forum

[Archived] Avast found a threat on an old forum page

posted
Total Posts
6
Topic Starter
snyviper
Well, idk where I should post about this, so... here I go.
I stumbled upon a page of osu! in which avast found a threat. (just in case someone would ask) this is the only page I accessed in which this happens. Is it a false positive, or a real virus/malware/idk? Can you clean it up if it is?


osu....sh/forum/t/49733 (not set as link so people won't accidentally click on it)

osu! version: 20170616.1 (latest)
Venix
Trust me, osu! forum haven't viruses. Try to disable your avast for this site.
Kao
Why are you going to disable Avast? That's so stupid
His computer is probably infected and is running a script on the website
Disabling the antivirus is the worst thing you'd do in here

You need to run a full antivirus check of your whole PC to get rid of the script
Or better yet, re-install chrome itself.
abraker

Kao wrote:

You need to run a full antivirus check of your whole PC to get rid of the script
Or better yet, re-install chrome itself.
It is interesting that he mentions that only that page has it. If it was a script on his side, why would it only target a specific forum page?

I checked the page for myself, and I didn't find anything unusual so far. At least there are no suspicious scripts from outside sources. Haven't checked internal sources yet. But just as an experiment, can you get noscript and block everything and see what may trigger it via process of elimination?

Also an explanation from here on what might trigger it:
Well this url purports to be the favicon.gif, sneaky, all web pages that load try to find favicon to load into the address bar of the browser, so you have pretty site icon to the left of the url. Someone has substituted the actual image with an html file but just called favicon.gif this has a javascript <script> tag in it which is obfuscated to hid its malicious intent.
Not really sure how that works when the website caches everything
Kao
https://www.im-infected.com/trojan/jssc ... f-trj.html it seems that avast is mostly the one that detects this type of malware.
I don't think it targeted a single page, rather finished loading all the scripts on that page.

This means that the malware didn't come from that page at all. I already assumed that
But more of that the malware is trying to change the content of the page
Topic Starter
snyviper
I was on the end of the semester on my university, and afterwards I had to pack everything up and go home, where I became really busy, so I completely forgot about this post, my bad :c

Anyway, I'm back here, and I just remembered about this post, so I checked the page again, and avast doesn't point any threat there anymore. So idk. Thank you all anyway, and sorry again, for not remembering this.
Please sign in to reply.

New reply