# Getting Kaspersky AV warning at dbstalk.com



## Barry in Conyers (Jan 14, 2008)

Starting late this afternoon, I started occasionally receiving a Kaspersky AV warning while browsing the D* forums.

4/23/2010 4:41:38 PM	Detected: Trojan.JS.Pakes.br Firefox http://adnet.media.prananc.com/b/jx/cd/?rq=103193&sid=215411720&m=714&tn=4&d=s&ct=1&t=s//JSPack

Because this did not happen on another machine running the same version of Firefox and KAV, but running adblock, I suspect that the identified trojan is associated with one of the ads.


----------



## RAD (Aug 5, 2002)

If it helps, I was over on AVS this afternoon and Norton warned me of an attack, see attached. I exited the page and then went back in and got the attack notice again so it was something on AVS that triggered it (time is CST in the alert). I've attached the Norton warning. Maybe one of the ad's from your ad servers has a trojan on it?


----------



## Stuart Sweet (Jun 19, 2006)

I've alerted the site owner and on behalf of all the staff, I apologize for the disruption.


----------



## Barry in Conyers (Jan 14, 2008)

Stuart,

No sweat; if we don't let you know, you can't do anything about it.

Barry


----------



## David Bott (Jul 12, 2005)

Hi...

Thanks for the notes.

In regards to the first one, kind fo hard to tell where that may be from as the only ads on the site are Google Adsense and then some local house ads that can not have anything bad in it. So unless you can kind of tell the ad itself, which adsense would have to serve, then it is hard for us to look into it.

In regards to the AVS one, I would have to think that is a false positive as that is the Google tracking on every page including DBStalk. Sometimes when updates come out for some of these services, they can get messed up until they fix it.

We are not seeing anything strange on our end and we do have a lot of people on the site and usually would be flooded with reports. More so on AVS.

Will keep looking, but am at a loss at this time.

Thansk


----------



## JackDobiash (Jul 20, 2005)

I too am getting warnings from my Antivirus software, Sophos, from something here, might be a false positive but I'll post my logs:

****************** Sophos Anti-Virus Log - 4/25/2010 2:39:08 AM **************

...
20100425 023459	Virus/spyware 'Mal/PDFJs-P' has been detected in "C:\Documents and Settings\JackD\Local Settings\Temporary Internet Files\Content.IE5\HI7L9Q0M\oU230d9c2eH91d0ef14V0100f060006R991f427e102Tda0346e8204l0409K36425f0c317[1].pdf".


----------



## David Bott (Jul 12, 2005)

Thanks for that, but it still did not help. It mentions a PDF file on your PC, did you happen to click on link in a thread or remember what thread you may have been in?

It could be someone added a link in a thread or an attachment that was infected and they did not know it.

Thanks


----------



## David Bott (Jul 12, 2005)

I just made a change in Adsense where it was set to allow 3rd Party ads outside of Adsense. (102 other ad sites though adsense. Augh!) So I have told it not to allow for third party ads. It may take some time to kick in so lets see what happens now. 

Note...If a service added this site to a list because of an outside influence, it could take some time to drop off IF THIS WAS the case.


----------

