Alert on Webpage

Discussion in 'ESET NOD32 Antivirus' started by De Hollander, Sep 7, 2008.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    When I view page 2 from the topic Trojan Win32.Agent.pz from Stoneybrook Assisted Living site at dslreports.com/forum/security, Nod32 (3.0.669.0 /3424) give's me a warning about JS/TrojanDownloader.Agent.NFB.

    False positive or not
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    What browser? Nothing here using Firefox.
     
  3. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    I went there and nothing was flagged. Did you click a link or did it happen as soon as the page opened?

    Firefox here also.

    BFG
     
  4. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    I only get a warning when using IE. It happens when the page loads.
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    One more reason to not use it, I suggest Firefox or Opera, both are more secure. Since the problem only appears in IE, I would think it's an ActiveX exploit of some type.
     
  6. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hello,

    For curiosity's sake I checked on that web page De Hollander mentioned in his post and NOD32 v. 3.0.772 didn't warn me at all.

    I'm using windows XP Professional with SP-3(fully patched), NOD32 v. 3.0.772, ZoneAlarm Pro v. 8.0.15 and Windows Defender only. No more security software installed and IE 7.0.

    Couldn't that be an error message ?


    Carlos
     
  7. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    as far as that connection terminated is concerned, its for security

    u can;t see the problem, coz there is a java script which is actually a NFC.variant

    but the Java script is only is text, in HTML format, threatsense detects it somehow and is rejecting it,

    u can observe it using an old Browser Optimization Software called as NAVISCOPE,

    u can actually see what being downloaded from the webpage, and observe carefully, its passes off very quick,( Small Size )

    and as far as the security is concerned, u need not worry, its just a precaution via ThreatSense
     
  8. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Actaully Can;t be considered as False Positive, Its a Precautionary security
     
  9. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    That's debatable when using Vista, as IE7/8 run in protected mode.
     
  10. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    This is because malicious code was entered into the (code) tags, meaning it shows the exact code, but won't execute it

    it's not a false positive, and the malicious code is entering your computer, just not running

    i'd bet money this post is whats setting it off from the obfuscated javascript

    http://www.dslreports.com/forum/r21066716-
     
  11. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Thanks for replaying , and sorry for the late respons, .....a lot of work :ouch:

    The message came with IE7 , Vista Home Premium and Windows Defender, IE7 passive modus / Blackspear settings.


    Translation:
    Probably a variant of JS/TrojanDownloader.Agent.NFB.Trojan horse
    Error during cleanup
    Event occurred in new file that was created by program:
     

    Attached Files:

    Last edited: Sep 8, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.