Avast finding false positive on entropedia.info

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
entropiawiki.com has been compromised with a Trojan don't use it!
Your computer will be infected with a virus.
This is a java script type attack.
Spread the word!
 

Meric

Guardian
Joined
Oct 9, 2006
Posts
306
Location
UK
Society
Knowing
Avatar Name
Harry Meric Darkstar
Do you have any evidence? Which trojan?
 

jqkill

Prowler
Joined
Jan 21, 2013
Posts
1,149
Location
West Coast, USA
Society
Calypso Rescue Team
Avatar Name
Test Jqkill Muffin
color me skeptic
 

Svarog

Slayer
Joined
Dec 11, 2006
Posts
9,422
The same thing, I guess. JQuery's probing for browser's capabilities causes it with some paranoid AVs. I don't know if Entropedia uses JQuery though.
 

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
Here is a screen shot of what avast says is where the script was trying to run from

entropedia.png

entropedia2.png


This is the location on the page where the script is that is trying to run

entropedia31.png
 

N. Radioactive

Prowler
Joined
Apr 25, 2009
Posts
1,357
Location
St. Albert, Alberta
Society
Alluvial Peace Alliance
Avatar Name
Nicolas Radioactive d'Entremont
Yeah, I've been getting that virus warning every time I go on there. It's been happening since I upgraded to Windows 8. I'm also using Avast! anti virus in Chrome.
 

FallenAngel

Stalker
Joined
Dec 9, 2006
Posts
1,968
Society
Free!
Avatar Name
Fallen Yours Angel
entropiawiki.com has been compromised with a Trojan don't use it!
Your computer will be infected with a virus.
This is a java script type attack.
Spread the word!

Yeah, I've been getting that virus warning every time I go on there. It's been happening since I upgraded to Windows 8. I'm also using Avast! anti virus in Chrome.

if your antivirus is warning you/catching it you are not going to be infected are you? :)
 

jenny ferr

Elite
Joined
Aug 25, 2008
Posts
2,789
Location
Sweden
Society
Modified Perception
Avatar Name
Jennifer Jenny ferr
The same thing, I guess. JQuery's probing for browser's capabilities causes it with some paranoid AVs. I don't know if Entropedia uses JQuery though.
yep, same thing guess I wasn't alone...

if your antivirus is warning you/catching it you are not going to be infected are you? :)
yeah which is why I kept using it since I got the warning as I trust it's blocked so can't do any harm jsut annoying to get the quarantine warning each time.
 

N. Radioactive

Prowler
Joined
Apr 25, 2009
Posts
1,357
Location
St. Albert, Alberta
Society
Alluvial Peace Alliance
Avatar Name
Nicolas Radioactive d'Entremont
if your antivirus is warning you/catching it you are not going to be infected are you? :)

Yeah, if the anti virus detects it, it will block it so I don't think there's any real threat. It's probably just a false positive on Avast! side. I know it was detecting my entropia.exe as a virus, planetside2.exe as well.
 

Chuck Wholrey

Dominant
Joined
Feb 21, 2012
Posts
399
Location
Missouri, USA
Society
Benevolence
Avatar Name
Chuck Jarrdhead Wholrey
When the game comes up with a new patch, i get a virus warning about the up loader.... I have blown it off, but they prolly should check on it.... could just be Avast does not like the code from the up loader.

And whoever reported Moogle as spamming a malicious website is a prick bastard who should be locked themselves for a few days.

If something like this happens the players need to know, not the players shooting the messenger.
 

Serica

Moderator
Moderator
Joined
Nov 1, 2006
Posts
5,356
Location
Australia
Society
Antipodean Army
Avatar Name
Harena Serica Turbinis

Serica

Moderator
Moderator
Joined
Nov 1, 2006
Posts
5,356
Location
Australia
Society
Antipodean Army
Avatar Name
Harena Serica Turbinis
/mod note/ I've renamed this thread to indicate it's a false positive on Avast's side.
 

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
After a slight misunderstanding ended up getting my account locked....

... Achievement unlocked Entropedia.info can be a malicious url to spam...

( I was nervous as hell and ended up having a panic attack at 2am)
But now unlocked after chatting with support.

mareply.png


So they are now looking into this virus issue.

More about this virus.
From what I have found, and personal experience no official PayPal script should ever trigger this as a false positive. They do a lot of testing on these sorts of things.

I did a ton of research on the JS:Includer-ANI[Trj], and it is nothing to take lightly.
It is a new form of attack that is spreading fast. Basically it modifies and takes over your system disabling most antivirus software and root kits its self. After securing its place on your computer it then starts to download other malware and virus's that attempt to keylog and scrape your computer for all your passwords / user accounts and private information.
These other virus's tend to disable your anti malware and anti virus software, they may look to be running but they will just be there for eye candy to give you a false sense of security.

This could be even more harmful if someone modified this type of virus to fish for EU passwords and steal accounts.

Ways to check if you have this virus, it has several noticeable signs:
  • Unusually high cpu usage
  • randomly downloaded files appearing on your system
  • Random system errors
  • Programs no longer running properly or even loading at all
  • Your antivirus reporting normal non effected programs as viruses

This virus likes to store multiple copies of its self in your %AppData% folder under strange names. It can be difficult to find what process the virus is running as, as it will have some random name.exe

I found this youtube video that explains how you can easily manually remove this virus once you figure out what it is named as. http://youtu.be/gKLWj3oWAGk


I am not trying to cause panic or cause any mistrust in any valuable community tools.
EU has been here for me through some of the roughest times in my life. My only intention here and always will be to look out for other players and the community as much as possible while continuing to enjoy the game play as it continues to evolve and grow.
 

aia

Marauder
Joined
Mar 23, 2006
Posts
6,049
Avast forums report that Avast is detecting a false positive with Paypal donation links

A couple of weeks ago Avast gave me a fat warning when trying to log into gmail... it vanished when I downloaded latest version of Avatst from their webpage.
 

