search

jeffreyhi1 / loginsystem-rd

Automatically exported from code.google.com/p/loginsystem-rd
0 stars 0 forks source link

False Positive Alert : Virus code being detected in obfuscated JS code. #63

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
Trojan-Downloader.JS.Inor.a

I've just doing a full virus scan and I'm getting the above virus detected in 
the obfuscated JS code in the ASP and PHP files.

[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\asp\HTML 4.01 
Markup\change-password-markup.asp, ID: 4723144, Name: 
Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\asp\HTML 4.01 
Markup\register-markup.asp, ID: 4723144, Name: Trojan-Downloader.JS.Inor.a (v), 
Category: Trojan
[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\asp\HTML 4.01 
Markup\set-new-password-markup.asp, ID: 4723144, Name: 
Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\asp\include\change-password-markup.asp, ID: 
4723144, Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\asp\include\register-markup.asp, ID: 4723144, 
Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\asp\include\set-new-password-markup.asp, ID: 
4723144, Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\php\HTML 4.01 
Markup\change-password-markup.php, ID: 4723144, Name: 
Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\php\HTML 4.01 
Markup\register-markup.php, ID: 4723144, Name: Trojan-Downloader.JS.Inor.a (v), 
Category: Trojan
[THREAT] Item: C:\Checkouts\loginsystem-rd\trunk\php\HTML 4.01 
Markup\set-new-password-markup.php, ID: 4723144, Name: 
Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\php\include\change-password-markup.php, ID: 
4723144, Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\php\include\register-markup.php, ID: 4723144, 
Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan
[THREAT] Item: 
C:\Checkouts\loginsystem-rd\trunk\php\include\set-new-password-markup.php, ID: 
4723144, Name: Trojan-Downloader.JS.Inor.a (v), Category: Trojan

I've decoded one of them and it is a false positive. (test.log is the decoded 
JS code and attached to this message).

I think the JS code should not be obfuscated. No true benefit as JS code can 
only assist the client. The server side code should still do the validation, so 
for a site with no JS, the site still works.

Original issue reported on code.google.com by RQuadling@gmail.com on 17 Jun 2010 at 8:49