js/Tivso.14a.gen trojan

Discussion in 'NOD32 version 2 Forum' started by rocky64, Jun 30, 2007.

Thread Status:
Not open for further replies.
  1. rocky64

    rocky64 Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    1
    What is this. Just popped up on my screen this morning. I had not been to any internet sites this morning. Just booted up sys and this came on screen.

    Thanks for your help with this :)
     
  2. ASpace

    ASpace Guest

    Hi !

    Well , this is a security threat (Java Script Trojan horse) , detected by NOD32 . It will be good idea to perform full scan of the computer . It is detected so don't worry - you are secure.

    By the way , I noticed detection for JS/Tivso was updated todays so perhaps that's the reason you see it now , it was present for a while on your computer , detected today
     
  3. RealCybi

    RealCybi Registered Member

    Joined:
    May 13, 2005
    Posts:
    8
    Location:
    Germany
    I had this too while browsing on www.heise.de.
    Seems it is a false positive. No i am blocking cookies from serving-sys.com and the "thread" seems to have disappeared.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
  5. ASpace

    ASpace Guest

    It is either a real threat or a false-positive but must first be checked .
    Here is what I got from VT:

    Complete scanning result of "ebBannerMain_62_36_1_.js", received in VirusTotal at 06.30.2007, 18:19:58 (CET).

    EC edit: Removed virus total results. Please read our TOS.

    (Sorry for the scan results , Mods , just for diagnostic :) )
     
    Last edited by a moderator: May 28, 2008
  6. Hexaguano

    Hexaguano Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    100
    Showing up (ebBannerMain_62_36_1_.js) on the At&T Yahoo! Mail home page as well. 5 hits since yesterday...
     
  7. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
    just got one at:

    extremetech.com/article2/0,1697,2151961,00.asp
     
  8. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    I just got it from the home page of PC world
    ebBannerMain_62_36_1_.js, JS/Tivso.14a.gen trojan
     
  9. ASpace

    ASpace Guest

    I get no warning with v2365 on AT&T yahoo mail , nor on the other Yahoo mail . I also have no problems on PCWorld's web-page www.pcworld.com . No warning on http://www.extremetech.com/article2/0,1697,2151961,00.asp , too

    Still warnings on http://yahoo.serving-sys.com//yahoo.eyeblaster.com/PL_yahoo/BigScripts/ebBannerMain_62_36.js . No warning on the main http://www.heise.de/ page ... Are we talking about the same thing ?

    EDIT : After futher browsing within PC-world's site I started getting the alarms ;) Sorry
     
    Last edited by a moderator: Jun 30, 2007
  10. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    This is coming up constantly for me. Based on all of the other posts, I have to believe this is some kind of false positive.

    Bottom line - HOW do we get this nuisance to stop?

    Thanks...

    Andy
     

    Attached Files:

  11. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    My inbox just got filled with loads of alerts from client PCs I'm monitoring about this false positive!!
     
  12. richo

    richo Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    76
    It appears to be a FP, now fixed.
     
  13. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    "Now fixed"? Who/how/where/when?
     
  14. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
    The bug was in virus signature database version 2365 (20070630). It was corrected in version 2366 (20070701).

    A minute before updating to the new version, I received the NOD32 warning when visiting this page:

    http://www.pcworld.com/product/specs/id,27915-c,monitors/specs.html

    A minute later, after updating, no NOD32 warning appeared when I visited the same page.
     
  15. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    Got it. Thanks!
     
  16. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Looks like signature version 2366 fixes it for me as well. Thanks Eset for the quick response.
     
  17. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
  18. ASpace

    ASpace Guest

    "It Looked Like a Duck. It Walked Like a Duck. It Quacked Like a Duck…"

    :D :D :D Very nice and funny :thumb:
     
  19. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
    Yes, great blog entry, and this issue is a message to always keep antivirus software updated.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.