Jump to content

Recommended Posts

Posted

You'll probably need to give us a little more than that to go on.

According to google, Google Analytics is a server-side service that websites can envoke to track your use of the site:

Google Analytics lets you measure your advertising ROI as well as track your Flash, video, and social networking sites and applications.
It also helps you analyze visitor traffic and paint a complete picture of your audience and their needs, wherever they are along the path to purchase.



If you want to Opt-out, you can always use:


Google Analytics Opt-out Browser Add-on

To provide website visitors the ability to prevent their data from being used by Google Analytics, we have developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js).

If you want to opt-out, download and install the add-on for your web browser.
The Google Analytics opt-out add-on is designed to be compatible with Chrome, Internet Explorer 8-11, Safari, Firefox and Opera.

In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled.
Learn more about about the opt-out and how to properly install the browser add-on
here.

Posted

This is correct and probably a false positive. Depending how a web host configures GoogleAnal, the .js plugin is one way for the webmaster to track hits to his site. I think it's save for you to whitelist this, it's not a virus or malware injector. AVG has just picked up on the fact the website is using cross site scripting, and correctly rang a few alarm bells.

Posted (edited)

Are you getting this message after visiting a particular website?

.js stands for JavaScript and it is browser-based code delived to a web browser to run computer code (usually fancy menus or graphic).

Doing a google search reveals that some servers have had their google .js code compromised. This is what your AVG is detecting.

badwarebusters.org html/framer virus <-- 5 year old post. OP's host was compromised

Virus found HTML/Framer”;"Moved to Virus Vault

Suggest you download and run Malwarebytes to see if it infected your machine.

Edited by RichCor
Posted

Are you getting this message after visiting a particular website?

.js stands for JavaScript and it is browser-based code delived to a web browser to run computer code (usually fancy menus or graphic).

Doing a google search reveals that some servers have had their google .js code compromised. This is what your AVG is detecting.

He's getting the alert for www.google-analytics.com/analytics.js - this is OK

If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc.

As for your last line, No, it's google, so the .js is safe....

Registrant Name: DNS Admin

Registrant Organization: Google Inc.

Registrant Street: 1600 Amphitheatre Parkway

Registrant City: Mountain View

Registrant State/Province: CA

Registrant Postal Code: 94043

Registrant Country: US

Registrant Phone: +1.6502530000

Registrant Phone Ext:

Registrant Fax: +1.6506188571

Registrant Fax Ext:

Registrant Email: [email protected]

Posted

FWIW some AV vendors will look at the cross site javascript and mark it as malware based on it's injection method. Others however have a technology that runs in the background called "link-following" that will traverse a website and test 3rd of 4th impression links for their actions. These results in turn get put into the respective signature database and will return "safe" when a user encounters them.

Here's an example;

https://www.virustotal.com/en/file/b305235eaab62d2a74cf94ec3844bebf6905c1239ff7944f5ea85826ada1b9ae/analysis/

Posted (edited)

Yea, I'm seeing two types of responses to this.

One is that a website has been compromised (Webmaster using FTP with plain-text Name/Pass having their .js code compromised and affecting website visitors)

The second response is that AVG is throwing a HTML/FRAMER false-positive because of similare-use code in a browser extension or received from a website.

What is HTML/Framer www.htmlframer.com/

AVG detects this highly active Virus and its 93 known variants. AVG Threat Labs

If Malwarebytes doesn't find anything, then you can whitelist the website that triggered the notification ... or install a different AntiVirus Security Suite that does a better job.

Edited by RichCor
Posted

He's getting the alert for www.google-analytics.com/analytics.js - this is OK

If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc.

As for your last line, No, it's google, so the .js is safe....

What if his hosts file has been maliciously edited, or his DNS poisoned? Then that's not safe.

This could very well be a real detection.

Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

He's getting the alert for www.google-analytics.com/analytics.js - this is OK

If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc.

As for your last line, No, it's google, so the .js is safe....

What if his hosts file has been maliciously edited, or his DNS poisoned? Then that's not safe.

This could very well be a real detection.

Checking host file sanity is the first thing that's usually done in a virus scan, particularly a "quick scan" either user invoked, or on startup.

Thank you for your reply. Still the same AVG comes up with virus found html/framer www.google-analytics.com/analytics.js

The official Google Analytics site is http://www.google.com/analytics/ not google-analytics .com so the latter is likely to be malicious.

Please see the lookup i did of the site, OR run this command;

whois google-analytics.com

Please let me know what portion you are having problems understanding and why you think google-analytics.com is not a Google domain. Actually, just copy and paste from below why you are suspicious after your lengthy investigations.

Domain Name: google-analytics.com

Registry Domain ID: 185074829_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Updated Date: 2014-10-28T12:38:28-0700
Creation Date: 2005-07-18T00:00:00-0700
Registrar Registration Expiration Date: 2015-07-18T12:24:32-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: Google Inc.
Registrant Street: 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US
Registrant Phone: +1.6502530000
Registrant Phone Ext:
Registrant Fax: +1.6506188571
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: DNS Admin
Admin Organization: Google Inc.
Admin Street: 1600 Amphitheatre Parkway
Admin City: Mountain View
Admin State/Province: CA
Admin Postal Code: 94043
Admin Country: US
Admin Phone: +1.6502530000
Admin Phone Ext:
Admin Fax: +1.6506188571
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: DNS Admin
Tech Organization: Google Inc.
Tech Street: 1600 Amphitheatre Parkway
Tech City: Mountain View
Tech State/Province: CA
Tech Postal Code: 94043
Tech Country: US
Tech Phone: +1.6502530000
Tech Phone Ext:
Tech Fax: +1.6506188571
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns3.google.com
Name Server: ns2.google.com
Name Server: ns4.google.com
Name Server: ns1.google.com

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...