False Positive Website

Discussion in 'ESET NOD32 Antivirus' started by mavi, Jul 30, 2011.

Thread Status:
Not open for further replies.
  1. mavi

    mavi Registered Member


    I am a user of animecrazy.net, and dramacrazy.net, and since the last
    signature update I've noticed that any video iframes show up as a
    false positive, JS/TrojanDownloader.Iframe.NKE trojan.

    Like for instance:
    -dramacrazy.net/korean-drama/city-hunter-episode-2/ speedy
    joe(satsukai.com) mirrors use iframes to show, and I've tried to identify with
    multiple virus scanners, and only yours shows this false positive.

    If you watch the same video on the actual satsukai.com site

    Nothing shows up, meaning it's not the actual page.

    Another non iframe mirror:
    see no virus

    Or for instance try this:
    same issue using another iframe site.

    If you check the actual Iframe
    page in a new tab, no virus.

    If you try the actual site with a non iframe mirror, it shows no virus so I'm ruling out ads, comprimised pages, etc. But
    when you try a page with an video that comes through an iframe it
    calls it a virus.

    No files are downloaded from that site. No viruses come from it. It's
    just a video player in an iframe.

    Here's an image of the eset popup i get.


    I need this to be fixed as it's not a virus and is on every page i
    view except the other mirrors, and getting quite annoying fast.

  2. NoobStick

    NoobStick Guest

  3. toxinon12345

    toxinon12345 Registered Member

    I saw similar detections in the ScrInject signature

    anyway a frame with a minimal size is always suspicious
  4. mavi

    mavi Registered Member

    But the frame size is 700x400.
  5. siljaline

    siljaline Former Poster

  6. no_idea

    no_idea Registered Member

  7. piranha

    piranha Registered Member

    do you understand what is a false positive ?

    a same file could be ok in another website or mirror but it dont means it is a false positive. Can just means that the another website or mirror is NOT infected !!!

    submit website and/or file to Eset, if it is a false alert and the video or file is really ok, they will correct this in a next virus db update
  8. SweX

    SweX Registered Member

    Last edited: Jul 31, 2011
  9. siljaline

    siljaline Former Poster

  10. mavi

    mavi Registered Member

    This is the very reason why I don't use malware bytes, they veer too far on the edge of false positives. I know plenty of good sites that are on ecatel, that are anime sites.

    With that said, this iframe issue affects pretty much any site that serves media through an iframe. It's too major of an issue to continue as is.

    Peace out, hope it gets resolved soon.
  11. danieln

    danieln Eset Staff

  12. SweX

    SweX Registered Member

    You're welcome mate :thumb:
  13. siljaline

    siljaline Former Poster

  14. mavi

    mavi Registered Member

    Is that the problem? Can't you guys just whitelist the three sites (AnimeCrazy.Net/DramaCrazy.Net) as they are virus free but are just running into the obfuscated issue?
Thread Status:
Not open for further replies.