False Positive: www.americamagazine.org

[markspiteri]

Upon logging to www.americamagazine.org i get this below message. I am sure its a false positive.

[Stephanos G.]

Possible, but smt is trying to download. Strange case but possible false positive.

[DonKid]

Hi,

I have tested this site and get the same alert.
Let's wait for Eset's support.

Best Regards,

DonKid.

yep, same with <snip>, hope they fix this soon.


edited to remove porn link as per our TOS - Detox

I checked it out as well, and it does the same thing for me. At the top of the parasite.js file, it has this:

// purpose: IE parasite detector (http://www.doxdesk.com/parasite/)
// author: Andrew Clover (mailto:and@doxdesk.com)
// version: release 2.8 (24-Jul-2004)
// licence: use freely

I checked out the code and that site. It looks legit, although stupid and completely unnessecary. I build websites for a living, and I would never put something like that on my website. Someone needs to let them know they are doing nothing to help their visitors, and causing problems for those with NOD32.

[rothko]

Quote:

Originally Posted by i960

I checked it out as well, and it does the same thing for me. At the top of the parasite.js file, it has this:

// purpose: IE parasite detector (http://www.doxdesk.com/parasite/)
// author: Andrew Clover (mailto:and@doxdesk.com)
// version: release 2.8 (24-Jul-2004)
// licence: use freely

I checked out the code and that site. It looks legit, although stupid and completely unnessecary. I build websites for a living, and I would never put something like that on my website. Someone needs to let them know they are doing nothing to help their visitors, and causing problems for those with NOD32.

i reported this to eset about 2-3 weeks ago, i was replied to asking for the file to be sent zipped up, which i did, but i havent heard back yet and the file is still recognised as above...i'm guessing they've just been very busy with the new release!

[RejZoR]

I just wonder why it's named parasite.js
It's just screaming: "I'm malware,pick me!!!!"
Although its probably a false positive...

Eset better get on the fp thing or they're going to lose their title with VB.

Neil

[Jaska]

I got just the same warning from http://www.auditmypc.com/free-spyware-removal.asp and I have submitted the parasite.js file to Eset too

[Detox]

LMAO that link showed me this

Quote:

We Found Private Information!
192.168.1.102 - Private IP
Full details found [here]

muah hahahaha

On a more serious note, I really wouldn't touch a thing on that site.

We'll see... I take a look at it at work...

Funny, my college roommate works for that magazine, and I noticed the same NOD32 false positive a week ago, so emailled him and told him his webmaster needs to update the parasite.js script, or get rid of it entirely.

If you go to the parasite.js author's website, they have the most up to date version of the script, which does NOT trigger a NOD32 false positive.

[tazdevl]

Wow they need to upgrade their connection.

[bsilva]

Quote:

Originally Posted by Detox

LMAO that link showed me this




muah hahahaha

On a more serious note, I really wouldn't touch a thing on that site.

I agree... I can see why NOD32 is picking it up. If this was a site that is up to no good, I would like for something to pick it up.

[TonyKlein]

Quote:

Originally Posted by duncantuna

If you go to the parasite.js author's website, they have the most up to date version of the script, which does NOT trigger a NOD32 false positive.

Eggzactly! BTW, Andrew Clover is one of the most respected experts in the field of Spyware, adware, and other unsolicited software, and his site holds a wealth of information for the uninitiated and the pros alike.

Others are using the script as well, but no problem there either. Here's another example:

http://aumha.org/a/noads.php