I think it's false positive

Discussion in 'NOD32 version 2 Forum' started by hadi, May 24, 2005.

Thread Status:
Not open for further replies.
  1. hadi

    hadi Guest

    Hi all
    IMON trojan alert when tried to access this site.

    www,spykiller.com/index.asp?Ref=2937
     
    Last edited by a moderator: May 24, 2005
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Whether this is valid or not....I would like to point out it would be appreciated if when posting a possible malware link....you do the best you can in not making the link a hyperlink. While I don't see nothing out of the ordinary yet....I have not looked at it close enough....since I wanted to make this point first. Unfortunately as a guest I can not IM\PM you about this matter.
     
  3. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
  4. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Same error here.

    Let's wait for Eset Moderators.

    Best Regards,

    DonKid.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As zashita alluded to in post # 3....it's probably has to do with the parasite.js script entry that is displayed on that page. What troubles me is the fact that the parasite.js file downloaded from Spykiller is almost identical to the parasite.js file that "one of the most respected experts in the field of Spyware, adware, and other unsolicited software"(Andrew Clover) offers on his Parasite page....along with the script code folks can use on their respective Web sites. What's missing is the important part of who the credit should go to about the script file.

    purpose: IE parasite detector (http://www.doxdesk.com/parasite/)
    // author: Andrew Clover (mailto:and@doxdesk.com)
    //

    Code:
    [B][B]Spykiller script[/B][/B]
    <script type="text/javascript" src="./js/parasite.js"></script>
    
    [B]Andrew Clovers script[/B]
    <script type="text/jscript"
    src="http://www.doxdesk.com/script/parasite.js"></script>
    
    I personally wouldn't have anything to do with those folks :mad:

     
  6. hadi

    hadi Guest

    sorry Bubba
    I thought its an ordinary link. may I ask why.
     
  7. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Put a link of pointing to a possible threat is dangerous. If this a real threat, as everybody is curious, we will all click on it, and take the infection in our face ... and as we are not all well protected (and id is altmost impossible to be protected from all, especially new threats), our computer could be infected.
    You can put the address , but not link it (no hyperlink), like this, all persons here can see this, but not have a direct access to the page. We can try the 'link' if we want, by knowing that it could be dangerous, but not everybody will click on it, only really interested persons who will investigate on this.

    Regards
     
  8. hadi

    hadi Guest

    didnt know that because I always see threads with clickable link like
    https://www.wilderssecurity.com/showthread.php?t=79587
    Anyway Thanks
     
Thread Status:
Not open for further replies.