Return to the Computer Help Forum | Post a Follow-Up

 o
script/exploit virus

Posted by jamesntn (My Page) on
Tue, Feb 21, 12 at 15:44

Every time I click on Garden Web (5 Times) I receive a "script/exploit virus detected" warning. Is it just me?


Follow-Up Postings:

 o
RE: script/exploit virus

Not seeing any thing but I am on Linux, why don't you go ahead and run an updated malwarebytes scan just to make sure you are clean.


 o
RE: script/exploit virus

AVG2012 has just started to continually report this on one of my fully protected and updated computers (Windows7 Pro 64 bit).

I have submitted the file to AVG and they have auto-confirmed that it is infected.

Avast, on my XP computer, does not indicate any problem.

As nothing had changed on my AVG protected computer other than the latest AVG update I am inclined to think it is a false positive.

Colin


 o
RE: script/exploit virus

I didn't have this concern on my Vista system at all yesterday including the evening. System has been on all day, but no one used it until I just did right now. The forum here is my homepage and the warning popped right up. The only change to the system is the AVG self-updated at 7:00 a.m. this morning.

I am leaning false positive in the new definitions.

DA


 o
RE: script/exploit virus

Same thing here, everything was fine last night, but my AVG self-updated this morning, and now I have the warnings popping up constantly (only on GardenWeb.) Nothing else has been changed on my computer.

When I click on "Move to Vault (Recommended)" it says:
"Object does not exist or is inaccessible." Also, "Object of Threat is Missing."


 o
RE: script/exploit virus

Photobucket


 o
RE: script/exploit virus

I would say that you all should report that to the AVG sites or forum so they can fix it or determine the issue. If they don't know about this they can't fix it.


 o
RE: script/exploit virus

I just sent an email to GardenWeb, pointing them to this thread.


 o
RE: submitted to AVG also

And, also submitted this info to AVG. I hope I did it correctly, I haven't done that before, but it seemed to take my submission and said it would be directed to their research lab.


 o
RE: script/exploit virus

AVG have now resolved this issue but it took our multiple reporting before they rechecked their test results.

I am very disappointed that AVG's auto-response system generates "detection is correct" messages until the number of error reports build to a significant number. A simple "report received" message would avoid causing unnecessary panic and possible file deletions by less experienced users.

Colin


 o
RE: script/exploit virus

Please tell that to AVG.


 o
RE: script/exploit virus

I reported this to AVG and they requested more info. I sent them a link to this thread.


 o
RE: script/exploit virus

I don't see where the false positive is a big issue as long as it is remediated quickly. They happen routinely through the whole spectrum of detection applications.

No problem with the reporting system either. I sent mine yesterday and got the confirmed response. That was the status at that time as the sample matched their database. As long as the issue is resolved that will be fine. Plus, even in frustration I always take a moment to remember to put into perspective when something is free.

DA


 o
RE: script/exploit virus

It is great that you all took the time to go and report this to AVG, with out input from folks like all of you they would not know they had a problem. So applauding you all for your effort!!!

I used to love AVG then a few years ago problems started and I chose to switch to AVAST and am happy with it.


 o
RE: script/exploit virus

Ravencajun, thanks for you post encouraging the report to AVG; in the future I'll be faster to do so.

I got a personal reply from AVG last night, explaining the false positive had been caused by the ad service adding a new bit of legitimate JavaScript to their script. He said the "JS was quite like code commonly seen in some malicious scripts, and in combination with a few other "slightly questionable seeming" snippets in other parts of the code, was enough to push one of the heuristics detections in the product "over the edge", so to speak, triggering the detection warning."

They had apparently already detected the false positive when I emailed. I sent a thank you back, and he replied again courteously.

I agree, pretty impressive service for a free product.


 o
RE: script/exploit virus

The apparent moral of MH's report is the AVG application responded as it is designed to. Always better to be safe than sorry.

A salute go out to Grisoft's timely response to the situation.

RC,

I remember when AVG hit that bump in the road. The cause was one most common; trying to do too much, too fast. Fortunately they resolved their concerns.

DA


 o
RE: script/exploit virus

We have AVG and I'm still getting a warning this morning.
It says:

Threat was blocked
File Name: www.nbcdigitaladops.com/hosted/js/gardenweb_com.js
Threat Name: Virus found Script/Exploit

Is everyone else still getting the warning? I didn't email Gardenweb or AVG. I assumed they're working on it.


 o
RE: script/exploit virus

Mine's fine. Are you updated to the current definitions?

DA


 o
RE: script/exploit virus

I'm still getting the message too. This is the third day now. I keep moving it to the virus vault. My AVG updates automatically every morning...


 o
RE: script/exploit virus

Mine was fine all day yesterday (no warning messages) but this morning it's back again. :-(

I just sent a reply email back to the AVG tech that emailed me two evenings ago, and I'll post back here if I hear anything back. My AVG auto updated about 30 minutes ago and I'll bet that's when it started happening...I'm thinking it's another false positive that will have to be corrected with their next update.


 o
RE: script/exploit virus

Still fine here.

DA


 o
RE: Try updating your AVG manually

Ok, even though my AVG did it's auto-update earlier, I pulled up AVG and clicked update again. Now I've been surfing all over GW for about 15 minutes and no more messages. So, doing that seems to have resolved the problem again, for me.

In my email from the tech two evenings ago, he also said this: this detection was suppressed through the "in-the-cloud" detection verification mechanism. This is enabled by default, but a few AVG users may have disabled it or be using old versions of the product that do not include this feature. These users will have to wait until the next detection update ships, but most users should have seen the detection stop a few hours back."

So, it sounds like how quickly the corrected update solves the problem for each AVG user may depend on how some of us have our AVG set up, or which version we're using.

You folks know more about how this works than I do, I'm sure! I'm dog paddling as fast as I can. ;-)


 o
RE: script/exploit virus

For the record, at 8:13 p.m. the current AVG version is 2012.0.1913 with a database of 2114/4827.

DA


 o
RE: script/exploit virus

Darn it's back.


 o
RE: script/exploit virus

Not here.

DA


 o
RE: script/exploit virus

Hi christie sw mo,

Clean out your temporary internet files and temp files.

Download TFC by OldTimer From here click Here
to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programswhen run, so make sure you have saved all your work before you begin

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.


 o
RE: script/exploit virus

fwiw .. maybe related.

ms security essentials on my laptop caught a js 'severe' thing earlier. Then it caught a total of 6 of these js things over the next twelve minutes while I looked at the path to see what it was, and started scanner.
Then I went back and looked in my allowed ip's at the times... to see if i could tell which site it came from.


from here or one of the major edge servers ... I cant spell it.. Akamaki??
I'm thinking it might be bad advertizing script...
microsoft says they added to definitions feb29.. it tries contact a server to load some bad stuff or whatever if you have outdated sun java or multiple versions.


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here