Menu
What's New
By:
Filters

Avast finding false positive on entropedia.info

Haxtor moogle

Haxtor moogle

Prowler
Joined
Sep 4, 2006
Posts
1,392
Location
USA
Society
Benevolence
Avatar Name
Haxtor Moogle Kupo
entropiawiki.com has been compromised with a Trojan don't use it!
Your computer will be infected with a virus.
This is a java script type attack.
Spread the word!
 
Do you have any evidence? Which trojan?
 
color me skeptic
 
The same thing, I guess. JQuery's probing for browser's capabilities causes it with some paranoid AVs. I don't know if Entropedia uses JQuery though.
 
Here is a screen shot of what avast says is where the script was trying to run from

entropedia.png

entropedia2.png


This is the location on the page where the script is that is trying to run

entropedia31.png
 
Yeah, I've been getting that virus warning every time I go on there. It's been happening since I upgraded to Windows 8. I'm also using Avast! anti virus in Chrome.
 
Haxtor moogle said:
entropiawiki.com has been compromised with a Trojan don't use it!
Your computer will be infected with a virus.
This is a java script type attack.
Spread the word!
Click to expand...

N. Radioactive said:
Yeah, I've been getting that virus warning every time I go on there. It's been happening since I upgraded to Windows 8. I'm also using Avast! anti virus in Chrome.
Click to expand...

if your antivirus is warning you/catching it you are not going to be infected are you? :)
 
Svarog said:
The same thing, I guess. JQuery's probing for browser's capabilities causes it with some paranoid AVs. I don't know if Entropedia uses JQuery though.
Click to expand...
yep, same thing guess I wasn't alone...

FallenAngel said:
if your antivirus is warning you/catching it you are not going to be infected are you? :)
Click to expand...
yeah which is why I kept using it since I got the warning as I trust it's blocked so can't do any harm jsut annoying to get the quarantine warning each time.
 
FallenAngel said:
if your antivirus is warning you/catching it you are not going to be infected are you? :)
Click to expand...

Yeah, if the anti virus detects it, it will block it so I don't think there's any real threat. It's probably just a false positive on Avast! side. I know it was detecting my entropia.exe as a virus, planetside2.exe as well.
 
When the game comes up with a new patch, i get a virus warning about the up loader.... I have blown it off, but they prolly should check on it.... could just be Avast does not like the code from the up loader.

And whoever reported Moogle as spamming a malicious website is a prick bastard who should be locked themselves for a few days.

If something like this happens the players need to know, not the players shooting the messenger.
 
/mod note/ I've renamed this thread to indicate it's a false positive on Avast's side.
 
After a slight misunderstanding ended up getting my account locked....

... Achievement unlocked Entropedia.info can be a malicious url to spam...

( I was nervous as hell and ended up having a panic attack at 2am)
But now unlocked after chatting with support.

mareply.png


So they are now looking into this virus issue.

More about this virus.
From what I have found, and personal experience no official PayPal script should ever trigger this as a false positive. They do a lot of testing on these sorts of things.

I did a ton of research on the JS:Includer-ANI[Trj], and it is nothing to take lightly.
It is a new form of attack that is spreading fast. Basically it modifies and takes over your system disabling most antivirus software and root kits its self. After securing its place on your computer it then starts to download other malware and virus's that attempt to keylog and scrape your computer for all your passwords / user accounts and private information.
These other virus's tend to disable your anti malware and anti virus software, they may look to be running but they will just be there for eye candy to give you a false sense of security.

This could be even more harmful if someone modified this type of virus to fish for EU passwords and steal accounts.

Ways to check if you have this virus, it has several noticeable signs:
  • Unusually high cpu usage
  • randomly downloaded files appearing on your system
  • Random system errors
  • Programs no longer running properly or even loading at all
  • Your antivirus reporting normal non effected programs as viruses

This virus likes to store multiple copies of its self in your %AppData% folder under strange names. It can be difficult to find what process the virus is running as, as it will have some random name.exe

I found this youtube video that explains how you can easily manually remove this virus once you figure out what it is named as. http://youtu.be/gKLWj3oWAGk


I am not trying to cause panic or cause any mistrust in any valuable community tools.
EU has been here for me through some of the roughest times in my life. My only intention here and always will be to look out for other players and the community as much as possible while continuing to enjoy the game play as it continues to evolve and grow.
 
