Possible AntiVir Premium false positive?

Discussion in 'other anti-virus software' started by QBgreen, Nov 25, 2008.

Thread Status:
Not open for further replies.
  1. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
  2. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden
    Yes, I get the same warning... I've got my guard settings at medium.
     
  3. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    Site hacked, there's a obfuscated javascript who redirect to amigohello[DOT]com
     
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    I'm using Firefox 3.1 beta2 and it gives a message:

    "the site at google-stats.com has been reported as an attack site and has been blocked based on your security preferences."
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Are you sure?
     
  6. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    Yes.

    I send HEUR/HTML.Malware file to avira


    Now superantispyware.com is clean. :)
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Interesting.
    You're right, I get no detection there now. ;)

    Good work for Avira: it was the only AV to detect it.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Would be nice to hear from Superantispyware, this sounds a bit worrying for such a respectable security company having the site been hacked...

    Fax
     
  9. Zeena

    Zeena Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    409
    Location:
    UK
    Hi :)


    I know this sounds really silly :oops:
    But...
    Is it safe to update my SAS ?

    It's Kind Of Disturbing..
    When A Security Company Can't Protect Their Own Website :eek:

    Can You Imagine...
    Someone going to the SAS website .. With No Protection :(
    Because...
    That's why they're going there... To Get Some :rolleyes:
     
  10. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Looks like the SAS team hasn't done the weekly security check-up :D
    Anyway the important thing is that it's fixed :thumb:
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Don't dramatize. Bigger security companies like F-Secure, Avast, etc had their websites hacked also a while ago.
     
  12. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    We had another web server brought online into our array that was not in our automatic protection system that guards against attack and automatically restores files if a hack were to happen. It was firewalled and patched. Our servers are under nearly constant attack. It was only altered for a brief period of time and is now in our queue system.
     
  13. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    thanks for the explanation :)

    robin
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Indeed... thank you for the insight :ninja:
    Fax
     
  15. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    Geez Nick, what have you done to cheese off hackers to this point?! (Aside from making a powerful and threatening program to their malware, that is!) They're at it again at supernantispyware.com. As of the time of this post, AntiVir Premium's WebGuard informs me that the page contains the recognition pattern of the JS/Dldr.Agent.abl Java script virus. :eek: I'm sure things will be rectified in no time flat.
     
  16. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    its not the only AV :D

    kaspersky also detect it as multi-packed threat ;)
     
  17. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    yesterday it was the only one. I don't know for today.
     
  18. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    if im not wrong you have submit the virus to a multi scanner site, and most of them are using kaspersky 7.0 not 8.0
     
  19. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    And the multi packed file detection was added in 8.0, right?:)
     
  20. tmaertin

    tmaertin Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    32
    Location:
    North Tonawanda, NY
    things like this are why i switched from NOD32 to Avira
     
  21. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    My wife's laptop has the latest build of KIS 2009 and it did not detect it yesterday or today. On my laptop, Avira stops it immdeiately!
     
  22. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
  23. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    He's talking about the executable file, not the actual iframe. Plus, as far as I can see there is no malicious code on the site that is loading for me now. Only links to superantispyware.com related stuff and images, no iframes or scripts. (Beta script heuristics actually caught it :))
     
    Last edited: Nov 26, 2008
  24. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    btw did anyone see Avira free stop it or only the pro version?

    robin
     
  25. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Avira wasn't the only one yesterday, KIS 2009 with beta Heuristics detected it as HEUR:Trojan.Script.Iframer
    Screenshot: heursas.JPG

    ;)
     
Loading...
Similar Threads
  1. ankupan
    Replies:
    7
    Views:
    1,329
Thread Status:
Not open for further replies.