False Positive Website

Discussion in 'ESET NOD32 Antivirus' started by mavi, Jul 30, 2011.

Thread Status:
Not open for further replies.
  1. mavi
    Offline

    mavi Registered Member

    Hi,

    I am a user of animecrazy.net, and dramacrazy.net, and since the last
    signature update I've noticed that any video iframes show up as a
    false positive, JS/TrojanDownloader.Iframe.NKE trojan.

    Like for instance:
    -dramacrazy.net/korean-drama/city-hunter-episode-2/ speedy
    joe(satsukai.com) mirrors use iframes to show, and I've tried to identify with
    multiple virus scanners, and only yours shows this false positive.

    If you watch the same video on the actual satsukai.com site
    -satsukai.com/get_video.php?video=17762

    Nothing shows up, meaning it's not the actual page.

    Another non iframe mirror:
    -dramacrazy.net/korean-drama/city-hunter-episode-2/146491
    see no virus

    Or for instance try this:
    -dramacrazy.net/korean-drama/city-hunter-episode-19/163500
    same issue using another iframe site.

    If you check the actual Iframe
    page in a new tab, no virus.

    If you try the actual site with a non iframe mirror, it shows no virus so I'm ruling out ads, comprimised pages, etc. But
    when you try a page with an video that comes through an iframe it
    calls it a virus.

    No files are downloaded from that site. No viruses come from it. It's
    just a video player in an iframe.

    Here's an image of the eset popup i get.

    Clipboard02.jpg
    http://img69.imageshack.us/img69/5350/unled1iy.png

    I need this to be fixed as it's not a virus and is on every page i
    view except the other mirrors, and getting quite annoying fast.

    Thanks!
  2. NoobStick
    Offline

    NoobStick Guest

  3. toxinon12345
    Offline

    toxinon12345 Registered Member

    I saw similar detections in the ScrInject signature

    anyway a frame with a minimal size is always suspicious
  4. mavi
    Offline

    mavi Registered Member

    But the frame size is 700x400.
  5. siljaline
    Offline

    siljaline Registered Member

  6. no_idea
    Offline

    no_idea Registered Member

  7. piranha
    Offline

    piranha Registered Member

    do you understand what is a false positive ?

    a same file could be ok in another website or mirror but it dont means it is a false positive. Can just means that the another website or mirror is NOT infected !!!

    submit website and/or file to Eset, if it is a false alert and the video or file is really ok, they will correct this in a next virus db update
  8. SweX
    Offline

    SweX Registered Member

    Last edited: Jul 31, 2011
  9. siljaline
    Offline

    siljaline Registered Member

  10. mavi
    Offline

    mavi Registered Member

    This is the very reason why I don't use malware bytes, they veer too far on the edge of false positives. I know plenty of good sites that are on ecatel, that are anime sites.

    With that said, this iframe issue affects pretty much any site that serves media through an iframe. It's too major of an issue to continue as is.

    Peace out, hope it gets resolved soon.
  11. danieln
    Offline

    danieln Eset Staff

  12. SweX
    Offline

    SweX Registered Member

    You're welcome mate :thumb:
  13. siljaline
    Offline

    siljaline Registered Member

  14. mavi
    Offline

    mavi Registered Member

    Is that the problem? Can't you guys just whitelist the three sites (AnimeCrazy.Net/DramaCrazy.Net) as they are virus free but are just running into the obfuscated issue?
Thread Status:
Not open for further replies.