Serica said:
Avast forums report that Avast is detecting a false positive with Paypal donation links
Click to expand...

A couple of weeks ago Avast gave me a fat warning when trying to log into gmail... it vanished when I downloaded latest version of Avatst from their webpage.
 
Serica said:
Avast forums report that Avast is detecting a false positive with Paypal donation links on sites: http://forum.avast.com/index.php?topic=122573.30

It appears to be limited to users running Avast in conjunction with IE 9 or 10.
Click to expand...

This is a older issue that had occurred back in April - July with a different set of virus's completely.

I got this issue with Chrome, Fire Fox and the latest version of IE.
 
Try downloading the latest virus definition update, as Sissi has done.
 
I have updates on automatic, get several everyday, in fact got one just now.
 
Well, its a different kind of "I'm back" post but welcome back Haxtor Moogle!

Too many false positives can lead some to try another anti virus program maybe?


Anyway, glad this is a false positive. :thumbup:
 
Mega said:
Well, its a different kind of "I'm back" post but welcome back Haxtor Moogle!

Too many false positives can lead some to try another anti virus program maybe?


Anyway, glad this is a false positive. :thumbup:
Click to expand...

Indeed Welcome Back!!!:yup:
 
this is not Avast only, call me paranoid but I wont post which AV I run but it's not Avast.
And obviously if you have a AV you should get updates asap for it actually got 3 today already, which tells me something is happening that make them work this hard as it's unusual many

edit: ok, unusual many I noticed then ;)
as I just checked and yeah it's plenty of updates every day so maybe nothing special just that I noticed it today lol

But don't have to be the coding on entropedia, or does it? can just be some compromised ads they have or other things?
 
Last edited:
I use a commercial (ie not free) anti-virus program that updates automatically:

9Nov - 12 updates
10Nov - 14 updates
11Nov - 11 updates
12Nov - 7 updates
13Nov - 11 updates
14Nov - 10 updates
15Nov - 7 updates
16Nov - 12 updates

It's not finding any issue with Entropedia though.

There's been no change whatever to the coding on the Entropedia website for months, as Witte has been working away from home and has no access.
 
Haxtor moogle said:
This is a older issue that had occurred back in April - July with a different set of virus's completely.

I got this issue with Chrome, Fire Fox and the latest version of IE.
Click to expand...

Yep, my bad .. I was reading another more recent one that linked to that thread I quoted, and didn't notice the date on it when I changed browser tabs.

Moogle, if downloading the latest virus definition update fixes the issue for you too, can you post here again to confirm pls ?
 
People stop using "crap" anti-virus programs. Yes avast does work somewhat but as you have noticed it does tend to set of false positives which is highly annoying.
The reason for false positives is most often due to slow definition updates.

If you do want a free antivirus that does it's job get microsofts own, and they are not slow with the definition updates.
 
Yep, MS Security Essentials is more than enough, can't understand why people bother with anything else.
 
Serica said:
Yep, my bad .. I was reading another more recent one that linked to that thread I quoted, and didn't notice the date on it when I changed browser tabs.

Moogle, if downloading the latest virus definition update fixes the issue for you too, can you post here again to confirm pls ?
Click to expand...

Updated. still shows up. Tried 3 different computers all up to date... still shows up...
 
Svarog said:
Yep, MS Security Essentials is more than enough, can't understand why people bother with anything else.
Click to expand...

MS Security Essentials sux A** according to anyone who works in antivirus. Personally I use Comodo which is free and does what it says on the box.
 
Microsoft defender (win8)/security Essentials (XP/Win7) is one end of the scale:
+ easy to use, clean user interface
+ no annoying popups
+ no toolbar "offered" at updates
+ No registration/need to enter email address; no need to "renew license" regularily

On the other hand
- Can miss some viruses

Avast is on the other side of the scale:
+ Good at finding viruses
+ Nice feature is the general program upgrade manager
-- Can be a pain if it detects a minor release as upgrade that isn't offered as download

On the other hand
- Historically some devastating false positives
- Popups
- When major versions come out you risk getting a toolbar if you don't watch out
- "upgrade offer": An end user who upgrades risk losing protection 30 days after a mis-click

+- Sandboxing: Safety feature but can be a pain if you're using a rare program
 
You must log in or register to reply here.
Back
Top