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
Avast forums report that Avast is detecting a false positive with Paypal donation links on sites: http://forum.avast.com/index.php?topic=122573.30

It appears to be limited to users running Avast in conjunction with IE 9 or 10.

This is a older issue that had occurred back in April - July with a different set of virus's completely.

I got this issue with Chrome, Fire Fox and the latest version of IE.
 

Serica

Moderator
Moderator
Joined
Nov 1, 2006
Posts
5,356
Location
Australia
Society
Antipodean Army
Avatar Name
Harena Serica Turbinis
Try downloading the latest virus definition update, as Sissi has done.
 

Sissi

Prowler
Joined
Feb 16, 2007
Posts
1,156
Society
mjau
Avatar Name
Elizabeth Sissi Habsburg
I have updates on automatic, get several everyday, in fact got one just now.
 

Mega

Chaotic Good
Joined
Sep 30, 2006
Posts
16,334
Location
England
Society
Kaos
Avatar Name
MegaVolt
Well, its a different kind of "I'm back" post but welcome back Haxtor Moogle!

Too many false positives can lead some to try another anti virus program maybe?


Anyway, glad this is a false positive. :thumbup:
 

Maximus

Old Alpha
Joined
Oct 21, 2006
Posts
768
Location
USA
Society
Kaos
Avatar Name
Maximus Lord Decimus
Well, its a different kind of "I'm back" post but welcome back Haxtor Moogle!

Too many false positives can lead some to try another anti virus program maybe?


Anyway, glad this is a false positive. :thumbup:

Indeed Welcome Back!!!:yup:
 

jenny ferr

Elite
Joined
Aug 25, 2008
Posts
2,789
Location
Sweden
Society
Modified Perception
Avatar Name
Jennifer Jenny ferr
this is not Avast only, call me paranoid but I wont post which AV I run but it's not Avast.
And obviously if you have a AV you should get updates asap for it actually got 3 today already, which tells me something is happening that make them work this hard as it's unusual many

edit: ok, unusual many I noticed then ;)
as I just checked and yeah it's plenty of updates every day so maybe nothing special just that I noticed it today lol

But don't have to be the coding on entropedia, or does it? can just be some compromised ads they have or other things?
 
Last edited:

Serica

Moderator
Moderator
Joined
Nov 1, 2006
Posts
5,356
Location
Australia
Society
Antipodean Army
Avatar Name
Harena Serica Turbinis
I use a commercial (ie not free) anti-virus program that updates automatically:

9Nov - 12 updates
10Nov - 14 updates
11Nov - 11 updates
12Nov - 7 updates
13Nov - 11 updates
14Nov - 10 updates
15Nov - 7 updates
16Nov - 12 updates

It's not finding any issue with Entropedia though.

There's been no change whatever to the coding on the Entropedia website for months, as Witte has been working away from home and has no access.
 

Serica

Moderator
Moderator
Joined
Nov 1, 2006
Posts
5,356
Location
Australia
Society
Antipodean Army
Avatar Name
Harena Serica Turbinis
This is a older issue that had occurred back in April - July with a different set of virus's completely.

I got this issue with Chrome, Fire Fox and the latest version of IE.

Yep, my bad .. I was reading another more recent one that linked to that thread I quoted, and didn't notice the date on it when I changed browser tabs.

Moogle, if downloading the latest virus definition update fixes the issue for you too, can you post here again to confirm pls ?
 

Legion

Marauder
Joined
Aug 24, 2005
Posts
6,324
Location
Sweden
Society
Supremacy Reign
Avatar Name
Iam Flatline Legion
People stop using "crap" anti-virus programs. Yes avast does work somewhat but as you have noticed it does tend to set of false positives which is highly annoying.
The reason for false positives is most often due to slow definition updates.

If you do want a free antivirus that does it's job get microsofts own, and they are not slow with the definition updates.
 

Svarog

Slayer
Joined
Dec 11, 2006
Posts
9,422
Yep, MS Security Essentials is more than enough, can't understand why people bother with anything else.
 

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
Yep, my bad .. I was reading another more recent one that linked to that thread I quoted, and didn't notice the date on it when I changed browser tabs.

Moogle, if downloading the latest virus definition update fixes the issue for you too, can you post here again to confirm pls ?

Updated. still shows up. Tried 3 different computers all up to date... still shows up...
 

xWandererx

Stalker
Joined
Mar 23, 2005
Posts
1,928
Location
UK
Society
Natural Born Killers
Avatar Name
Jason Wanderer Longbow
Yep, MS Security Essentials is more than enough, can't understand why people bother with anything else.

MS Security Essentials sux A** according to anyone who works in antivirus. Personally I use Comodo which is free and does what it says on the box.
 

aia

Marauder
Joined
Mar 23, 2006
Posts
6,049
Microsoft defender (win8)/security Essentials (XP/Win7) is one end of the scale:
+ easy to use, clean user interface
+ no annoying popups
+ no toolbar "offered" at updates
+ No registration/need to enter email address; no need to "renew license" regularily

On the other hand
- Can miss some viruses

Avast is on the other side of the scale:
+ Good at finding viruses
+ Nice feature is the general program upgrade manager
-- Can be a pain if it detects a minor release as upgrade that isn't offered as download

On the other hand
- Historically some devastating false positives
- Popups
- When major versions come out you risk getting a toolbar if you don't watch out
- "upgrade offer": An end user who upgrades risk losing protection 30 days after a mis-click

+- Sandboxing: Safety feature but can be a pain if you're using a rare program
 
Top