Avast JS:Pdfka-PK infection warning with jQuery.min.js but jQuery.js works good
Question
In our Client site we got Avast JS:Pdfka-PK in one of our page which has swf file. And avast is not allowing us to open this page at all. I already spent one whole day and not sure where the issue is.
Any help is greatly appreciated. Thanks in advance.
I am using Mac Mountain Lion and Chrome 33 and Avast latest version.
More Googling I found this link yes we download some files from from remote server and show. But those files are not harmful, like to know how to overcome this.
My Apologies for scattered details.
Following are my latest findings.
Following is the code which is giving the Avast warning.
surveyAccept: function() {
var page = "http://" + window.location.hostname;
var windowprops = "width=100,height=100,location=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes";
var PopWindow = window.open(page, "_blank", "", windowprops);
window.setTimeout(window.focus, 500);
if (PopWindow) {
exitSurveyHTML = this.getNewWindowHTML();
PopWindow.document.write(exitSurveyHTML);
PopWindow.document.close( );
if (navigator.userAgent.indexOf('Chrome/') > 0){
window.focus();
}
PopWindow.blur();
if (navigator.userAgent.indexOf('Firefox/4') > 0){
window.open("", "_self", "");
}
}
},
getNewWindowHTML : function (){
var exitSurveyLink = "sample link";
windowHTML = '';
windowHTML += '<!DOCTYPE HTML>';
windowHTML += '<html>';
windowHTML += '<script type="text/javascript">';
windowHTML += 'var i;';
windowHTML += 'var lastseen = window.opener.location.hostname;';
windowHTML += 'function CheckParent() {';
windowHTML += 'try {';
windowHTML += 'var host = window.opener.location.hostname;';
windowHTML += 'if (host != lastseen){';
windowHTML += 'lastseen = host;';
windowHTML += '}';
windowHTML += 'return;';
windowHTML += '} catch(error){';
windowHTML += 'clearInterval(i);';
windowHTML += 'moveTo(screen.width/2-450,screen.height/2-300);';
windowHTML += 'resizeTo(900,600);';
windowHTML += 'this.focus();';
windowHTML += 'this.location="' + exitSurveyLink + '";';
windowHTML += '}';
windowHTML += '}';
windowHTML += 'i = setInterval("CheckParent()", 500);';
windowHTML += '<\/script>';
windowHTML += '<\/body>';
windowHTML += '<\/html>';
return windowHTML;
}
The lines after Check parent is giving Avast warning if we user jQuery.min.js if I use jQuery.js I do not get Avast warning. If I compress jQuery.js using YUI compressor online I am not getting any issues with Avast.
I have also tried introducing lot of string concordination in the code still I get the Avast warning.
I like to know why I get Avast warning when I user jQuery.min.js which is given by jQuery but not in jQuery.js.
This is really strange.
2 answers
solution1
1 2014-03-24 06:27:24
Some of the normal code behaviour are mostly similar to a malware activity.
Its impossible to build a perfect detection system for any antivirus, i am hopping that auto virus detection that avast is using is conflicting with the same code structucture in the minified jquery file you have.
work around:
just download a min version from google cdn or jquery cdn and try to use it (if its not detected as any malware)
i have faced similar issue with Panda Internet security auto detection mechanism. some times more secure detection algorithm falsely catches a non malware code too.
you can report false positives here .
and wait for avast to update their database to resolve this issue.
solution2
0 2014-03-24 10:40:22
Can you try replacing the your code with the following code:
var exitSurveyLink = "http://survey.confirmit.com/";
function openSurveyPopUp()
{
var windowprops = "width=100,height=100,location=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes";
var PopWindow = window.open(exitSurveyLink, "_blank", "", windowprops);
if (PopWindow) {
var surveyHTML = this.getPopUpWindowHTMLContent();
PopWindow.document.write(surveyHTML);
PopWindow.document.close( );
}
}
function getPopUpWindowHTMLContent()
{
var windowHTML = '';
windowHTML += '<script type="text/javascript">';
windowHTML += 'var i;';
windowHTML += 'var lastseen = window.opener.location.hostname;';
windowHTML += 'function CheckParent() {';
windowHTML += 'console.log("CheckParent"+lastseen);try {';
windowHTML += 'var host = window.opener.location.hostname;';
windowHTML += 'if (host != lastseen){';
windowHTML += 'lastseen = host;';
windowHTML += '}';
windowHTML += 'document.body.innerHTML = "<center>'+new Date()+' - Please close the parent window<\/center>";';
windowHTML += 'return;';
windowHTML += '} catch(error){'; //THERE IS NO PARENT WINDOW SO IT WILL END UP IN ERROR
windowHTML += 'clearInterval(i);';
windowHTML += 'moveTo(screen.width/2-450,screen.height/2-300);';
windowHTML += 'resizeTo(900,600);';
windowHTML += 'this.focus();';
windowHTML += 'this.location="' + exitSurveyLink + '";';
windowHTML += '}';
windowHTML += '}';
windowHTML += 'i = setInterval("CheckParent()", 500);';
windowHTML += '<\/script>';
return windowHTML;
}
changes i have made:
you were writing 'html' and 'body' in document write, which wasn't necessary
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.