Alert on Webpage

Discussion in 'ESET NOD32 Antivirus' started by De Hollander, Sep 7, 2008.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    When I view page 2 from the topic Trojan Win32.Agent.pz from Stoneybrook Assisted Living site at dslreports.com/forum/security, Nod32 (3.0.669.0 /3424) give's me a warning about JS/TrojanDownloader.Agent.NFB.

    False positive or not
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    What browser? Nothing here using Firefox.
     
  3. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    I went there and nothing was flagged. Did you click a link or did it happen as soon as the page opened?

    Firefox here also.

    BFG
     
  4. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    I only get a warning when using IE. It happens when the page loads.
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    One more reason to not use it, I suggest Firefox or Opera, both are more secure. Since the problem only appears in IE, I would think it's an ActiveX exploit of some type.
     
  6. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hello,

    For curiosity's sake I checked on that web page De Hollander mentioned in his post and NOD32 v. 3.0.772 didn't warn me at all.

    I'm using windows XP Professional with SP-3(fully patched), NOD32 v. 3.0.772, ZoneAlarm Pro v. 8.0.15 and Windows Defender only. No more security software installed and IE 7.0.

    Couldn't that be an error message ?


    Carlos
     
  7. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    as far as that connection terminated is concerned, its for security

    u can;t see the problem, coz there is a java script which is actually a NFC.variant

    but the Java script is only is text, in HTML format, threatsense detects it somehow and is rejecting it,

    u can observe it using an old Browser Optimization Software called as NAVISCOPE,

    u can actually see what being downloaded from the webpage, and observe carefully, its passes off very quick,( Small Size )

    and as far as the security is concerned, u need not worry, its just a precaution via ThreatSense
     
  8. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Actaully Can;t be considered as False Positive, Its a Precautionary security
     
  9. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    That's debatable when using Vista, as IE7/8 run in protected mode.
     
  10. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    This is because malicious code was entered into the (code) tags, meaning it shows the exact code, but won't execute it

    it's not a false positive, and the malicious code is entering your computer, just not running

    i'd bet money this post is whats setting it off from the obfuscated javascript

    http://www.dslreports.com/forum/r21066716-
     
  11. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Thanks for replaying , and sorry for the late respons, .....a lot of work :ouch:

    The message came with IE7 , Vista Home Premium and Windows Defender, IE7 passive modus / Blackspear settings.


    Translation:
    Probably a variant of JS/TrojanDownloader.Agent.NFB.Trojan horse
    Error during cleanup
    Event occurred in new file that was created by program:
     

    Attached Files:

    Last edited: Sep 8, 2008
Thread Status:
Not open for further replies.