Virus alerts from office.microsoft.com ?

Hi All

We had a few machines on the network report alerts from office.microsoft.com.

Using ESET NOD32 Antivirus v4.2.71.2 / signature 6583 ( 20111028 )

Code:

ESET NOD32 Antivirus: Threat alert

28/10/2011 15:36:06 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helphome14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2 contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:14 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/searchresults14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2&Query=developer&Scope=HP,HA,RZ,FX,XT,XP,VA,DC,EM,LX contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:16 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/searchresults14.aspx?NS=EXCEL&VERSION=14&LCID=1033&SYSLCID=2057&UILCID=1033&AD=1&tl=2&Query=developer&Scope=HP,HA,RZ,FX,XT,XP,VA,DC,EM,LX contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:17 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:28 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:39 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:36:39 - Module HTTP filter - Threat Alert triggered on computer LAPTOP:  http://office.microsoft.com/client/helppreview14.aspx?AssetId=HA101819080&lcid=2057&NS=EXCEL&Version=14&tl=2&respos=0&CTT=1&queryid=73d0ffc7-01cd-43f9-88a1-9e4e61958e82 contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:37:21 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VWWOP9LO\HELPHOME14[1].HTM contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:37:22 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWWOP9LO\helphome14[2].htm contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:37:23 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZI03URIQ\helppreview14[1].htm contains HTML/ScrInject.B.Gen virus.
28/10/2011 15:37:24 - Module Real-time file system protection - Threat Alert triggered on computer LAPTOP:  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MAO6815\helppreview14[1].htm contains HTML/ScrInject.B.Gen virus.

Is this a false positive?

 

I contacted Eset support and they confirmed it is a false positive and should have it fixed with the next update.

 

See https://www.wilderssecurity.com/showthread.php?t=310940