js/Tivso.14a.gen trojan

Discussion in 'NOD32 version 2 Forum' started by rocky64, Jun 30, 2007.

Thread Status:
Not open for further replies.
  1. rocky64

    rocky64 Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    1
    What is this. Just popped up on my screen this morning. I had not been to any internet sites this morning. Just booted up sys and this came on screen.

    Thanks for your help with this :)
     
  2. ASpace

    ASpace Guest

    Hi !

    Well , this is a security threat (Java Script Trojan horse) , detected by NOD32 . It will be good idea to perform full scan of the computer . It is detected so don't worry - you are secure.

    By the way , I noticed detection for JS/Tivso was updated todays so perhaps that's the reason you see it now , it was present for a while on your computer , detected today
     
  3. RealCybi

    RealCybi Registered Member

    Joined:
    May 13, 2005
    Posts:
    8
    Location:
    Germany
    I had this too while browsing on www.heise.de.
    Seems it is a false positive. No i am blocking cookies from serving-sys.com and the "thread" seems to have disappeared.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
  5. ASpace

    ASpace Guest

    It is either a real threat or a false-positive but must first be checked .
    Here is what I got from VT:

    Complete scanning result of "ebBannerMain_62_36_1_.js", received in VirusTotal at 06.30.2007, 18:19:58 (CET).

    EC edit: Removed virus total results. Please read our TOS.

    (Sorry for the scan results , Mods , just for diagnostic :) )
     
    Last edited by a moderator: May 28, 2008
  6. Hexaguano

    Hexaguano Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    100
    Showing up (ebBannerMain_62_36_1_.js) on the At&T Yahoo! Mail home page as well. 5 hits since yesterday...
     
  7. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
    just got one at:

    extremetech.com/article2/0,1697,2151961,00.asp
     
  8. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    I just got it from the home page of PC world
    ebBannerMain_62_36_1_.js, JS/Tivso.14a.gen trojan
     
  9. ASpace

    ASpace Guest

    I get no warning with v2365 on AT&T yahoo mail , nor on the other Yahoo mail . I also have no problems on PCWorld's web-page www.pcworld.com . No warning on http://www.extremetech.com/article2/0,1697,2151961,00.asp , too

    Still warnings on http://yahoo.serving-sys.com//yahoo.eyeblaster.com/PL_yahoo/BigScripts/ebBannerMain_62_36.js . No warning on the main http://www.heise.de/ page ... Are we talking about the same thing ?

    EDIT : After futher browsing within PC-world's site I started getting the alarms ;) Sorry
     
    Last edited by a moderator: Jun 30, 2007
  10. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    This is coming up constantly for me. Based on all of the other posts, I have to believe this is some kind of false positive.

    Bottom line - HOW do we get this nuisance to stop?

    Thanks...

    Andy
     

    Attached Files:

  11. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    My inbox just got filled with loads of alerts from client PCs I'm monitoring about this false positive!!
     
  12. richo

    richo Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    73
    It appears to be a FP, now fixed.
     
  13. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    "Now fixed"? Who/how/where/when?
     
  14. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
    The bug was in virus signature database version 2365 (20070630). It was corrected in version 2366 (20070701).

    A minute before updating to the new version, I received the NOD32 warning when visiting this page:

    http://www.pcworld.com/product/specs/id,27915-c,monitors/specs.html

    A minute later, after updating, no NOD32 warning appeared when I visited the same page.
     
  15. Infoman

    Infoman Registered Member

    Joined:
    May 28, 2005
    Posts:
    13
    Got it. Thanks!
     
  16. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Looks like signature version 2366 fixes it for me as well. Thanks Eset for the quick response.
     
  17. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
  18. ASpace

    ASpace Guest

    "It Looked Like a Duck. It Walked Like a Duck. It Quacked Like a Duck…"

    :D :D :D Very nice and funny :thumb:
     
  19. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
    Yes, great blog entry, and this issue is a message to always keep antivirus software updated.
     
Thread Status:
Not open for further replies.