pontious Posted December 16, 2014 Share Posted December 16, 2014 Just bought a new computer and keep getting an AVG Detection of the above. Framer it says but nothing after I scan. Any ideas? Link to comment Share on other sites More sharing options...
RichCor Posted December 16, 2014 Share Posted December 16, 2014 You'll probably need to give us a little more than that to go on.According to google, Google Analytics is a server-side service that websites can envoke to track your use of the site: Google Analytics lets you measure your advertising ROI as well as track your Flash, video, and social networking sites and applications. It also helps you analyze visitor traffic and paint a complete picture of your audience and their needs, wherever they are along the path to purchase. If you want to Opt-out, you can always use: Google Analytics Opt-out Browser Add-on To provide website visitors the ability to prevent their data from being used by Google Analytics, we have developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). If you want to opt-out, download and install the add-on for your web browser.The Google Analytics opt-out add-on is designed to be compatible with Chrome, Internet Explorer 8-11, Safari, Firefox and Opera.In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled.Learn more about about the opt-out and how to properly install the browser add-on here. Link to comment Share on other sites More sharing options...
pontious Posted December 16, 2014 Author Share Posted December 16, 2014 Thank you for your reply. Still the same AVG comes up with virus found html/framer www.google-analytics.com/analytics.js Link to comment Share on other sites More sharing options...
phazey Posted December 16, 2014 Share Posted December 16, 2014 This is correct and probably a false positive. Depending how a web host configures GoogleAnal, the .js plugin is one way for the webmaster to track hits to his site. I think it's save for you to whitelist this, it's not a virus or malware injector. AVG has just picked up on the fact the website is using cross site scripting, and correctly rang a few alarm bells. Link to comment Share on other sites More sharing options...
RichCor Posted December 16, 2014 Share Posted December 16, 2014 (edited) Are you getting this message after visiting a particular website? .js stands for JavaScript and it is browser-based code delived to a web browser to run computer code (usually fancy menus or graphic). Doing a google search reveals that some servers have had their google .js code compromised. This is what your AVG is detecting. badwarebusters.org html/framer virus <-- 5 year old post. OP's host was compromised Virus found HTML/Framer”;"Moved to Virus Vault Suggest you download and run Malwarebytes to see if it infected your machine. Edited December 16, 2014 by RichCor Link to comment Share on other sites More sharing options...
phazey Posted December 16, 2014 Share Posted December 16, 2014 Are you getting this message after visiting a particular website? .js stands for JavaScript and it is browser-based code delived to a web browser to run computer code (usually fancy menus or graphic). Doing a google search reveals that some servers have had their google .js code compromised. This is what your AVG is detecting. He's getting the alert for www.google-analytics.com/analytics.js - this is OK If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc. As for your last line, No, it's google, so the .js is safe.... Registrant Name: DNS Admin Registrant Organization: Google Inc. Registrant Street: 1600 Amphitheatre Parkway Registrant City: Mountain View Registrant State/Province: CA Registrant Postal Code: 94043 Registrant Country: US Registrant Phone: +1.6502530000 Registrant Phone Ext: Registrant Fax: +1.6506188571 Registrant Fax Ext: Registrant Email: [email protected] Link to comment Share on other sites More sharing options...
phazey Posted December 16, 2014 Share Posted December 16, 2014 FWIW some AV vendors will look at the cross site javascript and mark it as malware based on it's injection method. Others however have a technology that runs in the background called "link-following" that will traverse a website and test 3rd of 4th impression links for their actions. These results in turn get put into the respective signature database and will return "safe" when a user encounters them. Here's an example; https://www.virustotal.com/en/file/b305235eaab62d2a74cf94ec3844bebf6905c1239ff7944f5ea85826ada1b9ae/analysis/ Link to comment Share on other sites More sharing options...
RichCor Posted December 16, 2014 Share Posted December 16, 2014 (edited) Yea, I'm seeing two types of responses to this. One is that a website has been compromised (Webmaster using FTP with plain-text Name/Pass having their .js code compromised and affecting website visitors) The second response is that AVG is throwing a HTML/FRAMER false-positive because of similare-use code in a browser extension or received from a website. What is HTML/Framer www.htmlframer.com/ AVG detects this highly active Virus and its 93 known variants. AVG Threat Labs If Malwarebytes doesn't find anything, then you can whitelist the website that triggered the notification ... or install a different AntiVirus Security Suite that does a better job. Edited December 16, 2014 by RichCor Link to comment Share on other sites More sharing options...
IMHO Posted December 16, 2014 Share Posted December 16, 2014 He's getting the alert for www.google-analytics.com/analytics.js - this is OK If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc. As for your last line, No, it's google, so the .js is safe.... What if his hosts file has been maliciously edited, or his DNS poisoned? Then that's not safe. This could very well be a real detection. Link to comment Share on other sites More sharing options...
Xircal Posted December 17, 2014 Share Posted December 17, 2014 Thank you for your reply. Still the same AVG comes up with virus found html/framer www.google-analytics.com/analytics.js The official Google Analytics site is http://www.google.com/analytics/ not google-analytics .com so the latter is likely to be malicious. Link to comment Share on other sites More sharing options...
phazey Posted December 17, 2014 Share Posted December 17, 2014 <script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script> He's getting the alert for www.google-analytics.com/analytics.js - this is OK If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc. As for your last line, No, it's google, so the .js is safe.... What if his hosts file has been maliciously edited, or his DNS poisoned? Then that's not safe. This could very well be a real detection. Checking host file sanity is the first thing that's usually done in a virus scan, particularly a "quick scan" either user invoked, or on startup. Thank you for your reply. Still the same AVG comes up with virus found html/framer www.google-analytics.com/analytics.js The official Google Analytics site is http://www.google.com/analytics/ not google-analytics .com so the latter is likely to be malicious. Please see the lookup i did of the site, OR run this command; whois google-analytics.com Please let me know what portion you are having problems understanding and why you think google-analytics.com is not a Google domain. Actually, just copy and paste from below why you are suspicious after your lengthy investigations. Domain Name: google-analytics.com Registry Domain ID: 185074829_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2014-10-28T12:38:28-0700 Creation Date: 2005-07-18T00:00:00-0700 Registrar Registration Expiration Date: 2015-07-18T12:24:32-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited Domain Status: clientTransferProhibited Domain Status: clientDeleteProhibited Registry Registrant ID: Registrant Name: DNS Admin Registrant Organization: Google Inc. Registrant Street: 1600 Amphitheatre Parkway Registrant City: Mountain View Registrant State/Province: CA Registrant Postal Code: 94043 Registrant Country: US Registrant Phone: +1.6502530000 Registrant Phone Ext: Registrant Fax: +1.6506188571 Registrant Fax Ext: Registrant Email: [email protected] Registry Admin ID: Admin Name: DNS Admin Admin Organization: Google Inc. Admin Street: 1600 Amphitheatre Parkway Admin City: Mountain View Admin State/Province: CA Admin Postal Code: 94043 Admin Country: US Admin Phone: +1.6502530000 Admin Phone Ext: Admin Fax: +1.6506188571 Admin Fax Ext: Admin Email: [email protected] Registry Tech ID: Tech Name: DNS Admin Tech Organization: Google Inc. Tech Street: 1600 Amphitheatre Parkway Tech City: Mountain View Tech State/Province: CA Tech Postal Code: 94043 Tech Country: US Tech Phone: +1.6502530000 Tech Phone Ext: Tech Fax: +1.6506188571 Tech Fax Ext: Tech Email: [email protected] Name Server: ns3.google.com Name Server: ns2.google.com Name Server: ns4.google.com Name Server: ns1.google.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now