system
1
Avast! just blocked the travelers information website xww.flightstats.com, saying it is a Trojan Horse. I’ve been to this website many times in the past, so I’m wondering if it is either a false positive, or has the website actually been hijacked by a trojan?
hey and welcome to the forum based on the result from the virustotal result i would say its a false threat:
http://www.virustotal.com/url-scan/report.html?id=be0873f7335ebec440adfa21924b3261-1304223613.
you could submit that to avast so they chance this.
fallow this instructions:
http://www.avast.com/contact-form.php?loadStyles
good luck
DavidR
3
I have just visited the site (using firefox 8.0) and no alerts by avast, ensure that you have the latest virus definitions.
polonus
4
Seems to be OK according to: http://urlquery.net/report.php?id=9659
Analyzing the javascript there, I get these issues: -partner.googleadservices.com/gampad/service.js suspicious
[suspicious:2] (ipaddr:72.14.204.164) (script) -partner.googleadservices.com/gampad/service.js
status: (referer=-www.flightstats.com/go/Home/home.do)saved 5175 bytes 6dd283cf6a29dba6a5ad64c6aad86ebe35dfed3b
info: [javascript variable] URL=
info: [decodingLevel=0] found JavaScript
info: [decodingLevel=1] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
and here:
-www.plaxo.com/events?link= benign
[nothing detected] (jsvar) -www.plaxo.com/events?link=
status: (referer=-www.flightstats.com/go/jawr/1752544278/bundles/commonBundle.js)
Found up as Phishing in a listing via clean-mx 20090623-028990
polonus
system
5
Thanks for the replies. I just went to the website again tonight, and it loaded fine, no problems. Not sure why Avast tagged it as a trojan last night. I didn’t type in the website, I clicked on a link in my favorites, so it wasn’t a typo on my part.
Oh well, as long as all is well now, I’m not going to report it as a false positive. I don’t really know what happened…
DavidR
6
You’re welcome.
The main thing is its resolved (so reporting as possible FP wouldn’t find anything fi whatever it was is no longer detected).