I think it's false positive

Hi all
IMON trojan alert when tried to access this site.

www,spykiller.com/index.asp?Ref=2937

[Bubba]

Whether this is valid or not....I would like to point out it would be appreciated if when posting a possible malware link....you do the best you can in not making the link a hyperlink. While I don't see nothing out of the ordinary yet....I have not looked at it close enough....since I wanted to make this point first. Unfortunately as a guest I can not IM\PM you about this matter.

[zashita]

It looks like this previous post

Regards

[DonKid]

Same error here.

Let's wait for Eset Moderators.

Best Regards,

DonKid.

[Bubba]

As zashita alluded to in post # 3....it's probably has to do with the parasite.js script entry that is displayed on that page. What troubles me is the fact that the parasite.js file downloaded from Spykiller is almost identical to the parasite.js file that "one of the most respected experts in the field of Spyware, adware, and other unsolicited software"(Andrew Clover) offers on his Parasite page....along with the script code folks can use on their respective Web sites. What's missing is the important part of who the credit should go to about the script file.

purpose: IE parasite detector (http://www.doxdesk.com/parasite/)
// author: Andrew Clover (mailto:and@doxdesk.com)
//

Code:

Spykiller script
<script type="text/javascript" src="./js/parasite.js"></script>

Andrew Clovers script
<script type="text/jscript"
src="http://www.doxdesk.com/script/parasite.js"></script>

I personally wouldn't have anything to do with those folks

Quote:

SpyKiller 2005 @ Rogue/Suspect Anti-Spyware Products list
aggressive, deceptive advertising (1, 2, 3); false positives work as goad to purchase; same app as #1 Spyware Killer, Max Privacy Protector, SpyDoctor, SpyFirewall, Spyinator, SpyLax, SpySpotter, SpywareThis, & Spyware Protection Pro; Ad-aware knockoff [A: 6-26-04 / U: 2-14-05]

Quote:

Originally Posted by Bubba

Whether this is valid or not....I would like to point out it would be appreciated if when posting a possible malware link....you do the best you can in not making the link a hyperlink. While I don't see nothing out of the ordinary yet....I have not looked at it close enough....since I wanted to make this point first. Unfortunately as a guest I can not IM\PM you about this matter.

sorry Bubba
I thought its an ordinary link. may I ask why.

[zashita]

Quote:

Originally Posted by hadi

sorry Bubba
I thought its an ordinary link. may I ask why.

Put a link of pointing to a possible threat is dangerous. If this a real threat, as everybody is curious, we will all click on it, and take the infection in our face ... and as we are not all well protected (and id is altmost impossible to be protected from all, especially new threats), our computer could be infected.
You can put the address , but not link it (no hyperlink), like this, all persons here can see this, but not have a direct access to the page. We can try the 'link' if we want, by knowing that it could be dangerous, but not everybody will click on it, only really interested persons who will investigate on this.

Regards

Quote:

Originally Posted by zashita

Put a link of pointing to a possible threat is dangerous. If this a real threat, as everybody is curious, we will all click on it, and take the infection in our face ... and as we are not all well protected (and id is altmost impossible to be protected from all, especially new threats), our computer could be infected.
You can put the address , but not link it (no hyperlink), like this, all persons here can see this, but not have a direct access to the page. We can try the 'link' if we want, by knowing that it could be dangerous, but not everybody will click on it, only really interested persons who will investigate on this.

Regards

didnt know that because I always see threads with clickable link like
http://www.wilderssecurity.com/showthread.php?t=79587
Anyway Thanks