False Positive Website

Discussion in 'ESET NOD32 Antivirus' started by mavi, Jul 30, 2011.

Thread Status:
Not open for further replies.
  1. mavi

    mavi Registered Member

    Joined:
    Jul 30, 2011
    Posts:
    4
    Hi,

    I am a user of animecrazy.net, and dramacrazy.net, and since the last
    signature update I've noticed that any video iframes show up as a
    false positive, JS/TrojanDownloader.Iframe.NKE trojan.

    Like for instance:
    -dramacrazy.net/korean-drama/city-hunter-episode-2/ speedy
    joe(satsukai.com) mirrors use iframes to show, and I've tried to identify with
    multiple virus scanners, and only yours shows this false positive.

    If you watch the same video on the actual satsukai.com site
    -satsukai.com/get_video.php?video=17762

    Nothing shows up, meaning it's not the actual page.

    Another non iframe mirror:
    -dramacrazy.net/korean-drama/city-hunter-episode-2/146491
    see no virus

    Or for instance try this:
    -dramacrazy.net/korean-drama/city-hunter-episode-19/163500
    same issue using another iframe site.

    If you check the actual Iframe
    page in a new tab, no virus.

    If you try the actual site with a non iframe mirror, it shows no virus so I'm ruling out ads, comprimised pages, etc. But
    when you try a page with an video that comes through an iframe it
    calls it a virus.

    No files are downloaded from that site. No viruses come from it. It's
    just a video player in an iframe.

    Here's an image of the eset popup i get.

    Clipboard02.jpg
    http://img69.imageshack.us/img69/5350/unled1iy.png

    I need this to be fixed as it's not a virus and is on every page i
    view except the other mirrors, and getting quite annoying fast.

    Thanks!
     
  2. NoobStick

    NoobStick Guest

    Joined:
    Jun 23, 2011
    Posts:
    0
  3. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,180
    Location:
    Managua, Nicaragua
    I saw similar detections in the ScrInject signature

    anyway a frame with a minimal size is always suspicious
     
  4. mavi

    mavi Registered Member

    Joined:
    Jul 30, 2011
    Posts:
    4
    But the frame size is 700x400.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
  7. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    do you understand what is a false positive ?

    a same file could be ok in another website or mirror but it dont means it is a false positive. Can just means that the another website or mirror is NOT infected !!!

    submit website and/or file to Eset, if it is a false alert and the video or file is really ok, they will correct this in a next virus db update
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,271
    Last edited: Jul 31, 2011
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  10. mavi

    mavi Registered Member

    Joined:
    Jul 30, 2011
    Posts:
    4
    This is the very reason why I don't use malware bytes, they veer too far on the edge of false positives. I know plenty of good sites that are on ecatel, that are anime sites.

    With that said, this iframe issue affects pretty much any site that serves media through an iframe. It's too major of an issue to continue as is.

    Peace out, hope it gets resolved soon.
     
  11. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,271
    You're welcome mate :thumb:
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  14. mavi

    mavi Registered Member

    Joined:
    Jul 30, 2011
    Posts:
    4
    Is that the problem? Can't you guys just whitelist the three sites (AnimeCrazy.Net/DramaCrazy.Net) as they are virus free but are just running into the obfuscated issue?
     
Thread Status:
Not open for further replies.