Still detecting even after todays update.

Is there a virus lurking on the forum?

I’m pretty sure is must be a false positive. Is anybody from avast! looking into it?

Bump.

Still detecting even after todays update.


Yep … still detecting it also!


However it is a good tutorial for people who have never seen webshield at work ;D

Dr. Web hyperlink scanner in Opera does the same also.

As polonus mentioned.

When the servers are busy sometimes you get the messages in Russian (in that case just reload or scan again),
Mine remained in Russian for a day or so and now it is back to English, so hopefully yours will too.

There is no virus on the webpage linked above.

I guess there is a false positive because of the string " m -s - i -t -s- :-m -h- t- m- l :f i l e-:- / -/ -C- :-\ - -M- A-I -N .-M- H- T ! h- t- t-p"
(censured in case of I am right :wink: )

Bump.

Still detecting even after todays update.

Yes, I thought it must be a false positive of a character string too, but is anybody going to fix it, or at least say that they know about it?

It will be fixed early next week (that is tomorrow or day after tomorrow)

The last night’s update was scheduled long time ahead and brought a detection of some 12,000 Trojans (but didn’t fix any FP’s).

That is also why it was larger than usual (217KB).

Thanks
Vlk

Cheers Vlk!

12,000 Trojans !!! :o :o :o So the new virus analysts are hard at work eh ;D

:o 12 000! ;D ;D ;D Cheers

BTW Vlk will this FP be fixed ? → http://forum.avast.com/index.php?topic=18934.0 ::slight_smile:

Excellent news and good work from the new virus team members, were seeing a quicker turn round in inclusion and correction of the VPS.


Thanks for the info, Vlk … and thanks for all the hard work you and all of the Alwil team do! It’s greatly appreciated by all of us users! :smiley:


Second that emotion