Getting "virus pop-ups" when browsing the forum..

[FeaR]

This just started happening recently (today). It's only this forum

 

[ev0lution]

Same AV as ThePro (screenshot posted in chatbox) - I'm guessing it just fails.

I'm using avast! and it doesn't give any warnings, it always bugs me if theres a virus or malicious code of any type on a site I visit.

 

[[FF]TeddyBear]

I'm using Norton 360, and it hasn't alerted me of any virus's, though a few weeks ago this forum was redirecting me to some untrusted sites.

 

[Mave]

We don't have any ads at the moment, there's no external php input or so :/
I have no idea why an AV would give you that warning :S

 

[CreonSiper]

Perhaps it started detecting Zez's shoutbox as a virus?

I'm not implying that Zez put a virus in, but it can be a false positive.

 

[FeaR]

Okay, this is REALLY awkward, I only seem to be getting it while browsing trough the 'Games' section, can anyone confirm?

 

[Blubber]

No, but I have this too ! Not only in game section !

 

[Panki]

I never had such problems I use AVG

 

[ThePro]

Well, avira has quite a strong heuristics, i've sent it to avira to see if it's a false positive, i'd guess we'll have to wait to about 17:00 german time or so, if i get a reply from avira's virus labs, i'll post a reply here.

P.S: nothing's perfect, and avira is one of the best

 

[FeaR]

Avira was rated the top AV by PCMagazines, and is rated #1 by alot of sites.

 

[Blubber]

Does it has something to do with this :

 

[Mave]

Damn you get that with every video?

 

[Mave]

BUMP; I uninstalled all packages that aren't really necessary or not even working.

Please let me know if this fixed it.

Thanks.

 

[ThePro]

I think, i'm not getting any more alerts

 

[Blubber]

I have got one !

But now I don't see the weird bug with the videos !

 

[FeaR]

I'm still getting it, and it's definitely this forum..

 

[ThePro]

not getting anymore alerts

 

[ThePro]

NVM, still getting them

 

[Mave]

Now that's so weird...

I have no clue whatsoever is causing this...

ThePro, did you get a reply from avira's virus labs yet?

 

[CreonSiper]

I'm getting Avira, Gonna see an advanced detailed description of what this is talking about.


UPDATE:
Installing now Done.


Now testing the forum. - Done, Found the warning.

I'm going to analyze this. - DONE

It's detecting a cached page of TMS Forums as a virus, I believe this is the code causing this warning:

[quote author=TMS Cache]
window.addEventListener("load", smf_codeFix, false);
function smf_codeFix()
{
var codeFix = document.getElementsByTagName ? document.getElementsByTagName("div") : document.all.tags("div");

for (var i = 0; i < codeFix.length; i )
{
if (codeFix.className == "code" && (codeFix.scrollWidth > codeFix.clientWidth || codeFix.clientWidth == 0))
[/quote]


In "codeFix" I'd see Avira detecting this type of code as a type of virus since it's trying to modify the clients browser by "ClientWidth" etc.

EDIT: Wait a minute... "window.addEventListener", That DOES not sound safe....

Here's the FULL file that's detected as a virus:

http://www.upffs.com/files/742_38A65E6Bd01

Note: This is PHP code/source, Only analyzers will understand what this is saying.