Hello,
I’ve installed and ran avast home for the first time today, and noticed that when I surf to www.yahoo.com, avast often reports this Trojan Horse warning:
File name: http://m.www.yahoo.com/\{gzip}
Malware name: JS:ScriptIP-inf [Trj]
Malware type: Trojan Horse
VPS version: 091227-0, 12/27/2009
Using Firefox 3.5.6 on Vista Ultimate SP2.
Is this a false positive or does Yahoo! have some hacked content?
Thanks
Just noticed I have this in the wrong forum, sorry.
Hi Kwigybo, welcome to the forum 
This is getting wierd indeed… the site you reference, does not give me a webhield alert, but a network shield alert, which is on one of the ads conatained in the page…
There is already a discussion on yahoo at the moment though…
http://forum.avast.com/index.php?topic=52692.0
-Scott-
p.s. for future reference, when posting suspect urls, please could you modify them to disable the link… change www to wXw for example. Thanks
YES Happening to me when i access yahoo site another false positive annoying stopped network shield just normal web shield running!
I’m getting something like this on my yahoo fantasy football page! I’ve never had any trouble before. Why is this happening? ???
False positive Just pause or turn off network shield untill avast updates the vps file!
Block Yahoo ad tracking server with a HOSTS file:
http://hosts-file.net/?s=ad.yieldmanager.com&x=24&y=10
Happens to be FP, which will be fixed.
http://forum.avast.com/index.php?topic=52692.msg446420#msg446420
I am getting this too.
so getting this on many sites is not a huge issue then?
I am getting the “js:scrpt…” as well, but only on my local cable website - roadrunner.com - in Livonia Michigan. The Avast pop-up that comes up with the site address is // cdn.at.atwola.com/_media/uac/tcode3.html(gzip) everytime I attempt to access that e-mail account or home site. This is all greek to me. Any assistance would be appreciated. This problem is new and the last time I was on that site was 10 days ago.
New VPS Out now hopefully fixed
I’m also getting a trojan virus error: JS:ScriptIP-inf
on my website http://www.raceonusa.com
but I’m pretty sure it doesn’t have a virus.
Avast 4.8.1351.0 2010.08.17 JS:ScriptIP-inf
Avast5 5.0.332.0 2010.08.17 JS:ScriptIP-inf
GData 21 2010.08.17 JS:ScriptIP-inf
Hello,
Your website is currently hacked and used to distribute malware → that’s why we started to block your domain. You will have to remove malicious scripts which was added into your website - php/exe/java/etc (It would be nice, if you can collect them and send them in password protected archive to virus@avast.com).
All the files (hack) should be located inside this folder (and are still there - checked 5 minutes ago):
hxxp://www.raceonusa.com/Home/exemple.com/
Regards
PS: We will not remove your domain from blocklist until you fix the problem.
PPS: You should start your own thread.
PPS: You should start your own thread.he already have.... here http://forum.avast.com/index.php?topic=62891.0
Haven’t seen, thanks. Will copy my reply there.
And how can you be so sure it’s a false positive and rush telling ppl to disable Network Shield? Known safe webpages by themself aren’t safe anymore like they used to be so doing so is a rather stupid thing really.
Very true.